Add a query to verify a user's password (fixes #6837) #6890
Conversation
|
|
||
| // RequiredPrivileges returns the privilege(s) required to execute a ShowUserStatement | ||
| func (s *ShowUserStatement) RequiredPrivileges() (ExecutionPrivileges, error) { | ||
| return ExecutionPrivileges{{Admin: false, Name: "", Privilege: ReadPrivilege}}, nil |
There was a problem hiding this comment.
Highlighting this for other members of the team to think about—should SHOW USERS be an admin-only feature?
There was a problem hiding this comment.
SHOW USERS should probably be an admin-only feature. At best, SHOW USERS might be able to show yourself and you alone, but we don't currently have a way to do that.
I guess it's possible to try and make public and private users, but I'm not sure that's worth it.
There was a problem hiding this comment.
This still needs to be restricted to admin-only.
|
LGTM 👍 @smunier01 other people on the team will need to review this and agree that we should accept the feature. Thanks for the effort here! |
|
I personally haven't figured out if I like this syntax or not, but I also haven't thought of an appropriate alternative syntax. So in the absence of an alternative syntax, I do have one comment about the proposed syntax.
For Can you also add a test case to |
|
I also couldn't find anything I liked for the name of the third column. I settled on |
| @@ -400,6 +400,37 @@ func (c *Client) User(name string) (*UserInfo, error) { | |||
| return nil, ErrUserNotFound | |||
| } | |||
|
|
|||
| // UserWithPassword returns a user if the given password is correct. | |||
| func (c *Client) UserWithPassword(username, password string) (*UserInfo, error) { | |||
There was a problem hiding this comment.
It looks like there is a function called Authenticate which does the same thing as this. Will that work instead of adding a new function?
There was a problem hiding this comment.
At the time I was not sure if the new query should update the auth cache or not (like Authenticate does), but I don't see any reason why not now.
edit: Actually Authenticate doesn't return the user when the password is false. So unless you want to change the unit tests on Authenticate, I have to use a function that does (I put the code of Authenticate inside UserWithPassword and made it call it so that there is no code duplication).
There was a problem hiding this comment.
I don't really want to add another method if possible, so I think it would be better to just call User and then try to call Authenticate with the username and check the result. That way we can avoid a second function that needs to be maintained. You can also do something like this:
u, err := e.MetaClient.Authenticate(user, password)
if err == ErrUserNotFound {
return err
} else if u == nil {
u, err = e.MetaClient.User(user)
if err != nil {
return err
}
}
// do stuff with the user
smunier01
force-pushed
the
add-show-user-with-password
branch
from
8ebb231
to
fa860f3
Compare
…f a specific user
|
I have several concerns about this feature:
I believe this functionality already exists via the |
|
I think you're right that we can just use @smunier01 how would using |
|
For my use case it would indeed be enough, but I can't speak for the person who did the initial feature request. Although, if it was my software, I would dislike having functionalities covered by semantically incorrect ways ( |
|
I'm going to close this then. @rkuchan can you verify that this usage of |
Required for all non-trivial PRs
Required only if applicable
As mentioned in #6837, I had already implemented something similar for my personal use, so if it can help, here is the pull request with my solution to the problem.
If you don't like the syntax, or think there is a better way to do this feature, feel free to tell me about it, I would happily try to do something better.
Syntax proposed
SHOW USER "user" WITH PASSWORD 'pwd'will return the user if the password is correct.SHOW USER "user"will return the user. (might not be very useful, but I think it makes sense to have it