From 8d9d5843b55f47d24031165f99b07d41715b93e9 Mon Sep 17 00:00:00 2001 From: Thomas Munro Date: Wed, 19 Mar 2025 16:16:15 +1300 Subject: [PATCH] oauth: Use IPv4-only issuer in oauth_validator tests The test authorization server implemented in oauth_server.py does not listen on IPv6. Most of the time, libcurl happily falls back to IPv4 after failing its initial connection, but on NetBSD, something is consistently showing up on the unreserved IPv6 port and causing a test failure. Rather than deal with dual-stack details across all test platforms, change the issuer to enforce the use of IPv4 only. (This elicits more punishing timeout behavior from libcurl, so it's a useful change from the testing perspective as well.) Author: Jacob Champion Reported-by: Thomas Munro Discussion: https://postgr.es/m/CAOYmi%2Bn4EDOOUL27_OqYT2-F2rS6S%2B3mK-ppWb2Ec92UEoUbYA%40mail.gmail.com --- src/test/modules/oauth_validator/t/001_server.pl | 2 +- src/test/modules/oauth_validator/t/OAuth/Server.pm | 4 ++-- src/test/modules/oauth_validator/t/oauth_server.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/modules/oauth_validator/t/001_server.pl b/src/test/modules/oauth_validator/t/001_server.pl index 6fa59fbeb25..30295364ebd 100644 --- a/src/test/modules/oauth_validator/t/001_server.pl +++ b/src/test/modules/oauth_validator/t/001_server.pl @@ -68,7 +68,7 @@ END } my $port = $webserver->port(); -my $issuer = "http://localhost:$port"; +my $issuer = "http://127.0.0.1:$port"; unlink($node->data_dir . '/pg_hba.conf'); $node->append_conf( diff --git a/src/test/modules/oauth_validator/t/OAuth/Server.pm b/src/test/modules/oauth_validator/t/OAuth/Server.pm index 655b2870b0b..52ae7afa991 100644 --- a/src/test/modules/oauth_validator/t/OAuth/Server.pm +++ b/src/test/modules/oauth_validator/t/OAuth/Server.pm @@ -15,7 +15,7 @@ OAuth::Server - runs a mock OAuth authorization server for testing $server->run; my $port = $server->port; - my $issuer = "http://localhost:$port"; + my $issuer = "http://127.0.0.1:$port"; # test against $issuer... @@ -28,7 +28,7 @@ daemon implemented in t/oauth_server.py. (Python has a fairly usable HTTP server in its standard library, so the implementation was ported from Perl.) This authorization server does not use TLS (it implements a nonstandard, unsafe -issuer at "http://localhost:"), so libpq in particular will need to set +issuer at "http://127.0.0.1:"), so libpq in particular will need to set PGOAUTHDEBUG=UNSAFE to be able to talk to it. =cut diff --git a/src/test/modules/oauth_validator/t/oauth_server.py b/src/test/modules/oauth_validator/t/oauth_server.py index 4faf3323d38..5bc30be87fd 100755 --- a/src/test/modules/oauth_validator/t/oauth_server.py +++ b/src/test/modules/oauth_validator/t/oauth_server.py @@ -251,7 +251,7 @@ class OAuthHandler(http.server.BaseHTTPRequestHandler): def config(self) -> JsonObject: port = self.server.socket.getsockname()[1] - issuer = f"http://localhost:{port}" + issuer = f"http://127.0.0.1:{port}" if self._alt_issuer: issuer += "/alternate" elif self._parameterized: -- 2.39.5