[5.0.1] Microsoft.Data.Sqlite: Don't force decryption when password unset

[bricelam]

Fixes #23250

Description

In Microsoft.Data.Sqlite 5.0 we updated the connection to throw when the database is encrypted, but not key (aka password) was provided in the connection string.

While this improved the experience for users who forgot to supply a key, it broke others who were supplying the key immediately after opening the connection.

The fix in this PR reverts to the 3.1 behavior.

Customer Impact

Without this fix, anyone supplying a key after opening the connection would need to update their app to supply it in the connection string instead.

// Change this...
connection.Open();
connection.Execute("PRAGMA key = 'password'");

// ...to this
connection.ConnectionString = "" + new SqliteConnectionStringBuilder(connection.ConnectionString)
{
    Password = "password"
};
connection.Open();

How found

Customer reported

Test coverage

We had tests asserting the behavior introduced in 5.0. They have been updated to reflect the new behavior.

Regression?

Yes

Risk

Very low. This is the same behavior we had in 3.1

[ajcvickers]

@bricelam Agree we should patch. Can you complete the template?

[bricelam]

Updated. Included an example using Dapper because ain't nobody wanna write ADO.NET. 😉

[ajcvickers]

Approved by Tactics for 5.0.1.

[ghost]

Hello @bricelam!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

[ghost]

Apologies, while this PR appears ready to be merged, I've been configured to only merge when all checks have explicitly passed. The following integrations have not reported any progress on their checks and are blocking auto-merge:

1. Azure Pipelines

These integrations are possibly never going to report a check, and unblocking auto-merge likely requires a human being to update my configuration to exempt these integrations from requiring a passing check.

Give feedback on this

From the bot dev team

We've tried to tune the bot such that it posts a comment like this only when auto-merge is blocked for exceptional, non-intuitive reasons. When the bot's auto-merge capability is properly configured, auto-merge should operate as you would intuitively expect and you should not see any spurious comments.

Please reach out to us at [email protected] to provide feedback if you believe you're seeing this comment appear spuriously. Please note that we usually are unable to update your bot configuration on your team's behalf, but we're happy to help you identify your bot admin.

[ghost]

Apologies, while this PR appears ready to be merged, it looks like release/5.0 is a protected branch and I have not been granted permission to perform the merge.