diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js index b34e0df5f..e1d838929 100644 --- a/packages/pg/lib/connection-parameters.js +++ b/packages/pg/lib/connection-parameters.js @@ -25,7 +25,7 @@ var val = function (key, config, envVar) { return config[key] || envVar || defaults[key] } -var useSsl = function () { +var readSSLConfigFromEnvironment = function () { switch (process.env.PGSSLMODE) { case 'disable': return false @@ -34,6 +34,8 @@ var useSsl = function () { case 'verify-ca': case 'verify-full': return true + case 'no-verify': + return { rejectUnauthorized: false } } return defaults.ssl } @@ -68,7 +70,14 @@ var ConnectionParameters = function (config) { }) this.binary = val('binary', config) - this.ssl = typeof config.ssl === 'undefined' ? useSsl() : config.ssl + + this.ssl = typeof config.ssl === 'undefined' ? readSSLConfigFromEnvironment() : config.ssl + + // support passing in ssl=no-verify via connection string + if (this.ssl === 'no-verify') { + this.ssl = { rejectUnauthorized: false } + } + this.client_encoding = val('client_encoding', config) this.replication = val('replication', config) // a domain socket begins with '/' diff --git a/packages/pg/test/unit/client/configuration-tests.js b/packages/pg/test/unit/client/configuration-tests.js index e6cbc0dcc..e604513bf 100644 --- a/packages/pg/test/unit/client/configuration-tests.js +++ b/packages/pg/test/unit/client/configuration-tests.js @@ -1,5 +1,6 @@ 'use strict' require(__dirname + '/test-helper') +var assert = require('assert') var pguser = process.env['PGUSER'] || process.env.USER var pgdatabase = process.env['PGDATABASE'] || process.env.USER diff --git a/packages/pg/test/unit/connection-parameters/environment-variable-tests.js b/packages/pg/test/unit/connection-parameters/environment-variable-tests.js index 45d481e30..c64edee87 100644 --- a/packages/pg/test/unit/connection-parameters/environment-variable-tests.js +++ b/packages/pg/test/unit/connection-parameters/environment-variable-tests.js @@ -1,5 +1,7 @@ 'use strict' var helper = require(__dirname + '/../test-helper') +const Suite = require('../../suite') + var assert = require('assert') var ConnectionParameters = require(__dirname + '/../../../lib/connection-parameters') var defaults = require(__dirname + '/../../../lib').defaults @@ -11,7 +13,17 @@ for (var key in process.env) { delete process.env[key] } -test('ConnectionParameters initialized from environment variables', function (t) { +const suite = new Suite('ConnectionParameters') + +const clearEnv = () => { + // clear process.env + for (var key in process.env) { + delete process.env[key] + } +} + +suite.test('ConnectionParameters initialized from environment variables', function () { + clearEnv() process.env['PGHOST'] = 'local' process.env['PGUSER'] = 'bmc2' process.env['PGPORT'] = 7890 @@ -26,7 +38,13 @@ test('ConnectionParameters initialized from environment variables', function (t) assert.equal(subject.password, 'open', 'env password') }) -test('ConnectionParameters initialized from mix', function (t) { +suite.test('ConnectionParameters initialized from mix', function () { + clearEnv() + process.env['PGHOST'] = 'local' + process.env['PGUSER'] = 'bmc2' + process.env['PGPORT'] = 7890 + process.env['PGDATABASE'] = 'allyerbase' + process.env['PGPASSWORD'] = 'open' delete process.env['PGPASSWORD'] delete process.env['PGDATABASE'] var subject = new ConnectionParameters({ @@ -40,12 +58,8 @@ test('ConnectionParameters initialized from mix', function (t) { assert.equal(subject.password, defaults.password, 'defaults password') }) -// clear process.env -for (var key in process.env) { - delete process.env[key] -} - -test('connection string parsing', function (t) { +suite.test('connection string parsing', function () { + clearEnv() var string = 'postgres://brian:pw@boom:381/lala' var subject = new ConnectionParameters(string) assert.equal(subject.host, 'boom', 'string host') @@ -55,7 +69,10 @@ test('connection string parsing', function (t) { assert.equal(subject.database, 'lala', 'string database') }) -test('connection string parsing - ssl', function (t) { +suite.test('connection string parsing - ssl', function () { + // clear process.env + clearEnv() + var string = 'postgres://brian:pw@boom:381/lala?ssl=true' var subject = new ConnectionParameters(string) assert.equal(subject.ssl, true, 'ssl') @@ -75,27 +92,24 @@ test('connection string parsing - ssl', function (t) { string = 'postgres://brian:pw@boom:381/lala' subject = new ConnectionParameters(string) assert.equal(!!subject.ssl, false, 'ssl') -}) -// clear process.env -for (var key in process.env) { - delete process.env[key] -} + string = 'postgres://brian:pw@boom:381/lala?ssl=no-verify' + subject = new ConnectionParameters(string) + assert.deepStrictEqual(subject.ssl, { rejectUnauthorized: false }, 'ssl') +}) -test('ssl is false by default', function () { +suite.test('ssl is false by default', function () { + clearEnv() var subject = new ConnectionParameters() assert.equal(subject.ssl, false) }) var testVal = function (mode, expected) { - // clear process.env - for (var key in process.env) { - delete process.env[key] - } - process.env.PGSSLMODE = mode - test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () { + suite.test('ssl is ' + expected + ' when $PGSSLMODE=' + mode, function () { + clearEnv() + process.env.PGSSLMODE = mode var subject = new ConnectionParameters() - assert.equal(subject.ssl, expected) + assert.deepStrictEqual(subject.ssl, expected) }) } @@ -106,6 +120,7 @@ testVal('prefer', true) testVal('require', true) testVal('verify-ca', true) testVal('verify-full', true) +testVal('no-verify', { rejectUnauthorized: false }) // restore process.env for (var key in realEnv) {