Intermittent “password authentication failed” errors — likely connection-pool reuse bug in v0.15.4

[hannes-sistemica]

Description

We are experiencing intermittent authentication failures when using node-red-contrib-postgresql v0.15.4 in a Docker Swarm / development stack with PostgreSQL. The same credentials succeed/fail seemingly at random, and the failures do not appear in PostgreSQL server logs. After investigation we strongly suspect the issue is related to connection-pool reuse and credential handling in this module.

---

Environment / Versions

• Node-RED: v4.1.1 (official Docker image)
• Node.js: v20.19.5
• node-red-contrib-postgresql: v0.15.4 (published Sept 27, 2025)
• PostgreSQL Server: “18-alpine” image (single instance)
• Credentials: user = scoutpeak, password = (44-char Base64 string ending in =)

---

Symptoms

• Connections succeed multiple times in a row, then suddenly fail with error:

  password authentication failed for user “scoutpeak”, code: 28P01

• Example timestamp log:
  • 15:05:20 → SUCCESS
  • 15:05:29 → SUCCESS
  • 15:05:31 → FAIL
  • 15:05:33 → SUCCESS
• PostgreSQL server logs show no authentication attempt for scoutpeak during the failure period — only unrelated users (infisical, postgres) show entries.
• A separate test application (using the same credentials via plain pg.Pool) works reliably (100/100 success in load testing).
• We suspect client-side failure: the module reports credential error before the server sees the connection attempt.

---

Investigation Findings

• Secret mapping appears correct: environment vars for postgres_host, postgres_db, postgres_user, postgres_password exported and logged by Node-RED startup.
• The password contains special character = at end (Base64 padding).
• The node-red-contrib-postgresql package uses pg (node-postgres) under the hood, and there are upstream issues in node-postgres around intermittent auth failures and pool reuse.
• Hypothesis: When connection pool reuses a client, internal password/credential state may be corrupted or skipped, causing immediate client-side failure without contacting the server.
• Because the server never receives the attempt, no log entry appears.

---

Root Cause (suspected)

The issue appears to be a bug in v0.15.4 of node-red-contrib-postgresql related to connection-pool reuse and credential handling. Specifically:

• initial connections succeed,
• reused connections occasionally fail with “password authentication failed” client-side before reaching the server,
• failure is non-deterministic, correlated with special characters/padding in credentials and pooling reuse.

---

Why PostgreSQL logs nothing

Because the client’s credential validation fails before the network handshake / authentication phase reaches the server, the server never sees the attempt — hence no entry in the logs.

---

Workarounds / Mitigations

• Retry logic at application level (since many requests succeed) as a temporary mitigation.
• Use an alternative Node-RED node library for PostgreSQL (e.g., node-red-contrib-re-postgres, node-red-contrib-postgres) until fixed.
• As a temporary workaround: regenerate password to remove or avoid trailing = or other special characters to test whether that improves stability.

---

Request / Recommendation

• Please review the connection-pooling logic in v0.15.4 – particularly around reuse of pg.Client instances and credential re-validation.
• Would appreciate a patch or guidance on whether we can disable pooling or force fresh connection per query via configuration.
• If accepted, please tag a new release (e.g., v0.15.5) with the fix.

---

Thank you for maintaining this node. Happy to collaborate further if additional debug data is needed.

[Alkarex]

Hello,
PR welcome if you can narrow down the issue