-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a query to verify a user's password (fixes #6837) #6890
Conversation
|
||
// RequiredPrivileges returns the privilege(s) required to execute a ShowUserStatement | ||
func (s *ShowUserStatement) RequiredPrivileges() (ExecutionPrivileges, error) { | ||
return ExecutionPrivileges{{Admin: false, Name: "", Privilege: ReadPrivilege}}, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Highlighting this for other members of the team to think about—should SHOW USERS
be an admin-only feature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SHOW USERS
should probably be an admin-only feature. At best, SHOW USERS
might be able to show yourself and you alone, but we don't currently have a way to do that.
I guess it's possible to try and make public and private users, but I'm not sure that's worth it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still needs to be restricted to admin-only.
LGTM 👍 @smunier01 other people on the team will need to review this and agree that we should accept the feature. Thanks for the effort here! |
I personally haven't figured out if I like this syntax or not, but I also haven't thought of an appropriate alternative syntax. So in the absence of an alternative syntax, I do have one comment about the proposed syntax.
For Can you also add a test case to |
I also couldn't find anything I liked for the name of the third column. I settled on |
@@ -400,6 +400,37 @@ func (c *Client) User(name string) (*UserInfo, error) { | |||
return nil, ErrUserNotFound | |||
} | |||
|
|||
// UserWithPassword returns a user if the given password is correct. | |||
func (c *Client) UserWithPassword(username, password string) (*UserInfo, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like there is a function called Authenticate
which does the same thing as this. Will that work instead of adding a new function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the time I was not sure if the new query should update the auth cache or not (like Authenticate does), but I don't see any reason why not now.
edit: Actually Authenticate
doesn't return the user when the password is false. So unless you want to change the unit tests on Authenticate
, I have to use a function that does (I put the code of Authenticate
inside UserWithPassword
and made it call it so that there is no code duplication).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really want to add another method if possible, so I think it would be better to just call User
and then try to call Authenticate
with the username and check the result. That way we can avoid a second function that needs to be maintained. You can also do something like this:
u, err := e.MetaClient.Authenticate(user, password)
if err == ErrUserNotFound {
return err
} else if u == nil {
u, err = e.MetaClient.User(user)
if err != nil {
return err
}
}
// do stuff with the user
8ebb231
to
fa860f3
Compare
…f a specific user
I have several concerns about this feature:
I believe this functionality already exists via the |
I think you're right that we can just use @smunier01 how would using |
For my use case it would indeed be enough, but I can't speak for the person who did the initial feature request. Although, if it was my software, I would dislike having functionalities covered by semantically incorrect ways ( |
I'm going to close this then. @rkuchan can you verify that this usage of |
Required for all non-trivial PRs
Required only if applicable
As mentioned in #6837, I had already implemented something similar for my personal use, so if it can help, here is the pull request with my solution to the problem.
If you don't like the syntax, or think there is a better way to do this feature, feel free to tell me about it, I would happily try to do something better.
Syntax proposed
SHOW USER "user" WITH PASSWORD 'pwd'
will return the user if the password is correct.SHOW USER "user"
will return the user. (might not be very useful, but I think it makes sense to have it