@@ -95,12 +95,13 @@ type ServerAuthenticationTest struct {
9595
9696// ServerAuthenticationTestAssertion is within a ServerAuthenticationTest to assert functionality.
9797type ServerAuthenticationTestAssertion struct {
98- Username string
99- Password string
100- Query string
101- ExpectedErr bool
102- ExpectedErrKind * errors.Kind
103- ExpectedErrStr string
98+ Username string
99+ Password string
100+ Query string
101+ ExpectedErr bool
102+ ExpectedErrKind * errors.Kind
103+ ExpectedErrStr string
104+ ExpectedAuthPlugin string
104105}
105106
106107// UserPrivTests test the user and privilege systems. These tests always have the root account available, and the root
@@ -740,7 +741,37 @@ var UserPrivTests = []UserPrivilegeTest{
740741 },
741742 },
742743 },
743-
744+ {
745+ Name : "Migrate a user from mysql_native_password to caching_sha2_password" ,
746+ SetUpScript : []string {
747+ "CREATE USER testuser1@`127.0.0.1` identified with mysql_native_password by 'pass1';" ,
748+ },
749+ Assertions : []UserPrivilegeTestAssertion {
750+ {
751+ Query : "select user, host, plugin, authentication_string from mysql.user where user='testuser1';" ,
752+ Expected : []sql.Row {{"testuser1" , "127.0.0.1" , "mysql_native_password" , "*22A99BA288DB55E8E230679259740873101CD636" }},
753+ },
754+ {
755+ Query : "ALTER USER testuser1@`127.0.0.1` IDENTIFIED WITH caching_sha2_password BY 'pass1';" ,
756+ Expected : []sql.Row {{types .NewOkResult (0 )}},
757+ },
758+ {
759+ // caching_sha2_password auth uses a random salt to create the authentication
760+ // string. Since it's not a consistent value during each test run, we just sanity
761+ // check the first bytes of metadata (digest type, iterations) in the auth string.
762+ Query : "select user, host, plugin, authentication_string like '$A$005$%' from mysql.user where user='testuser1';" ,
763+ Expected : []sql.Row {{"testuser1" , "127.0.0.1" , "caching_sha2_password" , true }},
764+ },
765+ {
766+ Query : "ALTER USER testuser1@`127.0.0.1` IDENTIFIED WITH caching_sha2_password;" ,
767+ Expected : []sql.Row {{types .NewOkResult (0 )}},
768+ },
769+ {
770+ Query : "select user, host, plugin, authentication_string from mysql.user where user='testuser1';" ,
771+ Expected : []sql.Row {{"testuser1" , "127.0.0.1" , "caching_sha2_password" , "" }},
772+ },
773+ },
774+ },
744775 {
745776 Name : "Dynamic privilege support" ,
746777 SetUpScript : []string {
@@ -2604,10 +2635,10 @@ var ServerAuthTests = []ServerAuthenticationTest{
26042635 },
26052636 Assertions : []ServerAuthenticationTestAssertion {
26062637 {
2607- Username : "rand_user" ,
2608- Password : "rand_pass" ,
2609- Query : "SELECT * FROM mysql.user;" ,
2610- ExpectedErr : false ,
2638+ Username : "rand_user" ,
2639+ Password : "rand_pass" ,
2640+ Query : "SELECT * FROM mysql.user;" ,
2641+ ExpectedAuthPlugin : "mysql_native_password" ,
26112642 },
26122643 {
26132644 Username : "rand_user" ,
@@ -2630,17 +2661,17 @@ var ServerAuthTests = []ServerAuthenticationTest{
26302661 },
26312662 },
26322663 {
2633- Name : "Create User with plugin specification " ,
2664+ Name : "Create User explicitly with mysql_native_password plugin " ,
26342665 SetUpScript : []string {
26352666 "CREATE USER ranuse@localhost IDENTIFIED WITH mysql_native_password BY 'ranpas';" ,
26362667 "GRANT ALL ON *.* TO ranuse@localhost WITH GRANT OPTION;" ,
26372668 },
26382669 Assertions : []ServerAuthenticationTestAssertion {
26392670 {
2640- Username : "ranuse" ,
2641- Password : "ranpas" ,
2642- Query : "SELECT * FROM mysql.user;" ,
2643- ExpectedErr : false ,
2671+ Username : "ranuse" ,
2672+ Password : "ranpas" ,
2673+ Query : "SELECT * FROM mysql.user;" ,
2674+ ExpectedAuthPlugin : "mysql_native_password" ,
26442675 },
26452676 {
26462677 Username : "ranuse" ,
@@ -2656,6 +2687,103 @@ var ServerAuthTests = []ServerAuthenticationTest{
26562687 },
26572688 },
26582689 },
2690+ {
2691+ Name : "Create User explicitly with caching_sha2_password plugin" ,
2692+ SetUpScript : []string {
2693+ // testuser1 is created with a password
2694+ "CREATE USER testuser1@localhost IDENTIFIED WITH caching_sha2_password BY 'mypassword3';" ,
2695+ "GRANT ALL ON *.* TO testuser1@localhost WITH GRANT OPTION;" ,
2696+ // testuser2 is created without a password
2697+ "CREATE USER testuser2@localhost IDENTIFIED WITH caching_sha2_password;" ,
2698+ "GRANT ALL ON *.* TO testuser2@localhost WITH GRANT OPTION;" ,
2699+ },
2700+ Assertions : []ServerAuthenticationTestAssertion {
2701+ {
2702+ Username : "testuser1" ,
2703+ Password : "mypassword3" ,
2704+ Query : "SELECT * FROM mysql.user;" ,
2705+ ExpectedAuthPlugin : "caching_sha2_password" ,
2706+ },
2707+ {
2708+ Username : "testuser1" ,
2709+ Password : "what" ,
2710+ Query : "SELECT * FROM mysql.user;" ,
2711+ ExpectedErr : true ,
2712+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'testuser1'" ,
2713+ },
2714+ {
2715+ Username : "testuser1" ,
2716+ Password : "" ,
2717+ Query : "SELECT * FROM mysql.user;" ,
2718+ ExpectedErr : true ,
2719+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'testuser1'" ,
2720+ },
2721+ {
2722+ Username : "testuser2" ,
2723+ Password : "wrong" ,
2724+ Query : "SELECT * FROM mysql.user;" ,
2725+ ExpectedErr : true ,
2726+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'testuser2'" ,
2727+ },
2728+ {
2729+ Username : "testuser2" ,
2730+ Password : "" ,
2731+ Query : "SELECT * FROM mysql.user;" ,
2732+ ExpectedErr : false ,
2733+ ExpectedAuthPlugin : "caching_sha2_password" ,
2734+ },
2735+ },
2736+ },
2737+ {
2738+ Name : "Migrate user from mysql_native_password to caching_sha2_password" ,
2739+ SetUpScript : []string {
2740+ // testuser1 is created with a password
2741+ "CREATE USER testuser1@localhost IDENTIFIED WITH mysql_native_password BY 'mypassword3';" ,
2742+ "GRANT ALL ON *.* TO testuser1@localhost WITH GRANT OPTION;" ,
2743+ },
2744+ Assertions : []ServerAuthenticationTestAssertion {
2745+ {
2746+ Username : "testuser1" ,
2747+ Password : "mypassword3" ,
2748+ Query : "SELECT * FROM mysql.user;" ,
2749+ ExpectedAuthPlugin : "mysql_native_password" ,
2750+ },
2751+ {
2752+ Username : "root" ,
2753+ Query : "ALTER USER testuser1@localhost IDENTIFIED WITH caching_sha2_password BY 'pass1';" ,
2754+ },
2755+ {
2756+ Username : "testuser1" ,
2757+ Password : "pass1" ,
2758+ Query : "SELECT * FROM mysql.user;" ,
2759+ ExpectedAuthPlugin : "caching_sha2_password" ,
2760+ },
2761+ {
2762+ Username : "testuser1" ,
2763+ Password : "wrong" ,
2764+ Query : "SELECT * FROM mysql.user;" ,
2765+ ExpectedErr : true ,
2766+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'testuser1'" ,
2767+ },
2768+ {
2769+ Username : "root" ,
2770+ Query : "ALTER USER testuser1@localhost IDENTIFIED WITH caching_sha2_password;" ,
2771+ },
2772+ {
2773+ Username : "testuser1" ,
2774+ Password : "" ,
2775+ Query : "SELECT * FROM mysql.user;" ,
2776+ ExpectedAuthPlugin : "caching_sha2_password" ,
2777+ },
2778+ {
2779+ Username : "testuser1" ,
2780+ Password : "wrong" ,
2781+ Query : "SELECT * FROM mysql.user;" ,
2782+ ExpectedErr : true ,
2783+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'testuser1'" ,
2784+ },
2785+ },
2786+ },
26592787 {
26602788 Name : "Create User with jwt plugin specification" ,
26612789 SetUpScript : []string {
@@ -2668,22 +2796,25 @@ var ServerAuthTests = []ServerAuthenticationTest{
26682796 },
26692797 Assertions : []ServerAuthenticationTestAssertion {
26702798 {
2671- Username : "test-user" ,
2672- Password : "what" ,
2673- Query : "SELECT * FROM mysql.user;" ,
2674- ExpectedErr : true ,
2799+ Username : "test-user" ,
2800+ Password : "what" ,
2801+ Query : "SELECT * FROM mysql.user;" ,
2802+ ExpectedErr : true ,
2803+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'test-user'" ,
26752804 },
26762805 {
2677- Username : "test-user" ,
2678- Password : "" ,
2679- Query : "SELECT * FROM mysql.user;" ,
2680- ExpectedErr : true ,
2806+ Username : "test-user" ,
2807+ Password : "" ,
2808+ Query : "SELECT * FROM mysql.user;" ,
2809+ ExpectedErr : true ,
2810+ ExpectedErrStr : "Error 1045 (28000): Access denied for user 'test-user'" ,
26812811 },
26822812 {
2683- Username : "test-user" ,
2684- Password : "right-password" ,
2685- Query : "SELECT * FROM mysql.user;" ,
2686- ExpectedErr : false ,
2813+
2814+ Username : "test-user" ,
2815+ Password : "right-password" ,
2816+ Query : "SELECT * FROM mysql.user;" ,
2817+ ExpectedAuthPlugin : "authentication_dolt_jwt" ,
26872818 },
26882819 },
26892820 },
0 commit comments