Merge pull request #8488 from rabbitmq/stream-fix-sasl-external

Fix SASL external authentication in stream plugin
rabbitmq · Jun 6, 2023 · 3c7f84f · 3c7f84f
2 parents 7f06a08 + 6c14d73
commit 3c7f84f
Showing 1 changed file with 6 additions and 15 deletions.
diff --git a/deps/rabbitmq_stream/src/rabbit_stream_reader.erl b/deps/rabbitmq_stream/src/rabbit_stream_reader.erl
@@ -64,6 +64,7 @@
          %% client port
          peer_port,
          auth_mechanism,
+         authentication_state :: any(),
          connected_at :: integer(),
          helper_sup :: pid(),
          socket :: rabbit_net:socket(),
@@ -75,7 +76,6 @@
          stream_leaders :: #{stream() => pid()},
          stream_subscriptions :: #{stream() => [subscription_id()]},
          credits :: atomics:atomics_ref(),
-         authentication_state :: atom(),
          user :: undefined | #user{},
          virtual_host :: undefined | binary(),
          connection_step ::
@@ -1365,8 +1365,6 @@ handle_frame_pre_auth(Transport,
                                    ServerProperties}}),
     send(Transport, S, Frame),
     {Connection#stream_connection{client_properties = ClientProperties,
-                                  authentication_state =
-                                      peer_properties_exchanged,
                                   connection_step = peer_properties_exchanged},
      State};
 handle_frame_pre_auth(Transport,
@@ -1428,13 +1426,8 @@ handle_frame_pre_auth(Transport,
                             {C1#stream_connection{connection_step = failure},
                              {sasl_authenticate, ?RESPONSE_SASL_ERROR, <<>>}};
                         {challenge, Challenge, AuthState1} ->
-                            rabbit_core_metrics:auth_attempt_succeeded(Host,
-                                                                       <<>>,
-                                                                       stream),
-                            {C1#stream_connection{authentication_state =
-                                                      AuthState1,
-                                                  connection_step =
-                                                      authenticating},
+                            {C1#stream_connection{authentication_state = AuthState1,
+                                                  connection_step = authenticating},
                              {sasl_authenticate, ?RESPONSE_SASL_CHALLENGE,
                               Challenge}};
                         {ok, User = #user{username = Username}} ->
@@ -1451,11 +1444,9 @@ handle_frame_pre_auth(Transport,
                                                        [],
                                                        C1,
                                                        State),
-                                    {C1#stream_connection{authentication_state =
-                                                              done,
-                                                          user = User,
-                                                          connection_step =
-                                                              authenticated},
+                                    {C1#stream_connection{user = User,
+                                                          authentication_state = done,
+                                                          connection_step = authenticated},
                                      {sasl_authenticate, ?RESPONSE_CODE_OK,
                                       <<>>}};
                                 not_allowed ->