Clear text conn type (isoos#20)

* Add clear type and auth scheme

* Create clearText_authenticator.dart

* Add case in Auth message evaluation

* Optional parameter for selecting feature

* Update CHANGELOG.md

* Format, typo and style fixing

* Increase version in pubspec

* Specific message when flag disabled

Co-authored-by: pedropastor <>

Author: pedropastor

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 2.4.3
+- Support for clear text passwords using a boolean parameter in connection as 'allowClearTextPassword' to activate / deactivate the feature. [#20](https://github.com/isoos/postgresql-dart/pull/20).
+
 ## 2.4.2
 
 - Include original stacktrace when query fails.

lib/src/auth/auth.dart

@@ -3,10 +3,11 @@ import 'package:sasl_scram/sasl_scram.dart';
 
 import '../../postgres.dart';
 import '../server_messages.dart';
+import 'clear_text_authenticator.dart';
 import 'md5_authenticator.dart';
 import 'sasl_authenticator.dart';
 
-enum AuthenticationScheme { MD5, SCRAM_SHA_256 }
+enum AuthenticationScheme { MD5, SCRAM_SHA_256, CLEAR }
 
 abstract class PostgresAuthenticator {
   static String? name;
@@ -27,6 +28,8 @@ PostgresAuthenticator createAuthenticator(PostgreSQLConnection connection,
           username: connection.username, password: connection.password);
       return PostgresSaslAuthenticator(
           connection, ScramAuthenticator('SCRAM-SHA-256', sha256, credentials));
+    case AuthenticationScheme.CLEAR:
+      return ClearAuthenticator(connection);
     default:
       throw PostgreSQLException("Authenticator wasn't specified");
   }

lib/src/auth/clear_text_authenticator.dart

@@ -0,0 +1,33 @@
+import 'package:buffer/buffer.dart';
+
+import '../../postgres.dart';
+import '../client_messages.dart';
+import '../server_messages.dart';
+import '../utf8_backed_string.dart';
+import 'auth.dart';
+
+class ClearAuthenticator extends PostgresAuthenticator {
+  ClearAuthenticator(PostgreSQLConnection connection) : super(connection);
+
+  @override
+  void onMessage(AuthenticationMessage message) {
+    final authMessage = ClearMessage(connection.password!);
+    connection.socket!.add(authMessage.asBytes());
+  }
+}
+
+class ClearMessage extends ClientMessage {
+  UTF8BackedString? _authString;
+
+  ClearMessage(String password) {
+    _authString = UTF8BackedString(password);
+  }
+
+  @override
+  void applyToBuffer(ByteDataWriter buffer) {
+    buffer.writeUint8(ClientMessage.PasswordIdentifier);
+    final length = 5 + _authString!.utf8Length;
+    buffer.writeUint32(length);
+    _authString!.applyToBuffer(buffer);
+  }
+}

lib/src/connection.dart

@@ -39,6 +39,7 @@ class PostgreSQLConnection extends Object
   /// [queryTimeoutInSeconds] refers to the default timeout for [PostgreSQLExecutionContext]'s execute and query methods.
   /// [timeZone] is the timezone the connection is in. Defaults to 'UTC'.
   /// [useSSL] when true, uses a secure socket when connecting to a PostgreSQL database.
+  /// [allowClearTextPassword] when true, allows sending the password during authentication in clear text. Use only when required by the database server and under encrypted connections, this feature may lead to security issues.
   PostgreSQLConnection(
     this.host,
     this.port,
@@ -50,6 +51,7 @@ class PostgreSQLConnection extends Object
     this.timeZone = 'UTC',
     this.useSSL = false,
     this.isUnixSocket = false,
+    this.allowClearTextPassword = false,
   }) {
     _connectionState = _PostgreSQLConnectionStateClosed();
     _connectionState.connection = this;
@@ -91,6 +93,9 @@ class PostgreSQLConnection extends Object
   /// If true, connection is made via unix socket.
   final bool isUnixSocket;
 
+  /// If true, allows password in clear text for authentication.
+  final bool allowClearTextPassword;
+
   /// Stream of notification from the database.
   ///
   /// Listen to this [Stream] to receive events from PostgreSQL NOTIFY commands.

lib/src/connection_fsm.dart

@@ -110,6 +110,16 @@ class _PostgreSQLConnectionStateAuthenticating
           _authenticator =
               createAuthenticator(connection!, AuthenticationScheme.MD5);
           continue authMsg;
+        case AuthenticationMessage.KindClearTextPassword:
+          if (connection!.allowClearTextPassword) {
+            _authenticator =
+                createAuthenticator(connection!, AuthenticationScheme.CLEAR);
+            continue authMsg;
+          } else {
+            completer.completeError(PostgreSQLException(
+                'type ${message.type} connections disabled. Set AllowClearTextPassword flag on PostgreSQLConnection to enable this feature.'));
+            break;
+          }
         case AuthenticationMessage.KindSASL:
           _authenticator = createAuthenticator(
               connection!, AuthenticationScheme.SCRAM_SHA_256);

pubspec.yaml

@@ -1,6 +1,6 @@
 name: postgres
 description: PostgreSQL database driver. Supports statement reuse and binary protocol.
-version: 2.4.2
+version: 2.4.3
 homepage: https://github.com/isoos/postgresql-dart
 
 environment: