* Added support for SCRAM-SHA-256-PLUS i.e. channel binding
* Requested tweaks to channel binding
* Additional tweaks to channel binding
* Fixed lint complaints
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/crypto/sasl.js
Co-authored-by: Charmander <~@charmander.me>
* Update packages/pg/lib/client.js
Co-authored-by: Charmander <~@charmander.me>
* Tweaks to channel binding
* Now using homegrown certificate signature algorithm identification
* Update ssl.mdx with channel binding changes
* Allow for config object being undefined when assigning enableChannelBinding
* Fixed a test failing on an updated error message
* Removed - from hash names like SHA-256 for legacy crypto (Node 14 and below)
* Removed packageManager key from package.json
* Added some SASL/channel binding unit tests
* Added a unit test for continueSession to check expected SASL session data
* Modify tests: don't require channel binding (which cannot then work) if not using SSL
---------
Co-authored-by: Charmander <~@charmander.me>
* Remove assert from globals
* Remove Client from globals
* Remove global test function
* Remove MemoryStream from globals
* Require assert in SASL integration tests
* Attempt to use a postgres with ssl?
* Use latest image
* Remove connection tests - they test internals that are better covered by testint the client
When enabling this rule, it's recommended to also *disable* the standard `no-unused-vars` rule. Although `no-unused-vars` is not currently enabled, it seems helpful to explicitly disable it here.
See: https://typescript-eslint.io/rules/no-unused-vars/
Co-authored-by: alxndrsn <alxndrsn>
* Document client.escapeIdentifier and client.escapeLiteral
Per #1978 it seems that these client APIs are undocumented. Added documentation for these functions along with some examples and relevant links.
* Fix typos in new docs
* Migrate escapeIdentifier and escapeLiteral from Client to PG
These are standalone utility functions, they do not need a client instance to function.
Changes made:
- Refactored escapeIdentifer and escapeLiteral from client class to functions in utils
- Update PG to export escapeIdentifier and escapeLiteral
- Migrated tests for Client.escapeIdentifier and Client.escapeLiteral to tests for utils
- Updated documentation, added a "utilities" page where these helpers are discussed
**note** this is a breaking change. Users who used these functions (previously undocumented) on instances of Client, or via Client.prototype.
* Export escapeIdentifier and escapeLiteral from PG
These are standalone utility functions, they should not depend on a client instance.
Changes made:
- Refactored escapeIdentifer and escapeLiteral from client class to functions in utils
- Re-exported functions on client for backwards compatibility
- Update PG to export escapeIdentifier and escapeLiteral
- Updated tests to validate the newly exported functions from both entry points
- Updated documentation, added a "utilities" page where these helpers are discussed
* Ensure escape functions work via Client.prototype
Updated changes such that escapeIdentifier and escapeLiteral are usable via the client prototype
Updated tests to check for both entry points in client
* Enable SASL tests in GitHub actions CI
* Add SASL test to ensure that client password is a string
* Fix SASL error handling to emit and bubble up errors
* Add informative error when SASL password is empty string
* Add sha256 SASL helper
* Rename internal createHMAC(...) to hmacSha256(...)
* Add parseAttributePairs(...) helper for SASL
* Tighten arg checks in SASL xorBuffers(...)
* Add SASL nonce check for printable chars
* Add SASL server salt and server signature base64 validation
* Add check for non-empty SASL server nonce
* Rename SASL helper to parseServerFirstMessage(...)
* Add parameter validation to SASL continueSession(...)
* Split out SASL final message parsing into parseServerFinalMessage(...)
* Fix SCRAM tests
Removes custom assert.throws(...) so that the real one from the assert package is used and
fixes the SCRAM tests to reflect the updated error messages and actual checking of errors.
Previously the custom assert.throws(...) was ignoring the error signature validation.
Replaces __dirname concatentation in pg test scripts so that editors like
VS Code can automatically generate typings and support code navigation (F12).
The `readyState` of a newly-created `net.Socket` changed from `'closed'` to `'open'` in Node 14.0.0, so this makes the JS driver work on Node 14.
`Connection` now always calls `connect` on its `stream` when `connect` is called on it.
* Fix tests skipped because of missing suffixes
Mocha will happen eventually!
* Skip password tests when they can’t work
Will be made more visible when tests are ported to Mocha.
* Add testing with a user with a password to CI
Should reveal a bug in the password enumerability work, I think.
* Explain new CI matrix entry for password authentication
[ci skip]
