md5 password hash impl

Author: tanner0101

Package.swift

@@ -12,6 +12,9 @@ let package = Package(
 
         // Core extensions, type-aliases, and functions that facilitate common tasks.
         .package(url: "https://github.com/vapor/core.git", .branch("beta")),
+        
+        // Cryptography modules (formerly CryptoKitten)
+        .package(url: "https://github.com/vapor/crypto.git", .branch("beta")),
 
         // Core services for creating database integrations.
         .package(url: "https://github.com/vapor/database-kit.git", .branch("beta")),
@@ -26,7 +29,7 @@ let package = Package(
         .package(url: "https://github.com/vapor/sockets.git", .branch("beta")),
     ],
     targets: [
-        .target(name: "PostgreSQL", dependencies: ["Async", "Bits", "DatabaseKit", "Service", "TCP"]),
+        .target(name: "PostgreSQL", dependencies: ["Async", "Bits", "Crypto", "DatabaseKit", "Service", "TCP"]),
         .testTarget(name: "PostgreSQLTests", dependencies: ["PostgreSQL"]),
     ]
 )

Sources/PostgreSQL/Connection/PostgreSQLConnection.swift

@@ -1,4 +1,5 @@
 import Async
+import Crypto
 
 /// A PostgreSQL frontend client.
 public final class PostgreSQLConnection {
@@ -52,7 +53,7 @@ public final class PostgreSQLConnection {
     }
 
     /// Authenticates the `PostgreSQLClient` using a username with no password.
-    public func authenticate(username: String, database: String? = nil) -> Future<Void> {
+    public func authenticate(username: String, database: String? = nil, password: String? = nil) -> Future<Void> {
         let startup = PostgreSQLStartupMessage.versionThree(parameters: [
             "user": username,
             "database": database ?? username
@@ -70,18 +71,55 @@ public final class PostgreSQLConnection {
                 throw PostgreSQLError(identifier: "authRequest", reason: "No authorization request / status sent.")
             }
 
+            let input: [PostgreSQLMessage]
             switch auth {
-            case .ok: return .done
-            case .plaintext: throw PostgreSQLError(identifier: "plaintext", reason: "Plaintext password not supported. Use MD5.")
+            case .ok:
+                guard password == nil else {
+                    throw PostgreSQLError(identifier: "trust", reason: "No password is required")
+                }
+                input = []
+            case .plaintext:
+                guard let password = password else {
+                    throw PostgreSQLError(identifier: "password", reason: "Password is required")
+                }
+                let passwordMessage = PostgreSQLPasswordMessage(password: password)
+                input = [.password(passwordMessage)]
             case .md5(let salt):
-                /// FIXME: hash password
-                let password = PostgreSQLPasswordMessage(password: "123")
-                return self.queueStream.enqueue([.password(password)]) { message in
-                    switch message {
-                    case .error(let error):
-                        throw error
-                    default: return true
-                    }
+                guard let password = password else {
+                    throw PostgreSQLError(identifier: "password", reason: "Password is required")
+                }
+                guard let passwordData = password.data(using: .utf8) else {
+                    throw PostgreSQLError(identifier: "passwordUTF8", reason: "Could not convert password to UTF-8 encoded Data.")
+                }
+
+                guard let usernameData = username.data(using: .utf8) else {
+                    throw PostgreSQLError(identifier: "usernameUTF8", reason: "Could not convert username to UTF-8 encoded Data.")
+                }
+
+                let hasher = MD5()
+                // pwdhash = md5(password + username).hexdigest()
+                var passwordUsernameData = passwordData + usernameData
+                hasher.update(sequence: &passwordUsernameData)
+                hasher.finalize()
+                guard let pwdhash = hasher.hash.hexString.data(using: .utf8) else {
+                    throw PostgreSQLError(identifier: "hashUTF8", reason: "Could not convert password hash to UTF-8 encoded Data.")
+                }
+                hasher.reset()
+                // hash = ′ md 5′ + md 5(pwdhash + salt ).hexdigest ()
+                var saltedData = pwdhash + salt
+                hasher.update(sequence: &saltedData)
+                hasher.finalize()
+                let passwordMessage = PostgreSQLPasswordMessage(password: "md5" + hasher.hash.hexString)
+                input = [.password(passwordMessage)]
+            }
+
+            return self.queueStream.enqueue(input) { message in
+                switch message {
+                case .error(let error): throw error
+                case .readyForQuery: return true
+                case .authenticationRequest: return false
+                case .parameterStatus, .backendKeyData: return false
+                default: throw PostgreSQLError(identifier: "authenticationMessage", reason: "Unexpected authentication message: \(message)")
                 }
             }
         }

Tests/PostgreSQLTests/PostgreSQLConnectionTests.swift

@@ -285,7 +285,7 @@ extension PostgreSQLConnection {
     static func makeTest() throws -> (PostgreSQLConnection, EventLoop) {
         let eventLoop = try DefaultEventLoop(label: "codes.vapor.postgresql.client.test")
         let client = try PostgreSQLConnection.connect(on: eventLoop)
-        _ = try client.authenticate(username: "secure", database: "tanner").await(on: eventLoop)
+        _ = try client.authenticate(username: "postgres", database: "postgres").await(on: eventLoop)
         return (client, eventLoop)
     }
 }