Skip to content

Add support for SCRAM-SHA-256 authentication. #437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
elprans merged 1 commit into from
May 8, 2019
Merged

Add support for SCRAM-SHA-256 authentication. #437

elprans merged 1 commit into from
May 8, 2019

Conversation

@jkatz
Copy link
Contributor

@jkatz jkatz commented Apr 30, 2019

SCRAM-SHA-256 authentication was introduced in PostgreSQL 10 as a better way
for handling password based authentication.

This implementation follows the guidance provided in the documentation, i.e.

https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256

A detailed, high-level explanation for how it works is provided in the definition for the SCRAMAuthentication class.

This implementation does not support channel binding (added in PostgreSQL 11) as there is still some ongoing discussion in the community for how it should be handled.

This should satisfy the requirements for #314
@jkatz jkatz mentioned this pull request Apr 30, 2019
Closed
@jkatz jkatz force-pushed the scram branch 4 times, most recently from 78fcf00 to c402a27 Compare April 30, 2019 16:33
@jkatz
Copy link
Contributor Author

jkatz commented Apr 30, 2019

OK, after a couple of tries through the full test suite, all the tests are now passing (most of the adjustments were around making the code Python 3.5 compatible).

Open to feedback. Thanks!
elprans
elprans reviewed Apr 30, 2019
View reviewed changes
Copy link
Member

@elprans elprans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! Please address the review comments. Thanks!
asyncpg/protocol/coreproto.pyx Outdated
self._push_result()

elif self.auth_msg is not None:
# First, need to determine if this is
Copy link
Member

@elprans elprans Apr 30, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?
@jkatz
Copy link
Contributor Author

jkatz commented May 1, 2019

@elprans Thanks for the review! I've made all the requested changes.

For the implementation of SASLPrep I followed along the C implementation as while the docs are great, I figured this is the authority.

It also looks like one of the tests failed due to a momentary DNS issue with Github: https://ci.appveyor.com/project/MagicStack/asyncpg/builds/24236176/job/i0xdab9iw4knis1x
elprans
elprans reviewed May 6, 2019
View reviewed changes
@elprans
Copy link
Member

elprans commented May 6, 2019

One last thing: please move class SCRAMAuthentication into a separate pyx file and include it in coreproto.pyx. The latter is big as it is. Other than that, looks good! Thanks!
@jkatz
Add support for SCRAM-SHA-256 authentication.
03dcf09 
SCRAM-SHA-256 authentication was introduced in PostgreSQL 10 as a better way for handling password based authentication. This implementation follows the guidance provided in the documentation, i.e. https://www.postgresql.org/docs/current/sasl-authentication.html#SASL-SCRAM-SHA-256
@jkatz
Copy link
Contributor Author

jkatz commented May 7, 2019

@elprans Agreed; I have broken it out into a separate file. Thanks!
@elprans elprans merged commit 2d76f50 into MagicStack:master May 8, 2019
@elprans
Copy link
Member

elprans commented May 8, 2019

Merged. Thanks!
@jkatz
Copy link
Contributor Author

jkatz commented May 8, 2019

Awesome, thanks for working on this with me @elprans!
@jkatz jkatz mentioned this pull request Jun 11, 2019
Closed
@pohmelie pohmelie mentioned this pull request Oct 9, 2019
Closed
@fantix fantix mentioned this pull request Oct 28, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@jkatz @elprans