From 57d19a2d07fee7c4fe480ebc9a3f4e0ee0d1a366 Mon Sep 17 00:00:00 2001
From: Matthew Turner <matthew.turner@lendi.com.au>
Date: Mon, 23 Sep 2019 14:01:56 +1000
Subject: [PATCH 1/2] Do not sanitize the password used for SCRAM auth

---
 src/broker/saslAuthenticator/scram.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/broker/saslAuthenticator/scram.js b/src/broker/saslAuthenticator/scram.js
index d2ec4c22d..222d8384d 100644
--- a/src/broker/saslAuthenticator/scram.js
+++ b/src/broker/saslAuthenticator/scram.js
@@ -296,7 +296,7 @@ class SCRAM {
    */
   encodedPassword() {
     const { password } = this.connection.sasl
-    return SCRAM.sanitizeString(password).toString('utf-8')
+    return password.toString('utf-8')
   }
 
   /**

From d610ed271dd187128afd113e5b12ffc482b0ee6b Mon Sep 17 00:00:00 2001
From: Tommy Brunn <tommy.brunn@gmail.com>
Date: Mon, 23 Sep 2019 09:03:41 +0200
Subject: [PATCH 2/2] Reproduce #506

Include a character in the password that would be incorrectly sanitized
if the santization algorithm was applied.
---
 scripts/createScramCredentials.sh | 4 ++--
 testHelpers/index.js              | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/createScramCredentials.sh b/scripts/createScramCredentials.sh
index 3f85ad773..7b7b4043a 100755
--- a/scripts/createScramCredentials.sh
+++ b/scripts/createScramCredentials.sh
@@ -10,8 +10,8 @@ find_container_id() {
 }
 
 USERNAME=${USERNAME:='testscram'}
-PASSWORD_256=${PASSWORD_256:='testtestscram256'}
-PASSWORD_512=${PASSWORD_512:='testtestscram512'}
+PASSWORD_256=${PASSWORD_256:='testtestscram=256'}
+PASSWORD_512=${PASSWORD_512:='testtestscram=512'}
 
 docker exec \
   $(find_container_id) \
diff --git a/testHelpers/index.js b/testHelpers/index.js
index d0894eeab..875a732d6 100644
--- a/testHelpers/index.js
+++ b/testHelpers/index.js
@@ -65,7 +65,7 @@ const saslSCRAM256ConnectionOpts = () =>
     sasl: {
       mechanism: 'scram-sha-256',
       username: 'testscram',
-      password: 'testtestscram256',
+      password: 'testtestscram=256',
     },
   })
 
@@ -75,7 +75,7 @@ const saslSCRAM512ConnectionOpts = () =>
     sasl: {
       mechanism: 'scram-sha-512',
       username: 'testscram',
-      password: 'testtestscram512',
+      password: 'testtestscram=512',
     },
   })