mgo icon indicating copy to clipboard operation
mgo copied to clipboard

Published 20 hours ago verified publisher icon globalsign

feat: Add support for SCRAM-SHA-256 authentication

Open mhill-anynines opened this issue 6 years ago • 12 comments

Support more future proof hashing algorithm for SCRAM authentication. Compatible with mongoDB 4.0 and higher.

mhill-anynines avatar Oct 05 '18 14:10 mhill-anynines

👍

gogolok avatar Oct 05 '18 20:10 gogolok

Hi @mhill-anynines

Supper happy to have this in! Unfortunately one of the tests you added (thank you for tests!) is failing on MongoDB 4.0 (SHA-256 isn't supported before 4.0):

[LOG] 59.43813 Socket 0xc420420240 to localhost:40002: received document: bson.M{"ok":0, "errmsg":"Authentication failed.", "code":18, "codeName":"AuthenticationFailed"}
[LOG] 59.43816 Socket 0xc420420240 to localhost:40002: login error: server returned error on SASL authentication step: Authentication failed.
auth_test.go:911:
    c.Assert(err, IsNil)
... value *errors.errorString = &errors.errorString{s:"server returned error on SASL authentication step: Authentication failed."} ("server returned error on SASL authentication step: Authentication failed.")

I had a quick look and noticed the protocol for SHA-256 based SCRAM has changed from SHA-1:

  • Uses the SHA-256 hashing function.
  • Requires featureCompatibilityVersion set to 4.0.
  • Requires passwordDigestor to be server.

I'm guessing it is down to this? I've not looked in depth so let me know if it's not!

Thanks again!

Dom

domodwyer avatar Oct 08 '18 08:10 domodwyer

Yep the server digest is the kicker. Is there a reason for not using external libraries or is using https://github.com/xdg-go/scram acceptable?

My current inclination is to remove the internal SCRAM implementation and wrap the xdg-go implementation to fit the Stepper interface.

mhill-anynines avatar Oct 08 '18 09:10 mhill-anynines

Waiting on PR #285

mhill-anynines avatar Oct 15 '18 11:10 mhill-anynines

@mhill-anynines PR is merged

Fank avatar Oct 19 '18 08:10 Fank

@mhill-anynines PR is merged

It was merged into master not develop. When the change is cherry picked back into develop then this PR can progress.

mhill-anynines avatar Oct 19 '18 10:10 mhill-anynines

@mhill-anynines the fix has been merged into development. Can you rebase from it, please?

maitesin avatar Oct 19 '18 10:10 maitesin

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via https://github.com/globalsign/mgo/pull/287, is there anything else you need from us to proceed?

Thanks, Esther

eminano avatar Jan 16 '19 15:01 eminano

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via #287, is there anything else you need from us to proceed?

Thanks, Esther

Nothing from the project is blocking me. The lack of progress is due a reprioritisation. When I get some time I'll come back to this. If anybody wants to pick this up contact me and I'll pass on what's in my head if needed.

mhill-anynines avatar Jan 16 '19 16:01 mhill-anynines

@mhill-anynines I'm interested in picking this up. I know it's been a while since you've maybe thought of this work, but any info on the vision still lingering would be helpful.

@eminano any info on getting development environment setup and running would be appreciated as well.

ngalantowicz avatar May 18 '21 19:05 ngalantowicz

@ all: I wish you a Happy New Year 2022!

Any news about it?

Linked to:

  • https://github.com/scram-xmpp/info/issues/1

Neustradamus avatar Jan 08 '22 04:01 Neustradamus

Hi guys .. Is this likely to be merged anytime soon?

pyrotechnics-io avatar Jun 27 '22 07:06 pyrotechnics-io