globalsign / mgo

The MongoDB driver for Go
Other
1.97k stars 230 forks source link

feat: Add support for SCRAM-SHA-256 authentication #282

Open mhill-anynines opened 6 years ago

mhill-anynines commented 6 years ago

Support more future proof hashing algorithm for SCRAM authentication. Compatible with mongoDB 4.0 and higher.

gogolok commented 6 years ago

👍

domodwyer commented 6 years ago

Hi @mhill-anynines

Supper happy to have this in! Unfortunately one of the tests you added (thank you for tests!) is failing on MongoDB 4.0 (SHA-256 isn't supported before 4.0):

[LOG] 59.43813 Socket 0xc420420240 to localhost:40002: received document: bson.M{"ok":0, "errmsg":"Authentication failed.", "code":18, "codeName":"AuthenticationFailed"}
[LOG] 59.43816 Socket 0xc420420240 to localhost:40002: login error: server returned error on SASL authentication step: Authentication failed.
auth_test.go:911:
    c.Assert(err, IsNil)
... value *errors.errorString = &errors.errorString{s:"server returned error on SASL authentication step: Authentication failed."} ("server returned error on SASL authentication step: Authentication failed.")

I had a quick look and noticed the protocol for SHA-256 based SCRAM has changed from SHA-1:

  • Uses the SHA-256 hashing function.
  • Requires featureCompatibilityVersion set to 4.0.
  • Requires passwordDigestor to be server.

I'm guessing it is down to this? I've not looked in depth so let me know if it's not!

Thanks again!

Dom

mhill-anynines commented 6 years ago

Yep the server digest is the kicker. Is there a reason for not using external libraries or is using https://github.com/xdg-go/scram acceptable?

My current inclination is to remove the internal SCRAM implementation and wrap the xdg-go implementation to fit the Stepper interface.

mhill-anynines commented 6 years ago

Waiting on PR #285

Fank commented 6 years ago

@mhill-anynines PR is merged

mhill-anynines commented 6 years ago

@mhill-anynines PR is merged

It was merged into master not develop. When the change is cherry picked back into develop then this PR can progress.

maitesin commented 6 years ago

@mhill-anynines the fix has been merged into development. Can you rebase from it, please?

eminano commented 5 years ago

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via https://github.com/globalsign/mgo/pull/287, is there anything else you need from us to proceed?

Thanks, Esther

mhill-anynines commented 5 years ago

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via #287, is there anything else you need from us to proceed?

Thanks, Esther

Nothing from the project is blocking me. The lack of progress is due a reprioritisation. When I get some time I'll come back to this. If anybody wants to pick this up contact me and I'll pass on what's in my head if needed.

ngalantowicz commented 3 years ago

@mhill-anynines I'm interested in picking this up. I know it's been a while since you've maybe thought of this work, but any info on the vision still lingering would be helpful.

@eminano any info on getting development environment setup and running would be appreciated as well.

Neustradamus commented 2 years ago

@ all: I wish you a Happy New Year 2022!

Any news about it?

Linked to:

pyrotechnics-io commented 2 years ago

Hi guys .. Is this likely to be merged anytime soon?