Add support for 'mysql_clear_password' #2225
Conversation
Originally, would only allow user-set flags that disable a flag enabled by default. Now it will also allow user-set flags that enable a flag that is disabled by default.
There was a problem hiding this comment.
Awesome, thanks so much! Before we land this we need some kind of tests in our test suite for this auth method and how it is working so we can make sure it stays working for you.
You're welcome to update your pr to add this, can wait for someone else to add this, or if there are questions you can ask and I can try and help you make the tests 👍
|
@dougwilson Ok, I would like to help with the tests, but I don't know how to start. I've tested this with my school's database, but I obviously would not want to included my credentials for it in a test. What would we use to test it? |
|
Hi @nmggithub ! So this module contains an automated test suite. The overview of what to include in a contribution can be found in our contributing section of the README: https://github.com/mysqljs/mysql#contributing Ideally you could add a new integration test to test against a database that is set up with a clear password auth pugin, but you can also make a unit test that uses the fake server and you'll need to implement how the server does clear auth if you go that route, though. |
|
Also @nmggithub can you clarify how this solves #2001 ? The user who opened the issue is showing they are using |
|
@dougwilson Apologies for the late reply, as I have been busy. Looking closer, it does seem I was mistaken is saying this solves #2001 , but only inasmuch as it pertains to the |
|
@dougwilson Ok I found solution for #2001 (but seeing as I am locked from commenting, I didn't know where to put this, so I'm putting it here). The error in that issue is due to the fact that the auth method is TL;DR: This pull request does NOT fix #2001 as that is a server-side issue. This pull request DOES add support for MariaDB servers that use the PAM authentication plugin, though. P.S. sorry for the mess |
nmggithub
force-pushed
the
master
branch
5 times, most recently
from
32882a2 to
3607c4c
Compare
|
@dougwilson tests have been added. Apologies for the multiple commits. I was having issues with my git client. Anyway, I spun up a DigitalOcean droplet, and setup a server there and tested against it. It works, but I don't want to send the credentials publicly here. Is there a way I can privately send them to you / show how to run the tests? |
|
Deleted bad test. |
|
Hi @nmggithub sorry I have been away over the weekend. So I don't need your credentials to your own test servers :) The idea for the tests is that they will run on the CI infrastructure here and that they would test the supported features using the CI servers provided by the Travis CI platform. The idea is that if you want to make an integration test (based on the files checked in) then you'll want to probably edit the I hope that makes sense. Please let me know if you need any help. I'll be back online again on Monday :) ! |
|
@dougwilson The issue is the plugin is actually serverside. If a user is authenticated via PAM, as previously explained, the server will ask via that plugin. So I cannot make such a user on the client side. |
|
Hi @nmggithub that is unfortinate. I will close this PR for now and you can always re-open if you can get some automated tests created. The tests are run on the CI server along with the server-side so it should be possible to do. Perhaps you could even open an issue about this feature to describe it and someone else (perhaps me when I get some time) can help implement the support in this module along with the proper tests? |
This addition is two-fold. First of all, it allows user-set flags to enable flags that were disabled by default. This allows users to enable the PLUGIN_AUTH flag. Second and finally, it adds a case auth handler for the 'mysql_clear_password' auth plugin. This case simply returns the password, in plain text, as a buffer. These both work in conjunction to allow for users to connect to databases that request the 'mysql_clear_password' plugin.
This solves #2001This enables support for MariaDB servers using the PAM Authentication Plugin, the user just has to addflags: ['+PLUGIN_AUTH']to their options object. I could have changed the default for this flag, but I am unaware of the consequences of enabling it by default, so I left it up to the user to enable it. This is tested and works on my machine for a MariaDB database provided by my university for my database course.