Warn the user if a hook function is registered but a necessary parameter is not enabled (#270)

Author: TianzeMYou

pg_tle--1.3.4--1.4.0.sql

@@ -60,6 +60,71 @@ END;
 $_pgtleie_$
 LANGUAGE plpgsql STRICT;
 
+-- Helper function to register features in the feature_info table
+CREATE OR REPLACE FUNCTION pgtle.register_feature(proc regproc, feature pgtle.pg_tle_features)
+RETURNS VOID
+LANGUAGE plpgsql
+AS $$
+DECLARE
+pg_proc_relid oid;
+proc_oid oid;
+schema_name text;
+nspoid oid;
+proname text;
+proc_schema_name text;
+ident text;
+passcheck_enabled text;
+clientauth_enabled text;
+current_db text;
+passcheck_db text;
+clientauth_db text;
+
+BEGIN
+    SELECT setting FROM pg_catalog.pg_settings WHERE name = 'pgtle.enable_password_check' INTO passcheck_enabled;
+    SELECT setting FROM pg_catalog.pg_settings WHERE name = 'pgtle.enable_clientauth' INTO clientauth_enabled;
+    SELECT pg_catalog.CURRENT_DATABASE() INTO current_db;
+    SELECT setting FROM pg_catalog.pg_settings WHERE name = 'pgtle.passcheck_db_name' INTO passcheck_db;
+    SELECT setting FROM pg_catalog.pg_settings WHERE name = 'pgtle.clientauth_db_name' INTO clientauth_db;
+
+    IF feature = 'passcheck' THEN
+        IF passcheck_enabled = 'off' THEN
+           RAISE NOTICE 'pgtle.enable_password_check is set to off. To enable passcheck, set pgtle.enable_password_check = on';
+        ELSE
+        -- passcheck_db_name is an optional param, we only emit a warning if it's non-empty and is not the current database
+            IF passcheck_db != '' AND current_db != passcheck_db THEN
+                RAISE NOTICE '%', pg_catalog.FORMAT('pgtle.passcheck_db_name is currently %I. To trigger this passcheck function, register the function in that database.', passcheck_db)
+                USING HINT = pg_catalog.FORMAT('Alternatively, to use the current database for passcheck, set pgtle.passcheck_db_name = %I and reload the PostgreSQL configuration.', current_db);
+            END IF;
+        END IF;
+    END IF;
+
+    IF feature = 'clientauth' THEN
+        IF clientauth_enabled = 'off' THEN
+            RAISE NOTICE 'pgtle.enable_clientauth is set to off. To enable clientauth, set pgtle.enable_clientauth = on';
+        ELSE
+            IF current_db != clientauth_db THEN
+                RAISE NOTICE '%', pg_catalog.FORMAT('pgtle.clientauth_db_name is currently %I. To trigger this clientauth function, register the function in that database.', clientauth_db)
+                USING HINT = pg_catalog.FORMAT('Alternatively, to use the current database for clientauth, set pgtle.clientauth_db_name = %I and reload the PostgreSQL configuration.', current_db);
+            END IF;
+        END IF;
+    END IF;
+
+    SELECT oid into nspoid FROM pg_catalog.pg_namespace
+    where nspname = 'pg_catalog';
+
+    SELECT oid into pg_proc_relid from pg_catalog.pg_class
+    where relname = 'pg_proc' and relnamespace = nspoid;
+
+    SELECT pg_namespace.nspname, pg_proc.oid, pg_proc.proname into proc_schema_name, proc_oid, proname FROM
+                                                                                                           pg_catalog.pg_namespace, pg_catalog.pg_proc
+    where pg_proc.oid = proc AND pg_proc.pronamespace = pg_namespace.oid;
+
+    SELECT identity into ident FROM pg_catalog.pg_identify_object(pg_proc_relid, proc_oid, 0);
+
+    INSERT INTO pgtle.feature_info VALUES (feature, proc_schema_name, proname, ident);
+END;
+$$;
+
 REVOKE EXECUTE ON FUNCTION pgtle.create_base_type
 (
   typenamespace regnamespace,
@@ -82,6 +147,12 @@ REVOKE EXECUTE ON FUNCTION pgtle.create_base_type_if_not_exists
   storage text  
 ) FROM PUBLIC;
 
+REVOKE EXECUTE ON FUNCTION pgtle.register_feature
+(
+    proc regproc,
+    feature pgtle.pg_tle_features
+) FROM PUBLIC;
+
 GRANT EXECUTE ON FUNCTION pgtle.create_base_type
 (
   typenamespace regnamespace,
@@ -103,3 +174,9 @@ GRANT EXECUTE ON FUNCTION pgtle.create_base_type_if_not_exists
   alignment text,
   storage text  
 ) TO pgtle_admin;
+
+GRANT EXECUTE ON FUNCTION pgtle.register_feature
+(
+  proc regproc,
+  feature pgtle.pg_tle_features
+) TO pgtle_admin;

test/expected/pg_tle_api.out

@@ -193,7 +193,7 @@ SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck
 ERROR:  duplicate key value violates unique constraint "feature_info_pkey"
 DETAIL:  Key (feature, schema_name, proname)=(passcheck, public, password_check_length_greater_than_8) already exists.
 CONTEXT:  SQL statement "INSERT INTO pgtle.feature_info VALUES (feature, proc_schema_name, proname, ident)"
-PL/pgSQL function pgtle.register_feature(regproc,pgtle.pg_tle_features) line 24 at SQL statement
+PL/pgSQL function pgtle.register_feature(regproc,pgtle.pg_tle_features) line 58 at SQL statement
 -- unregister hooks
 SELECT pgtle.unregister_feature('password_check_only_nums', 'passcheck');
  unregister_feature 
@@ -270,6 +270,7 @@ END;
 $$
 LANGUAGE PLPGSQL;
 SELECT pgtle.register_feature('pass.password_check_length_greater_than_8', 'passcheck');
+NOTICE:  pgtle.enable_password_check is set to off. To enable passcheck, set pgtle.enable_password_check = on
  register_feature 
 ------------------
 
@@ -360,7 +361,110 @@ SELECT pgtle.uninstall_extension('test_unregister_feature');
  t
 (1 row)
 
+-- create this function one more time to test warning messages
+CREATE FUNCTION password_check_length_greater_than_8(username text, shadow_pass text, password_types pgtle.password_types, validuntil_time TimestampTz, validuntil_null boolean) RETURNS void AS
+    $$
+    BEGIN
+        if length(shadow_pass) < 8 THEN
+            RAISE EXCEPTION 'Passwords needs to be longer than 8';
+        END IF;
+    END;
+    $$
+LANGUAGE PLPGSQL;
+-- Show warning if passcheck parameter is off when registering a passcheck function
+ALTER SYSTEM SET pgtle.enable_password_check = 'off';
+SELECT pg_reload_conf();
+ pg_reload_conf 
+----------------
+ t
+(1 row)
+
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck');
+NOTICE:  pgtle.enable_password_check is set to off. To enable passcheck, set pgtle.enable_password_check = on
+ register_feature 
+------------------
+ 
+(1 row)
+
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'passcheck');
+ unregister_feature 
+--------------------
+ 
+(1 row)
+
+-- Show warning if required param is on and db_name is non-empty and not current db
+ALTER SYSTEM SET pgtle.enable_password_check = 'on';
+ALTER SYSTEM SET pgtle.passcheck_db_name = 'test';
+SELECT pg_reload_conf();
+ pg_reload_conf 
+----------------
+ t
+(1 row)
+
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck');
+NOTICE:  pgtle.passcheck_db_name is currently test. To trigger this passcheck function, register the function in that database.
+HINT:  Alternatively, to use the current database for passcheck, set pgtle.passcheck_db_name = contrib_regression and reload the PostgreSQL configuration.
+ register_feature 
+------------------
+ 
+(1 row)
+
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'passcheck');
+ unregister_feature 
+--------------------
+ 
+(1 row)
+
+-- Show warning if clientauth parameter is off when registering a clientauth function
+ALTER SYSTEM SET pgtle.enable_clientauth = 'off';
+SELECT pg_reload_conf();
+ pg_reload_conf 
+----------------
+ t
+(1 row)
+
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'clientauth');
+NOTICE:  pgtle.enable_clientauth is set to off. To enable clientauth, set pgtle.enable_clientauth = on
+ register_feature 
+------------------
+ 
+(1 row)
+
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'clientauth');
+ unregister_feature 
+--------------------
+ 
+(1 row)
+
+-- Show warning if required param is on and db_name is not current db
+ALTER SYSTEM SET pgtle.enable_clientauth = 'on';
+ALTER SYSTEM SET pgtle.clientauth_db_name = 'test';
+SELECT pg_reload_conf();
+ pg_reload_conf 
+----------------
+ t
+(1 row)
+
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'clientauth');
+NOTICE:  pgtle.clientauth_db_name is currently postgres. To trigger this clientauth function, register the function in that database.
+HINT:  Alternatively, to use the current database for clientauth, set pgtle.clientauth_db_name = contrib_regression and reload the PostgreSQL configuration.
+ register_feature 
+------------------
+ 
+(1 row)
+
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'clientauth');
+ unregister_feature 
+--------------------
+ 
+(1 row)
+
 -- now drop everything
+DROP FUNCTION password_check_length_greater_than_8;
 DROP SCHEMA pass CASCADE;
 NOTICE:  drop cascades to function pass.password_check_length_greater_than_8(text,text,pgtle.password_types,timestamp with time zone,boolean)
 DROP EXTENSION pg_tle;

test/expected/pg_tle_api_clusterwide.out

@@ -198,7 +198,7 @@ SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck
 ERROR:  duplicate key value violates unique constraint "feature_info_pkey"
 DETAIL:  Key (feature, schema_name, proname)=(passcheck, public, password_check_length_greater_than_8) already exists.
 CONTEXT:  SQL statement "INSERT INTO pgtle.feature_info VALUES (feature, proc_schema_name, proname, ident)"
-PL/pgSQL function pgtle.register_feature(regproc,pgtle.pg_tle_features) line 24 at SQL statement
+PL/pgSQL function pgtle.register_feature(regproc,pgtle.pg_tle_features) line 58 at SQL statement
 -- unregister hooks
 SELECT pgtle.unregister_feature('password_check_only_nums', 'passcheck');
  unregister_feature 
@@ -275,6 +275,7 @@ END;
 $$
 LANGUAGE PLPGSQL;
 SELECT pgtle.register_feature('pass.password_check_length_greater_than_8', 'passcheck');
+NOTICE:  pgtle.enable_password_check is set to off. To enable passcheck, set pgtle.enable_password_check = on
  register_feature 
 ------------------
 

test/sql/pg_tle_api.sql

@@ -230,6 +230,43 @@ SELECT EXISTS(
 );
 
 SELECT pgtle.uninstall_extension('test_unregister_feature');
+-- create this function one more time to test warning messages
+CREATE FUNCTION password_check_length_greater_than_8(username text, shadow_pass text, password_types pgtle.password_types, validuntil_time TimestampTz, validuntil_null boolean) RETURNS void AS
+    $$
+    BEGIN
+        if length(shadow_pass) < 8 THEN
+            RAISE EXCEPTION 'Passwords needs to be longer than 8';
+        END IF;
+    END;
+    $$
+LANGUAGE PLPGSQL;
+-- Show warning if passcheck parameter is off when registering a passcheck function
+ALTER SYSTEM SET pgtle.enable_password_check = 'off';
+SELECT pg_reload_conf();
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck');
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'passcheck');
+-- Show warning if required param is on and db_name is non-empty and not current db
+ALTER SYSTEM SET pgtle.enable_password_check = 'on';
+ALTER SYSTEM SET pgtle.passcheck_db_name = 'test';
+SELECT pg_reload_conf();
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'passcheck');
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'passcheck');
+-- Show warning if clientauth parameter is off when registering a clientauth function
+ALTER SYSTEM SET pgtle.enable_clientauth = 'off';
+SELECT pg_reload_conf();
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'clientauth');
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'clientauth');
+-- Show warning if required param is on and db_name is not current db
+ALTER SYSTEM SET pgtle.enable_clientauth = 'on';
+ALTER SYSTEM SET pgtle.clientauth_db_name = 'test';
+SELECT pg_reload_conf();
+\c -
+SELECT pgtle.register_feature('password_check_length_greater_than_8', 'clientauth');
+SELECT pgtle.unregister_feature('password_check_length_greater_than_8', 'clientauth');
 -- now drop everything
+DROP FUNCTION password_check_length_greater_than_8;
 DROP SCHEMA pass CASCADE;
 DROP EXTENSION pg_tle;