Merge pull request #2198 from brianc/benhjames-bhsj/noverify

Add no-verify ssl option

Author: brianc

packages/pg/lib/connection-parameters.js

@@ -25,7 +25,7 @@ var val = function (key, config, envVar) {
   return config[key] || envVar || defaults[key]
 }
 
-var useSsl = function () {
+var readSSLConfigFromEnvironment = function () {
   switch (process.env.PGSSLMODE) {
     case 'disable':
       return false
@@ -34,6 +34,8 @@ var useSsl = function () {
     case 'verify-ca':
     case 'verify-full':
       return true
+    case 'no-verify':
+      return { rejectUnauthorized: false }
   }
   return defaults.ssl
 }
@@ -68,7 +70,14 @@ var ConnectionParameters = function (config) {
   })
 
   this.binary = val('binary', config)
-  this.ssl = typeof config.ssl === 'undefined' ? useSsl() : config.ssl
+
+  this.ssl = typeof config.ssl === 'undefined' ? readSSLConfigFromEnvironment() : config.ssl
+
+  // support passing in ssl=no-verify via connection string
+  if (this.ssl === 'no-verify') {
+    this.ssl = { rejectUnauthorized: false }
+  }
+
   this.client_encoding = val('client_encoding', config)
   this.replication = val('replication', config)
   // a domain socket begins with '/'

packages/pg/test/unit/client/configuration-tests.js

@@ -1,5 +1,6 @@
 'use strict'
 require(__dirname + '/test-helper')
+var assert = require('assert')
 
 var pguser = process.env['PGUSER'] || process.env.USER
 var pgdatabase = process.env['PGDATABASE'] || process.env.USER

packages/pg/test/unit/connection-parameters/environment-variable-tests.js

@@ -1,5 +1,7 @@
 'use strict'
 var helper = require(__dirname + '/../test-helper')
+const Suite = require('../../suite')
+
 var assert = require('assert')
 var ConnectionParameters = require(__dirname + '/../../../lib/connection-parameters')
 var defaults = require(__dirname + '/../../../lib').defaults
@@ -11,7 +13,17 @@ for (var key in process.env) {
   delete process.env[key]
 }
 
-test('ConnectionParameters initialized from environment variables', function (t) {
+const suite = new Suite('ConnectionParameters')
+
+const clearEnv = () => {
+  // clear process.env
+  for (var key in process.env) {
+    delete process.env[key]
+  }
+}
+
+suite.test('ConnectionParameters initialized from environment variables', function () {
+  clearEnv()
   process.env['PGHOST'] = 'local'
   process.env['PGUSER'] = 'bmc2'
   process.env['PGPORT'] = 7890
@@ -26,7 +38,13 @@ test('ConnectionParameters initialized from environment variables', function (t)
   assert.equal(subject.password, 'open', 'env password')
 })
 
-test('ConnectionParameters initialized from mix', function (t) {
+suite.test('ConnectionParameters initialized from mix', function () {
+  clearEnv()
+  process.env['PGHOST'] = 'local'
+  process.env['PGUSER'] = 'bmc2'
+  process.env['PGPORT'] = 7890
+  process.env['PGDATABASE'] = 'allyerbase'
+  process.env['PGPASSWORD'] = 'open'
   delete process.env['PGPASSWORD']
   delete process.env['PGDATABASE']
   var subject = new ConnectionParameters({
@@ -40,12 +58,8 @@ test('ConnectionParameters initialized from mix', function (t) {
   assert.equal(subject.password, defaults.password, 'defaults password')
 })
 
-// clear process.env
-for (var key in process.env) {
-  delete process.env[key]
-}
-
-test('connection string parsing', function (t) {
+suite.test('connection string parsing', function () {
+  clearEnv()
   var string = 'postgres://brian:pw@boom:381/lala'
   var subject = new ConnectionParameters(string)
   assert.equal(subject.host, 'boom', 'string host')
@@ -55,7 +69,10 @@ test('connection string parsing', function (t) {
   assert.equal(subject.database, 'lala', 'string database')
 })
 
-test('connection string parsing - ssl', function (t) {
+suite.test('connection string parsing - ssl', function () {
+  // clear process.env
+  clearEnv()
+
   var string = 'postgres://brian:pw@boom:381/lala?ssl=true'
   var subject = new ConnectionParameters(string)
   assert.equal(subject.ssl, true, 'ssl')
@@ -75,27 +92,24 @@ test('connection string parsing - ssl', function (t) {
   string = 'postgres://brian:pw@boom:381/lala'
   subject = new ConnectionParameters(string)
   assert.equal(!!subject.ssl, false, 'ssl')
-})
 
-// clear process.env
-for (var key in process.env) {
-  delete process.env[key]
-}
+  string = 'postgres://brian:pw@boom:381/lala?ssl=no-verify'
+  subject = new ConnectionParameters(string)
+  assert.deepStrictEqual(subject.ssl, { rejectUnauthorized: false }, 'ssl')
+})
 
-test('ssl is false by default', function () {
+suite.test('ssl is false by default', function () {
+  clearEnv()
   var subject = new ConnectionParameters()
   assert.equal(subject.ssl, false)
 })
 
 var testVal = function (mode, expected) {
-  // clear process.env
-  for (var key in process.env) {
-    delete process.env[key]
-  }
-  process.env.PGSSLMODE = mode
-  test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () {
+  suite.test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () {
+    clearEnv()
+    process.env.PGSSLMODE = mode
     var subject = new ConnectionParameters()
-    assert.equal(subject.ssl, expected)
+    assert.deepStrictEqual(subject.ssl, expected)
   })
 }
 
@@ -106,6 +120,7 @@ testVal('prefer', true)
 testVal('require', true)
 testVal('verify-ca', true)
 testVal('verify-full', true)
+testVal('no-verify', { rejectUnauthorized: false })
 
 // restore process.env
 for (var key in realEnv) {