Merge pull request #2198 from brianc/benhjames-bhsj/noverify

Add no-verify ssl option
2025-12-08 20:16:25 +00:00 · 2020-05-07 14:56:05 -05:00 · 2020-05-07 14:56:05 -05:00 · 70cf4dc6ed
commit 70cf4dc6ed
parent 2b7e4b9399 7929f6ae44
3 changed files with 49 additions and 24 deletions
--- a/packages/pg/lib/connection-parameters.js
+++ b/packages/pg/lib/connection-parameters.js
@ -25,7 +25,7 @@ var val = function (key, config, envVar) {
  return config[key] || envVar || defaults[key]
 }

-var useSsl = function () {
+var readSSLConfigFromEnvironment = function () {
  switch (process.env.PGSSLMODE) {
    case 'disable':
      return false
@ -34,6 +34,8 @@ var useSsl = function () {
    case 'verify-ca':
    case 'verify-full':
      return true
+    case 'no-verify':
+      return { rejectUnauthorized: false }
  }
  return defaults.ssl
 }
@ -68,7 +70,14 @@ var ConnectionParameters = function (config) {
  })

  this.binary = val('binary', config)
-  this.ssl = typeof config.ssl === 'undefined' ? useSsl() : config.ssl
+
+  this.ssl = typeof config.ssl === 'undefined' ? readSSLConfigFromEnvironment() : config.ssl
+
+  // support passing in ssl=no-verify via connection string
+  if (this.ssl === 'no-verify') {
+    this.ssl = { rejectUnauthorized: false }
+  }
+
  this.client_encoding = val('client_encoding', config)
  this.replication = val('replication', config)
  // a domain socket begins with '/'
--- a/packages/pg/test/unit/client/configuration-tests.js
+++ b/packages/pg/test/unit/client/configuration-tests.js
@ -1,5 +1,6 @@
 'use strict'
 require(__dirname + '/test-helper')
+var assert = require('assert')

 var pguser = process.env['PGUSER'] || process.env.USER
 var pgdatabase = process.env['PGDATABASE'] || process.env.USER
--- a/packages/pg/test/unit/connection-parameters/environment-variable-tests.js
+++ b/packages/pg/test/unit/connection-parameters/environment-variable-tests.js
@ -1,5 +1,7 @@
 'use strict'
 var helper = require(__dirname + '/../test-helper')
+const Suite = require('../../suite')
+
 var assert = require('assert')
 var ConnectionParameters = require(__dirname + '/../../../lib/connection-parameters')
 var defaults = require(__dirname + '/../../../lib').defaults
@ -11,7 +13,17 @@ for (var key in process.env) {
  delete process.env[key]
 }

-test('ConnectionParameters initialized from environment variables', function (t) {
+const suite = new Suite('ConnectionParameters')
+
+const clearEnv = () => {
+  // clear process.env
+  for (var key in process.env) {
+    delete process.env[key]
+  }
+}
+
+suite.test('ConnectionParameters initialized from environment variables', function () {
+  clearEnv()
  process.env['PGHOST'] = 'local'
  process.env['PGUSER'] = 'bmc2'
  process.env['PGPORT'] = 7890
@ -26,7 +38,13 @@ test('ConnectionParameters initialized from environment variables', function (t)
  assert.equal(subject.password, 'open', 'env password')
 })

-test('ConnectionParameters initialized from mix', function (t) {
+suite.test('ConnectionParameters initialized from mix', function () {
+  clearEnv()
+  process.env['PGHOST'] = 'local'
+  process.env['PGUSER'] = 'bmc2'
+  process.env['PGPORT'] = 7890
+  process.env['PGDATABASE'] = 'allyerbase'
+  process.env['PGPASSWORD'] = 'open'
  delete process.env['PGPASSWORD']
  delete process.env['PGDATABASE']
  var subject = new ConnectionParameters({
@ -40,12 +58,8 @@ test('ConnectionParameters initialized from mix', function (t) {
  assert.equal(subject.password, defaults.password, 'defaults password')
 })

-// clear process.env
-for (var key in process.env) {
-  delete process.env[key]
-}
-
-test('connection string parsing', function (t) {
+suite.test('connection string parsing', function () {
+  clearEnv()
  var string = 'postgres://brian:pw@boom:381/lala'
  var subject = new ConnectionParameters(string)
  assert.equal(subject.host, 'boom', 'string host')
@ -55,7 +69,10 @@ test('connection string parsing', function (t) {
  assert.equal(subject.database, 'lala', 'string database')
 })

-test('connection string parsing - ssl', function (t) {
+suite.test('connection string parsing - ssl', function () {
+  // clear process.env
+  clearEnv()
+
  var string = 'postgres://brian:pw@boom:381/lala?ssl=true'
  var subject = new ConnectionParameters(string)
  assert.equal(subject.ssl, true, 'ssl')
@ -75,27 +92,24 @@ test('connection string parsing - ssl', function (t) {
  string = 'postgres://brian:pw@boom:381/lala'
  subject = new ConnectionParameters(string)
  assert.equal(!!subject.ssl, false, 'ssl')
+
+  string = 'postgres://brian:pw@boom:381/lala?ssl=no-verify'
+  subject = new ConnectionParameters(string)
+  assert.deepStrictEqual(subject.ssl, { rejectUnauthorized: false }, 'ssl')
 })

-// clear process.env
-for (var key in process.env) {
-  delete process.env[key]
-}
-
-test('ssl is false by default', function () {
+suite.test('ssl is false by default', function () {
+  clearEnv()
  var subject = new ConnectionParameters()
  assert.equal(subject.ssl, false)
 })

 var testVal = function (mode, expected) {
-  // clear process.env
-  for (var key in process.env) {
-    delete process.env[key]
-  }
-  process.env.PGSSLMODE = mode
-  test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () {
+  suite.test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () {
+    clearEnv()
+    process.env.PGSSLMODE = mode
    var subject = new ConnectionParameters()
-    assert.equal(subject.ssl, expected)
+    assert.deepStrictEqual(subject.ssl, expected)
  })
 }

@ -106,6 +120,7 @@ testVal('prefer', true)
 testVal('require', true)
 testVal('verify-ca', true)
 testVal('verify-full', true)
+testVal('no-verify', { rejectUnauthorized: false })

 // restore process.env
 for (var key in realEnv) {