From 1091d7c46084a3d858c84a86d799ab884c5ce19f Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 13 Jan 2020 11:44:37 -0800
Subject: [PATCH] Remove password from stringified outputs (#2070)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Keep ConnectionParameters’s password property writable

`Client` writes to it when `password` is a function.

* Avoid creating password property on pool options

when it didn’t exist previously.

* Allow password option to be non-enumerable

to avoid breaking uses like `new Pool(existingPool.options)`.

* Make password property definitions consistent

in formatting and configurability.
---
 packages/pg-pool/index.js                | 21 ++++++++++++---------
 packages/pg/lib/client.js                |  5 ++---
 packages/pg/lib/connection-parameters.js |  7 +++----
 3 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/packages/pg-pool/index.js b/packages/pg-pool/index.js
index 42731d3c6..dd0d478d2 100644
--- a/packages/pg-pool/index.js
+++ b/packages/pg-pool/index.js
@@ -60,15 +60,18 @@ class Pool extends EventEmitter {
   constructor (options, Client) {
     super()
     this.options = Object.assign({}, options)
-    const password = this.options.password
-    // "hiding" the password so it doesn't show up in stack traces
-    // or if the client is console.logged
-    Object.defineProperty(this.options, 'password', {
-      configurable: true,
-      enumerable: false,
-      value: password,
-      writable: true
-    })
+
+    if (options != null && 'password' in options) {
+      // "hiding" the password so it doesn't show up in stack traces
+      // or if the client is console.logged
+      Object.defineProperty(this.options, 'password', {
+        configurable: true,
+        enumerable: false,
+        writable: true,
+        value: options.password
+      })
+    }
+
     this.options.max = this.options.max || this.options.poolSize || 10
     this.log = this.options.log || function () { }
     this.Client = this.options.Client || Client || require('pg').Client
diff --git a/packages/pg/lib/client.js b/packages/pg/lib/client.js
index fe1ce8baf..c929d26f3 100644
--- a/packages/pg/lib/client.js
+++ b/packages/pg/lib/client.js
@@ -33,12 +33,11 @@ var Client = function (config) {
 
   // "hiding" the password so it doesn't show up in stack traces
   // or if the client is console.logged
-  const password = this.connectionParameters.password
   Object.defineProperty(this, 'password', {
+    configurable: true,
     enumerable: false,
-    configurable: false,
     writable: true,
-    value: password
+    value: this.connectionParameters.password
   })
 
   this.replication = this.connectionParameters.replication
diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
index b00d3f1a3..c0f8498eb 100644
--- a/packages/pg/lib/connection-parameters.js
+++ b/packages/pg/lib/connection-parameters.js
@@ -57,12 +57,11 @@ var ConnectionParameters = function (config) {
 
   // "hiding" the password so it doesn't show up in stack traces
   // or if the client is console.logged
-  const password = val('password', config)
   Object.defineProperty(this, 'password', {
+    configurable: true,
     enumerable: false,
-    configurable: false,
-    writable: false,
-    value: password
+    writable: true,
+    value: val('password', config)
   })
 
   this.binary = val('binary', config)