Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backend authentication is not bypassed correctly for SCRAM #4115

Open
b1ron opened this issue Feb 22, 2024 · 2 comments · May be fixed by #4119
Open

Backend authentication is not bypassed correctly for SCRAM #4115

b1ron opened this issue Feb 22, 2024 · 2 comments · May be fixed by #4119
Assignees
@AlekSi @b1ron
Labels
area/auth Issues about authentication and authorization code/bug Some user-visible feature works incorrectly not ready Issues that are not ready to be worked on; PRs that should skip CI

Comments

@b1ron
Copy link
Member

b1ron commented Feb 22, 2024
edited

FerretDB version

v1.20.0-12-gb6fd73b4-dirty

Backend

PostgreSQL

Environment

dev

What did you do?

See repro #4119.

What did you expect to see?

A successful connection.

What did you see instead?

MongoServerError: [msg_saslstart.go:184 handler.(*Handler).scramCredentialLookup] [collection.go:57 postgresql.(*collection).Query] [registry.go:279 metadata.(*Registry).DatabaseGetExisting] [registry.go:132 metadata.(*Registry).getPool] [pool.go:128 pool.(*Pool).Get] [opendb.go:95 pool.openDB] [opendb.go:110 pool.checkConnection] failed to connect to `host=127.0.0.1 user=byron database=ferretdb`: failed SASL auth (FATAL: password authentication failed for user "byron" (SQLSTATE 28P01))
@b1ron b1ron added code/bug Some user-visible feature works incorrectly not ready Issues that are not ready to be worked on; PRs that should skip CI labels Feb 22, 2024
@b1ron b1ron mentioned this issue Feb 22, 2024
Open
@AlekSi AlekSi added the area/auth Issues about authentication and authorization label Feb 23, 2024
This was referenced Feb 23, 2024
Draft
Draft
Open
@AlekSi
Copy link
Member

AlekSi commented Mar 15, 2024

Let's re-check with the current dev version

@AlekSi AlekSi assigned b1ron and unassigned ferretdb-bot Mar 15, 2024
@b1ron b1ron linked a pull request Mar 15, 2024 that will close this issue
Add test script for bypassing backend authentication issue #4119
Draft
9 tasks
@b1ron
Copy link
Member Author

b1ron commented Mar 15, 2024

This is no longer an issue with the current version. However, what's quite confusing is that is passes locally but only once, and always fails on CI. It could be related to the fact that we authenticate using a new client instance in the shell.

I need to debug the test further in #4119 to fully understand the problem.

@AlekSi AlekSi self-assigned this Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlekSi AlekSi

@b1ron b1ron

Labels
area/auth Issues about authentication and authorization code/bug Some user-visible feature works incorrectly not ready Issues that are not ready to be worked on; PRs that should skip CI
Projects
Current Engineering
Status: Open
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add test script for bypassing backend authentication issue b1ron/FerretDB
3 participants
@AlekSi @b1ron @ferretdb-bot