password support

Author: tanner0101

Sources/PostgreSQL/Connection/PostgreSQLConnection+Authenticate.swift

@@ -41,14 +41,52 @@ public final class PostgreSQLConnection {
 
     /// Sends `PostgreSQLMessage` to the server.
     func send(_ message: [PostgreSQLMessage]) -> Future<[PostgreSQLMessage]> {
+        print(message)
         var responses: [PostgreSQLMessage] = []
         return send(message) { response in
+            print(response)
             responses.append(response)
         }.map(to: [PostgreSQLMessage].self) {
             return responses
         }
     }
 
+    /// Authenticates the `PostgreSQLClient` using a username with no password.
+    public func authenticate(username: String, database: String? = nil) -> Future<Void> {
+        let startup = PostgreSQLStartupMessage.versionThree(parameters: [
+            "user": username,
+            "database": database ?? username
+        ])
+        var authRequest: PostgreSQLAuthenticationRequest?
+        return queueStream.enqueue([.startupMessage(startup)]) { message in
+            switch message {
+            case .authenticationRequest(let a):
+                authRequest = a
+                return true
+            default: throw PostgreSQLError(identifier: "auth", reason: "Unsupported message encountered during auth: \(message).")
+            }
+        }.flatMap(to: Void.self) {
+            guard let auth = authRequest else {
+                throw PostgreSQLError(identifier: "authRequest", reason: "No authorization request / status sent.")
+            }
+
+            switch auth {
+            case .ok: return .done
+            case .plaintext: throw PostgreSQLError(identifier: "plaintext", reason: "Plaintext password not supported. Use MD5.")
+            case .md5(let salt):
+                /// FIXME: hash password
+                let password = PostgreSQLPasswordMessage(password: "123")
+                return self.queueStream.enqueue([.password(password)]) { message in
+                    switch message {
+                    case .error(let error):
+                        throw error
+                    default: return true
+                    }
+                }
+            }
+        }
+    }
+
     /// Closes this client.
     public func close() {
         queueStream.close()

Sources/PostgreSQL/Connection/PostgreSQLConnection.swift

@@ -31,6 +31,9 @@ final class PostgreSQLMessageEncoder {
         case .execute(let execute):
             identifier = .E
             try execute.encode(to: encoder)
+        case .password(let password):
+            identifier = .p
+            try password.encode(to: encoder)
         default: fatalError("Unsupported encodable type: \(type(of: message))")
         }
         encoder.updateSize()

Sources/PostgreSQL/Message+Serialize/PostgreSQLMessageEncoder.swift

@@ -1,7 +1,26 @@
+import Foundation
+
 /// Authentication request returned by the server.
-struct PostgreSQLAuthenticationRequest: Decodable {
-    /// Requested auth type.
-    var type: PostgreSQLAuthenticationType
+enum PostgreSQLAuthenticationRequest: Decodable {
+    /// AuthenticationOk
+    case ok
+    /// AuthenticationCleartextPassword
+    case plaintext
+    /// AuthenticationMD5Password
+    case md5(Data)
+
+    /// See `Decodable.init(from:)`
+    init(from decoder: Decoder) throws {
+        let single = try decoder.singleValueContainer()
+        let type = try single.decode(PostgreSQLAuthenticationType.self)
+        switch type {
+        case .ok: self = .ok
+        case .plaintext: self = .plaintext
+        case .md5:
+            let salt = try single.decode(Int32.self)
+            self = .md5(salt.data)
+        }
+    }
 }
 
 /// Supported authentication types.
@@ -10,6 +29,8 @@ enum PostgreSQLAuthenticationType: Int32, Decodable {
     case ok = 0
     /// Specifies that a clear-text password is required.
     case plaintext = 3
+    /// Specifies that an MD5-encrypted password is required.
+    case md5 = 5
 }
 
 extension PostgreSQLAuthenticationType: CustomStringConvertible {
@@ -18,6 +39,7 @@ extension PostgreSQLAuthenticationType: CustomStringConvertible {
         switch self {
         case .ok: return "none"
         case .plaintext: return "plaintext password required"
+        case .md5: return "md5-hashed password required"
         }
     }
 }

Sources/PostgreSQL/Message/PostgreSQLAuthenticationRequest.swift

@@ -7,15 +7,25 @@ enum PostgreSQLMessage {
     case error(PostgreSQLDiagnosticResponse)
     /// Identifies the message as a notice.
     case notice(PostgreSQLDiagnosticResponse)
+    /// One of the various authentication request message formats.
     case authenticationRequest(PostgreSQLAuthenticationRequest)
+    /// Identifies the message as a password response.
+    case password(PostgreSQLPasswordMessage)
+    /// Identifies the message as a run-time parameter status report.
     case parameterStatus(PostgreSQLParameterStatus)
+    /// Identifies the message as cancellation key data. The frontend must save these values if it wishes to be able to issue CancelRequest messages later.
     case backendKeyData(PostgreSQLBackendKeyData)
+    /// Identifies the message type. ReadyForQuery is sent whenever the backend is ready for a new query cycle.
     case readyForQuery(PostgreSQLReadyForQuery)
+    /// Identifies the message as a simple query.
     case query(PostgreSQLQuery)
+    /// Identifies the message as a row description.
     case rowDescription(PostgreSQLRowDescription)
+    /// Identifies the message as a data row.
     case dataRow(PostgreSQLDataRow)
     /// Identifies the message as a command-completed response.
     case close(PostgreSQLCloseResponse)
+    /// Identifies the message as a Parse command.
     case parse(PostgreSQLParseRequest)
     /// Identifies the message as a parameter description.
     case parameterDescription(PostgreSQLParameterDescription)

Sources/PostgreSQL/Message/PostgreSQLMessage.swift

@@ -0,0 +1,7 @@
+/// Identifies the message as a password response. Note that this is also used for
+/// GSSAPI and SSPI response messages (which is really a design error, since the contained
+/// data is not a null-terminated string in that case, but can be arbitrary binary data).
+struct PostgreSQLPasswordMessage: Encodable {
+    /// The password (encrypted, if requested).
+    var password: String
+}

Sources/PostgreSQL/Message/PostgreSQLPasswordMessage.swift

@@ -6,7 +6,7 @@ import TCP
 
 class PostgreSQLConnectionTests: XCTestCase {
     func testVersion() throws {
-        let (client, eventLoop) = try PostgreSQLConnection.makeTest()
+        let (client, eventLoop) = try! PostgreSQLConnection.makeTest()
         let results = try client.simpleQuery("SELECT version();").await(on: eventLoop)
         try XCTAssert(results[0]["version"]?.decode(String.self).contains("10.1") == true)
     }
@@ -285,7 +285,7 @@ extension PostgreSQLConnection {
     static func makeTest() throws -> (PostgreSQLConnection, EventLoop) {
         let eventLoop = try DefaultEventLoop(label: "codes.vapor.postgresql.client.test")
         let client = try PostgreSQLConnection.connect(on: eventLoop)
-        _ = try client.authenticate(username: "postgres").await(on: eventLoop)
+        _ = try client.authenticate(username: "secure", database: "tanner").await(on: eventLoop)
         return (client, eventLoop)
     }
 }