auth_switch.js 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. // This file was modified by Oracle on July 5, 2021.
  2. // Errors generated by asynchronous authentication plugins are now being
  3. // handled and subsequently emitted at the command level.
  4. // Modifications copyright (c) 2021, Oracle and/or its affiliates.
  5. 'use strict';
  6. const Packets = require('../packets/index.js');
  7. const sha256_password = require('../auth_plugins/sha256_password');
  8. const caching_sha2_password = require('../auth_plugins/caching_sha2_password.js');
  9. const mysql_native_password = require('../auth_plugins/mysql_native_password.js');
  10. const mysql_clear_password = require('../auth_plugins/mysql_clear_password.js');
  11. const standardAuthPlugins = {
  12. sha256_password: sha256_password({}),
  13. caching_sha2_password: caching_sha2_password({}),
  14. mysql_native_password: mysql_native_password({}),
  15. mysql_clear_password: mysql_clear_password({})
  16. };
  17. function warnLegacyAuthSwitch() {
  18. console.warn(
  19. 'WARNING! authSwitchHandler api is deprecated, please use new authPlugins api'
  20. );
  21. }
  22. function authSwitchPluginError(error, command) {
  23. // Authentication errors are fatal
  24. error.code = 'AUTH_SWITCH_PLUGIN_ERROR';
  25. error.fatal = true;
  26. command.emit('error', error);
  27. }
  28. function authSwitchRequest(packet, connection, command) {
  29. const { pluginName, pluginData } = Packets.AuthSwitchRequest.fromPacket(
  30. packet
  31. );
  32. let authPlugin =
  33. connection.config.authPlugins && connection.config.authPlugins[pluginName];
  34. // legacy plugin api don't allow to override mysql_native_password
  35. // if pluginName is mysql_native_password it's using standard auth4.1 auth
  36. if (
  37. connection.config.authSwitchHandler &&
  38. pluginName !== 'mysql_native_password'
  39. ) {
  40. const legacySwitchHandler = connection.config.authSwitchHandler;
  41. warnLegacyAuthSwitch();
  42. legacySwitchHandler({ pluginName, pluginData }, (err, data) => {
  43. if (err) {
  44. return authSwitchPluginError(err, command);
  45. }
  46. connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
  47. });
  48. return;
  49. }
  50. if (!authPlugin) {
  51. authPlugin = standardAuthPlugins[pluginName];
  52. }
  53. if (!authPlugin) {
  54. throw new Error(
  55. `Server requests authentication using unknown plugin ${pluginName}. See ${'TODO: add plugins doco here'} on how to configure or author authentication plugins.`
  56. );
  57. }
  58. connection._authPlugin = authPlugin({ connection, command });
  59. Promise.resolve(connection._authPlugin(pluginData)).then(data => {
  60. if (data) {
  61. connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
  62. }
  63. }).catch(err => {
  64. authSwitchPluginError(err, command);
  65. });
  66. }
  67. function authSwitchRequestMoreData(packet, connection, command) {
  68. const { data } = Packets.AuthSwitchRequestMoreData.fromPacket(packet);
  69. if (connection.config.authSwitchHandler) {
  70. const legacySwitchHandler = connection.config.authSwitchHandler;
  71. warnLegacyAuthSwitch();
  72. legacySwitchHandler({ pluginData: data }, (err, data) => {
  73. if (err) {
  74. return authSwitchPluginError(err, command);
  75. }
  76. connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
  77. });
  78. return;
  79. }
  80. if (!connection._authPlugin) {
  81. throw new Error(
  82. 'AuthPluginMoreData received but no auth plugin instance found'
  83. );
  84. }
  85. Promise.resolve(connection._authPlugin(data)).then(data => {
  86. if (data) {
  87. connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
  88. }
  89. }).catch(err => {
  90. authSwitchPluginError(err, command);
  91. });
  92. }
  93. module.exports = {
  94. authSwitchRequest,
  95. authSwitchRequestMoreData
  96. };