Open mhill-anynines opened 6 years ago
👍
Hi @mhill-anynines
Supper happy to have this in! Unfortunately one of the tests you added (thank you for tests!) is failing on MongoDB 4.0 (SHA-256 isn't supported before 4.0):
[LOG] 59.43813 Socket 0xc420420240 to localhost:40002: received document: bson.M{"ok":0, "errmsg":"Authentication failed.", "code":18, "codeName":"AuthenticationFailed"}
[LOG] 59.43816 Socket 0xc420420240 to localhost:40002: login error: server returned error on SASL authentication step: Authentication failed.
auth_test.go:911:
c.Assert(err, IsNil)
... value *errors.errorString = &errors.errorString{s:"server returned error on SASL authentication step: Authentication failed."} ("server returned error on SASL authentication step: Authentication failed.")
I had a quick look and noticed the protocol for SHA-256 based SCRAM has changed from SHA-1:
- Uses the SHA-256 hashing function.
- Requires featureCompatibilityVersion set to 4.0.
- Requires passwordDigestor to be server.
I'm guessing it is down to this? I've not looked in depth so let me know if it's not!
Thanks again!
Dom
Yep the server digest is the kicker. Is there a reason for not using external libraries or is using https://github.com/xdg-go/scram acceptable?
My current inclination is to remove the internal SCRAM implementation and wrap the xdg-go implementation to fit the Stepper interface.
Waiting on PR #285
@mhill-anynines PR is merged
@mhill-anynines PR is merged
It was merged into master not develop. When the change is cherry picked back into develop then this PR can progress.
@mhill-anynines the fix has been merged into development
. Can you rebase from it, please?
Hi @mhill-anynines,
Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via https://github.com/globalsign/mgo/pull/287, is there anything else you need from us to proceed?
Thanks, Esther
Hi @mhill-anynines,
Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via #287, is there anything else you need from us to proceed?
Thanks, Esther
Nothing from the project is blocking me. The lack of progress is due a reprioritisation. When I get some time I'll come back to this. If anybody wants to pick this up contact me and I'll pass on what's in my head if needed.
@mhill-anynines I'm interested in picking this up. I know it's been a while since you've maybe thought of this work, but any info on the vision still lingering would be helpful.
@eminano any info on getting development environment setup and running would be appreciated as well.
@ all: I wish you a Happy New Year 2022!
Any news about it?
Linked to:
Hi guys .. Is this likely to be merged anytime soon?
Support more future proof hashing algorithm for SCRAM authentication. Compatible with mongoDB 4.0 and higher.