Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to SASL SCRAM #72

Merged
merged 20 commits into from
Jun 7, 2018
Merged

Add support to SASL SCRAM #72

merged 20 commits into from
Jun 7, 2018

Conversation

tulios
Copy link
Owner

@tulios tulios commented Jun 5, 2018

Closes #71

tulios added 17 commits June 5, 2018 01:01
@tulios
Enable SCRAM in the docker-compose file
10975d0
@tulios
Add script to create SCRAM for the test cluster
647704b
@tulios
Create SCRAM credentials when running tests
896787e
@tulios
Create SASL SCRAM first message protocol
7e8d85e
@tulios
Add test utility to connect using SCRAM
ecf4ab0
@tulios
Allow connection to buffer data for auth requests expecting a response
b71f506
@tulios
Add initial implementation of SCRAM 256 authenticator
8dcafd6
@tulios
Add SASL SCRAM final message protocol
789b307
@tulios
Add SCRAM 256 final message to the authenticator
4fa2afc
@tulios
Finish SCRAM 256 authenticator
4163473
@tulios
Replace generic Error class with KafkaJSNonRetriableError
972b530
@tulios
Refactor SCRAM256
d96d315
@tulios
Add connect/disconnect tests for SCRAM 256
0918b00
@tulios
Add support for SCRAM 512 authenticator
a92bed1
@tulios
Update readme
32149b0
@tulios
Fix SCRAM unit tests
16989c4
@tulios
Update readme with script to create SCRAM credentials
4a3ec40
@tulios tulios requested a review from Nevon June 5, 2018 22:40
Nevon
Nevon requested changes Jun 7, 2018
View reviewed changes
Copy link
Collaborator

@Nevon Nevon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this was a nice and simple PR. No complicated logic anywhere to be found.

src/network/connection.js Outdated
@@ -313,6 +319,11 @@ module.exports = class Connection {

// The full payload is loaded, erase the temporary buffer
this.buffer = Buffer.alloc(0)

if (this.authHandlers && this.authExpectResponse) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can remove the second condition

src/broker/saslAuthenticator/scram.js

const finalMessageWithoutProof = this.finalMessageWithoutProof(clientMessageResponse)
const clientProof = await this.clientProof(clientMessageResponse)
const finalMessage = `${finalMessageWithoutProof},p=${clientProof}`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All this p, r, n etc. is reminding me of node-postgres. I would suggest to extract them to named constants so that I don't have to read the RFC to understand what they all mean.

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think naming this different will help; it's better to have a close mapping to the RFC. This is also "standardized", anyone reading SCRAM code will easily find the components of the message instead of parsing our understanding of it. WDYT?

@Nevon Nevon merged commit f225ee8 into master Jun 7, 2018
@Nevon Nevon deleted the add-support-to-sasl-scram branch June 7, 2018 12:37
@Nevon Nevon mentioned this pull request Jun 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nevon Nevon Nevon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tulios @Nevon