Merge branch 'main' into v2

vapor · Jan 30, 2024 · b2553e3 · b2553e3
2 parents 7926cb3 + e9b90b2
commit b2553e3
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 7 deletions.
diff --git a/Sources/ConnectionPoolModule/ConnectionPool.swift b/Sources/ConnectionPoolModule/ConnectionPool.swift
@@ -591,7 +591,7 @@ protocol TaskGroupProtocol {
 }
 
 #if swift(>=5.8) && os(Linux) || swift(>=5.9)
-@available(macOS 14.0, iOS 17.0, tvOS 17.0, watchOS 9.0, *)
+@available(macOS 14.0, iOS 17.0, tvOS 17.0, watchOS 10.0, *)
 extension DiscardingTaskGroup: TaskGroupProtocol {}
 #endif
 

diff --git a/Sources/PostgresNIO/New/PostgresCodable.swift b/Sources/PostgresNIO/New/PostgresCodable.swift
@@ -166,11 +166,10 @@ extension PostgresDynamicTypeEncodable {
 
 /// A context that is passed to Swift objects that are encoded into the Postgres wire format. Used
 /// to pass further information to the encoding method.
-public struct PostgresEncodingContext<JSONEncoder: PostgresJSONEncoder> {
+public struct PostgresEncodingContext<JSONEncoder: PostgresJSONEncoder>: Sendable {
     /// A ``PostgresJSONEncoder`` used to encode the object to json.
     public var jsonEncoder: JSONEncoder
 
-
     /// Creates a ``PostgresEncodingContext`` with the given ``PostgresJSONEncoder``. In case you want
     /// to use the a ``PostgresEncodingContext`` with an unconfigured Foundation `JSONEncoder`
     /// you can use the ``default`` context instead.

diff --git a/Sources/PostgresNIO/Utilities/SASLAuthentication+SCRAM-SHA256.swift b/Sources/PostgresNIO/Utilities/SASLAuthentication+SCRAM-SHA256.swift
@@ -209,14 +209,13 @@ fileprivate struct SCRAMMessageParser {
     }
 
     static func parse(raw: [UInt8], isGS2Header: Bool = false) -> [SCRAMAttribute]? {
-
         // There are two ways to implement this parse:
         //  1. All-at-once: Split on comma, split each on equals, validate
         //     each results in a valid attribute.
         //  2. Sequential: State machine lookahead parse.
         // The former is simpler. The latter provides better validation.
-        let likelyAttributeSets = raw.split(separator: .comma, maxSplits: isGS2Header ? 3 : Int.max, omittingEmptySubsequences: false)
-        let likelyAttributePairs = likelyAttributeSets.map { $0.split(separator: .equals, maxSplits: 2, omittingEmptySubsequences: false) }
+        let likelyAttributeSets = raw.split(separator: .comma, maxSplits: isGS2Header ? 2 : Int.max, omittingEmptySubsequences: false)
+        let likelyAttributePairs = likelyAttributeSets.map { $0.split(separator: .equals, maxSplits: 1, omittingEmptySubsequences: false) }
 
         let results = likelyAttributePairs.map { parseAttributePair(name: Array($0[0]), value: $0.dropFirst().first.map { Array($0) } ?? [], isGS2Header: isGS2Header) }
         let validResults = results.compactMap { $0 }
@@ -369,7 +368,7 @@ internal struct SHA256_PLUS: SASLAuthenticationMechanism {
 } // enum SCRAM
 } // enum SASLMechanism
 
-/// Common impplementation of SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
+/// Common implementation of SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
 fileprivate final class SASLMechanism_SCRAM_SHA256_Common {
 
     /// Initialized with initial client state

diff --git a/Tests/PostgresNIOTests/New/Connection State Machine/AuthenticationStateMachineTests.swift b/Tests/PostgresNIOTests/New/Connection State Machine/AuthenticationStateMachineTests.swift
@@ -45,6 +45,30 @@ class AuthenticationStateMachineTests: XCTestCase {
         XCTAssertEqual(state.authenticationMessageReceived(.ok), .wait)
     }
 
+    func testAuthenticateSCRAMSHA256WithAtypicalEncoding() {
+        let authContext = AuthContext(username: "test", password: "abc123", database: "test")
+        var state = ConnectionStateMachine(requireBackendKeyData: true)
+        XCTAssertEqual(state.connected(tls: .disable), .provideAuthenticationContext)
+        XCTAssertEqual(state.provideAuthenticationContext(authContext), .sendStartupMessage(authContext))
+
+        let saslResponse = state.authenticationMessageReceived(.sasl(names: ["SCRAM-SHA-256"]))
+        guard case .sendSaslInitialResponse(name: let name, initialResponse: let responseData) = saslResponse else {
+            return XCTFail("\(saslResponse) is not .sendSaslInitialResponse")
+        }
+        let responseString = String(decoding: responseData, as: UTF8.self)
+        XCTAssertEqual(name, "SCRAM-SHA-256")
+        XCTAssert(responseString.starts(with: "n,,n=test,r="))
+
+        let saslContinueResponse = state.authenticationMessageReceived(.saslContinue(data: .init(bytes:
+            "r=\(responseString.dropFirst(12))RUJSZHhkeUVFNzRLNERKMkxmU05ITU1NZWcxaQ==,s=ijgUVaWgCDLRJyF963BKNA==,i=4096".utf8
+        )))
+        guard case .sendSaslResponse(let responseData2) = saslContinueResponse else {
+            return XCTFail("\(saslContinueResponse) is not .sendSaslResponse")
+        }
+        let response2String = String(decoding: responseData2, as: UTF8.self)
+        XCTAssertEqual(response2String.prefix(76), "c=biws,r=\(responseString.dropFirst(12))RUJSZHhkeUVFNzRLNERKMkxmU05ITU1NZWcxaQ==,p=")
+    }
+
     func testAuthenticationFailure() {
         let authContext = AuthContext(username: "test", password: "abc123", database: "test")
         var state = ConnectionStateMachine(requireBackendKeyData: true)