From ed6680897e5087fac2b1b8bd78d83ce8f5ce10ac Mon Sep 17 00:00:00 2001
From: Gurjeet Singh <gurjeet@singh.im>
Date: Tue, 10 Oct 2023 02:07:57 -0700
Subject: [PATCH v5 9/9] Added TAP tests to prove that a role can use two
 passwords to login

---
 src/test/authentication/t/001_password.pl | 52 +++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl
index 87e180af3d..25ebcc91e1 100644
--- a/src/test/authentication/t/001_password.pl
+++ b/src/test/authentication/t/001_password.pl
@@ -694,4 +694,56 @@ test_conn(
 		qr/connection authenticated: identity="regress_not_member" method=scram-sha-256/
 	]);
 
+# Create roles, and assign two passwords for password rollover tests
+reset_pg_hba($node, 'all', 'all', 'trust');
+$node->safe_psql(
+	'postgres',
+	qq{set password_encryption = 'scram-sha-256';
+CREATE ROLE regress_password_rollover_scram LOGIN PASSWORD 'scram';
+ALTER ROLE regress_password_rollover_scram ADD SECOND PASSWORD 'scram2';
+set password_encryption = 'md5';
+CREATE ROLE regress_password_rollover_md5 LOGIN PASSWORD 'md5';
+ALTER ROLE regress_password_rollover_md5 ADD SECOND PASSWORD 'md5_2';
+});
+
+reset_pg_hba($node, 'all', 'all', 'scram-sha-256');
+$ENV{"PGPASSWORD"} = 'scram';
+test_conn(
+	$node,
+	'user=regress_password_rollover_scram',
+	'scram-sha-256',
+	0,
+	log_like => [
+		qr/connection authenticated: identity="regress_password_rollover_scram" method=scram-sha-256/
+	]);
+$ENV{"PGPASSWORD"} = 'scram2';
+test_conn(
+	$node,
+	'user=regress_password_rollover_scram',
+	'scram-sha-256',
+	0,
+	log_like => [
+		qr/connection authenticated: identity="regress_password_rollover_scram" method=scram-sha-256/
+	]);
+
+reset_pg_hba($node, 'all', 'all', 'md5');
+$ENV{"PGPASSWORD"} = 'md5';
+test_conn(
+	$node,
+	'user=regress_password_rollover_md5',
+	'md5',
+	0,
+	log_like => [
+		qr/connection authenticated: identity="regress_password_rollover_md5" method=md5/
+	]);
+$ENV{"PGPASSWORD"} = 'md5_2';
+test_conn(
+	$node,
+	'user=regress_password_rollover_md5',
+	'md5',
+	0,
+	log_like => [
+		qr/connection authenticated: identity="regress_password_rollover_md5" method=md5/
+	]);
+
 done_testing();
-- 
2.25.1