* fix(pg-protocol): specify number of result column format codes
Fixes a bug when binary format. We must specify both:
- the number of result column format codes
- the result column format codes
The text format case was working by accident. When using text format, the
intention was to set the format code to 0. Instead, we set the number
of result column format codes was set to 0. This is valid because it indicates
that all result columns should use the default format (text).
When using binary format, the intention was to set the format code to 1.
Instead, we set the number of result column format codes to 1.
Importantly, we never set a result column format code. This caused an
error: 'insufficient data left in message'.
We now always set the number of result column format codes to '1'. The
value of '1' has special meaning:
> or one, in which case the specified format code is applied to all result columns (if any)
We then set a single column format code based on whether the connection
(or query) is set to binary.
Fixes#3487
* fix(pg): use a Buffer when parsing binary
The call to parseArray was not working as expected because the value was
being sent as a string instead of a Buffer. The binary parsers in
pg-types all assume the incoming value is a Buffer.
* change instanceof to isDate
* use both methods to check for valid Date
* add test for PR 2862
* use only isDate(date) in place of instanceof Date
* Extend compatibility of `isDate` use back to Node 8
* Clean up test
---------
Co-authored-by: Charmander <~@charmander.me>
Reviewed-by: Charmander <~@charmander.me>
* Added support for SCRAM-SHA-256-PLUS i.e. channel binding
* Requested tweaks to channel binding
* Additional tweaks to channel binding
* Fixed lint complaints
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/client.js
Co-authored-by: Charmander <~@charmander.me>
* Tweaks to channel binding
* Now using homegrown certificate signature algorithm identification
* Update ssl.mdx with channel binding changes
* Allow for config object being undefined when assigning enableChannelBinding
* Fixed a test failing on an updated error message
* Removed - from hash names like SHA-256 for legacy crypto (Node 14 and below)
* Removed packageManager key from package.json
* Added some SASL/channel binding unit tests
* Added a unit test for continueSession to check expected SASL session data
* Modify tests: don't require channel binding (which cannot then work) if not using SSL
---------
Co-authored-by: Charmander <~@charmander.me>
* Handle bad message ordering - make it catchable. Fixes 3174
* Close client in test
* Mess w/ github action settings
* update ci config
* Remove redundant tests
* Update code to use handle error event
* Add tests for commandComplete message being out of order
* Lint fix
* Fix native tests
* Fix lint again...airport computer not my friend
* Not a native issue
* Remove assert from globals
* Remove Client from globals
* Remove global test function
* Remove MemoryStream from globals
* Require assert in SASL integration tests
* Attempt to use a postgres with ssl?
* Use latest image
* Remove connection tests - they test internals that are better covered by testint the client
When enabling this rule, it's recommended to also *disable* the standard `no-unused-vars` rule. Although `no-unused-vars` is not currently enabled, it seems helpful to explicitly disable it here.
See: https://typescript-eslint.io/rules/no-unused-vars/
Co-authored-by: alxndrsn <alxndrsn>
This feature can be used as follows:
```
client.query({ text: 'SELECT 1', queryMode: 'extended' })
```
This will force the query to be sent with parse/bind/execute even when it has no parameters and disallows multiple statements being executed. This can be useful in scenarios where you want to enforce more security & help prevent sql injection attacks...particularly by library authors.
---------
Co-authored-by: alxndrsn <alxndrsn>
Co-authored-by: Brian Carlson <brian.m.carlson@gmail.com>
* Fail gracefully when connecting to other SGDB vendor
* Make test more flexible. Adjust error wording to match native better.
---------
Co-authored-by: Brian Carlson <brian.m.carlson@gmail.com>
* Add failing test for result rows with the same column names
* Fix handling of duplicate column names in results to ensure last value is populated
Fixes handling of result rows that have the same column name duplicated in the results to ensure
that the last value is the one returned to the user. This was the old behavior but unintentionally
broken when the pre-built object optimization was added.
* fix stack traces of query() to include the async context (#1762)
* rename tests so they are actually run
* conditionally only run async stack trace tests on node 16+
* add stack trace to pg-native
---------
Co-authored-by: Charmander <~@charmander.me>
* fix: double client.end() hang
fixes https://github.com/brianc/node-postgres/issues/2716
`client.end()` will resolve early if the connection is already dead,
rather than waiting for an "end" event that will never arrive.
* fix: client.end() resolves when socket is fully closed
* Enable SASL tests in GitHub actions CI
* Add SASL test to ensure that client password is a string
* Fix SASL error handling to emit and bubble up errors
* Add informative error when SASL password is empty string
* pg: Re-export DatabaseError from 'pg-protocol'
Before, users would have to import DatabaseError from 'pg-protocol'. If
there are multiple versions of 'pg-protocol', you might end up using the
wrong one.
Closes#2378
* Update error-handling-tests.js
* Update query-error-handling-tests.js
Co-authored-by: Brian C <brian.m.carlson@gmail.com>
* Make tests pass in github codespaces
There were a few tests which didn't specify a host or port which wasn't working well inside the codespaces docker environment. Added host & port where required. Also noticed one test wasn't actually _testing_, it was just `console.log`-ing its output, so I added proper assertions there. Finally set `PGTESTNOSSL: true` in the codespaces environment until I can get the postgres docker container configured w/ SSL...which I will do l8r.
* lint
Replaces __dirname concatentation in pg test scripts so that editors like
VS Code can automatically generate typings and support code navigation (F12).
* Drop support for EOL versions of node (#2062)
* Drop support for EOL versions of node
* Re-add testing for node@8.x
* Revert changes to .travis.yml
* Update packages/pg-pool/package.json
Co-Authored-By: Charmander <~@charmander.me>
Co-authored-by: Charmander <~@charmander.me>
* Remove password from stringified outputs (#2066)
* Remove password from stringified outputs
Theres a security concern where if you're not careful and you include your client or pool instance in console.log or stack traces it might include the database password. To widen the pit of success I'm making that field non-enumerable. You can still get at it...it just wont show up "by accident" when you're logging things now.
The backwards compatiblity impact of this is very small, but it is still technically somewhat an API change so...8.0.
* Implement feedback
* Fix more whitespace the autoformatter changed
* Simplify code a bit
* Remove password from stringified outputs (#2070)
* Keep ConnectionParameters’s password property writable
`Client` writes to it when `password` is a function.
* Avoid creating password property on pool options
when it didn’t exist previously.
* Allow password option to be non-enumerable
to avoid breaking uses like `new Pool(existingPool.options)`.
* Make password property definitions consistent
in formatting and configurability.
Co-authored-by: Charmander <~@charmander.me>
* Make `native` non-enumerable (#2065)
* Make `native` non-enumerable
Making it non-enumerable means less spurious "Cannot find module"
errors in your logs when iterating over `pg` objects.
`Object.defineProperty` has been available since Node 0.12.
See https://github.com/brianc/node-postgres/issues/1894#issuecomment-543300178
* Add test for `native` enumeration
Co-authored-by: Gabe Gorelick <gabegorelick@gmail.com>
* Use class-extends to wrap Pool (#1541)
* Use class-extends to wrap Pool
* Minimize diff
* Test `BoundPool` inheritance
Co-authored-by: Charmander <~@charmander.me>
Co-authored-by: Brian C <brian.m.carlson@gmail.com>
* Continue support for creating a pg.Pool from another instance’s options (#2076)
* Add failing test for creating a `BoundPool` from another instance’s settings
* Continue support for creating a pg.Pool from another instance’s options
by dropping the requirement for the `password` property to be enumerable.
* Use user name as default database when user is non-default (#1679)
Not entirely backwards-compatible.
* Make native client password property consistent with others
i.e. configurable.
* Make notice messages not an instance of Error (#2090)
* Make notice messages not an instance of Error
Slight API cleanup to make a notice instance the same shape as it was, but not be an instance of error. This is a backwards incompatible change though I expect the impact to be minimal.
Closes#1982
* skip notice test in travis
* Pin node@13.6 for regression in async iterators
* Check and see if node 13.8 is still borked on async iterator
* Yeah, node still has changed edge case behavior on stream
* Emit notice messages on travis
* Revert "Revert "Support additional tls.connect() options (#1996)" (#2010)" (#2113)
This reverts commit 510a273ce45fb73d0355cf384e97ea695c8a5bcc.
* Fix ssl tests (#2116)
* Convert Query to an ES6 class (#2126)
The last missing `new` deprecation warning for pg 8.
Co-authored-by: Charmander <~@charmander.me>
Co-authored-by: Gabe Gorelick <gabegorelick@gmail.com>
Co-authored-by: Natalie Wolfe <natalie@lifewanted.com>
* Call callback when end called on unconnected client
Closes#2108
* Revert a bit of the change
* Use readyState because pending doesn't exist in node 8.x
* Update packages/pg/lib/client.js
use bring your own promise
Co-Authored-By: Charmander <~@charmander.me>
Co-authored-by: Charmander <~@charmander.me>
When error happens on socket, potentially dead socket is kept open indefinitely by calling "connection.end()".
Similar issue is that it keeps socket open until long-running query is finished even though the connection was ended.
* Remove double-send of ssl request packet
I missed the fact that we are already sending this. Since I don't have good test coverage for ssl [which I am planning on fixing next](https://github.com/brianc/node-postgres/issues/2009) this got missed.
I'm forcing an SSL test on travis. This will break for me locally as I don't have SSL enabled on my local test DB. Something I will also remedy.
