feat: Add support for SCRAM-SHA-256 authentication

[mhill-anynines]

Support more future proof hashing algorithm for SCRAM authentication.
Compatible with mongoDB 4.0 and higher.

[gogolok]

👍

[domodwyer]

Hi @mhill-anynines

Supper happy to have this in! Unfortunately one of the tests you added (thank you for tests!) is failing on MongoDB 4.0 (SHA-256 isn't supported before 4.0):

[LOG] 59.43813 Socket 0xc420420240 to localhost:40002: received document: bson.M{"ok":0, "errmsg":"Authentication failed.", "code":18, "codeName":"AuthenticationFailed"}
[LOG] 59.43816 Socket 0xc420420240 to localhost:40002: login error: server returned error on SASL authentication step: Authentication failed.
auth_test.go:911:
    c.Assert(err, IsNil)
... value *errors.errorString = &errors.errorString{s:"server returned error on SASL authentication step: Authentication failed."} ("server returned error on SASL authentication step: Authentication failed.")

I had a quick look and noticed the protocol for SHA-256 based SCRAM has changed from SHA-1:

• Uses the SHA-256 hashing function.
• Requires featureCompatibilityVersion set to 4.0.
• Requires passwordDigestor to be server.

I'm guessing it is down to this? I've not looked in depth so let me know if it's not!

Thanks again!

Dom

[mhill-anynines]

Yep the server digest is the kicker. Is there a reason for not using external libraries or is using https://github.com/xdg-go/scram acceptable?

My current inclination is to remove the internal SCRAM implementation and wrap the xdg-go implementation to fit the Stepper interface.

[mhill-anynines]

Waiting on PR #285

[fank]

@mhill-anynines PR is merged

[mhill-anynines]

@mhill-anynines PR is merged

It was merged into master not develop. When the change is cherry picked back into develop then this PR can progress.

[maitesin]

@mhill-anynines the fix has been merged into development. Can you rebase from it, please?

[eminano]

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via #287, is there anything else you need from us to proceed?

Thanks,
Esther

[mhill-anynines]

Hi @mhill-anynines,

Thanks for the time taken to implement this! Are you still blocked? The PR you refer to was merged into development via #287, is there anything else you need from us to proceed?

Thanks,
Esther

Nothing from the project is blocking me. The lack of progress is due a reprioritisation. When I get some time I'll come back to this. If anybody wants to pick this up contact me and I'll pass on what's in my head if needed.

[ngalantowicz]

@mhill-anynines I'm interested in picking this up. I know it's been a while since you've maybe thought of this work, but any info on the vision still lingering would be helpful.

@eminano any info on getting development environment setup and running would be appreciated as well.

[Neustradamus]

@ all: I wish you a Happy New Year 2022!

Any news about it?

Linked to:

• State of Play scram-sasl/info#1

[pyrotechnics-io]

Hi guys .. Is this likely to be merged anytime soon?