Add comprehensive wildcard matching tests to TestGetUserWithWildcardAuthentication

elianddb · claude · elianddb · commit 0e747f1e6047 · 2025-08-04T19:50:37.000Z
Enhanced the integration test with 17 additional test cases covering: - IP wildcard patterns (127.0.0.%, 192.168.1.%) - Hostname wildcard patterns (%.example.com) - Global wildcard pattern (%) - Customer scenario reproduction - Both positive and negative test cases Tests verify that wildcard user authentication works correctly for various patterns that were previously failing with "No authentication methods available". 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/sql/mysql_db/mysql_db.go b/sql/mysql_db/mysql_db.go
@@ -592,10 +592,9 @@ func (db *MySQLDb) AddLockedSuperUser(ed *Editor, username string, host string,
 	}
 }
 
-// matchesHostPattern checks if a host matches a MySQL host pattern.
-// This function handles wildcard patterns like '127.0.0.%' which should match '127.0.0.1', '127.0.0.255', etc.
+// matchesHostPattern checks if a host matches a host pattern with wildcards.
 func matchesHostPattern(host, pattern string) bool {
-	// If pattern doesn't contain %, it's not a wildcard pattern
+	// No wildcard, not a pattern
 	if !strings.Contains(pattern, "%") {
 		return false
 	}
diff --git a/sql/mysql_db/mysql_db_test.go b/sql/mysql_db/mysql_db_test.go
@@ -138,11 +138,15 @@ func TestGetUserWithWildcardAuthentication(t *testing.T) {
 	db := CreateEmptyMySQLDb()
 	p := &capturingPersistence{}
 	db.SetPersister(p)
-
+	
 	// Add test users with various host patterns
 	ed := db.Editor()
 	db.AddSuperUser(ed, "testuser", "127.0.0.1", "password")
 	db.AddSuperUser(ed, "localhost_user", "localhost", "password")
+	db.AddSuperUser(ed, "wildcard_user", "127.0.0.%", "password")
+	db.AddSuperUser(ed, "subnet_user", "192.168.1.%", "password")
+	db.AddSuperUser(ed, "hostname_user", "%.example.com", "password")
+	db.AddSuperUser(ed, "any_user", "%", "password")
 	db.Persist(ctx, ed)
 	ed.Close()
 
@@ -156,11 +160,38 @@ func TestGetUserWithWildcardAuthentication(t *testing.T) {
 		expectedUser string
 		shouldFind   bool
 	}{
-		// Test specific IP matching (existing functionality)
+		// Specific IP tests
 		{"Specific IP - exact match", "testuser", "127.0.0.1", "testuser", true},
 		{"Localhost user - normalized", "localhost_user", "127.0.0.1", "localhost_user", true},
 		{"Localhost user - ::1", "localhost_user", "::1", "localhost_user", true},
 		{"Non-existent user", "nonexistent", "127.0.0.1", "", false},
+
+		// IP wildcard tests
+		{"Wildcard IP - 127.0.0.% matches 127.0.0.1", "wildcard_user", "127.0.0.1", "wildcard_user", true},
+		{"Wildcard IP - 127.0.0.% matches 127.0.0.100", "wildcard_user", "127.0.0.100", "wildcard_user", true},
+		{"Wildcard IP - 127.0.0.% matches 127.0.0.255", "wildcard_user", "127.0.0.255", "wildcard_user", true},
+		{"Wildcard IP - 127.0.0.% does not match 127.0.1.1", "wildcard_user", "127.0.1.1", "", false},
+		{"Wildcard IP - 127.0.0.% does not match 192.168.1.1", "wildcard_user", "192.168.1.1", "", false},
+
+		// Subnet wildcard tests
+		{"Subnet wildcard - 192.168.1.% matches 192.168.1.1", "subnet_user", "192.168.1.1", "subnet_user", true},
+		{"Subnet wildcard - 192.168.1.% matches 192.168.1.100", "subnet_user", "192.168.1.100", "subnet_user", true},
+		{"Subnet wildcard - 192.168.1.% does not match 192.168.2.1", "subnet_user", "192.168.2.1", "", false},
+		{"Subnet wildcard - 192.168.1.% does not match 10.0.0.1", "subnet_user", "10.0.0.1", "", false},
+
+		// Hostname wildcard tests
+		{"Hostname wildcard - %.example.com matches host.example.com", "hostname_user", "host.example.com", "hostname_user", true},
+		{"Hostname wildcard - %.example.com matches www.example.com", "hostname_user", "www.example.com", "hostname_user", true},
+		{"Hostname wildcard - %.example.com does not match example.com", "hostname_user", "example.com", "", false},
+		{"Hostname wildcard - %.example.com does not match host.other.com", "hostname_user", "host.other.com", "", false},
+
+		// Global wildcard tests
+		{"Global wildcard - % matches any IP", "any_user", "10.0.0.1", "any_user", true},
+		{"Global wildcard - % matches any hostname", "any_user", "any.hostname.com", "any_user", true},
+		{"Global wildcard - % matches localhost", "any_user", "localhost", "any_user", true},
+
+		// Issue #9624 scenario
+		{"Customer scenario - matches connecting IP in range", "wildcard_user", "127.0.0.50", "wildcard_user", true},
 	}
 
 	for _, tt := range tests {

Original file line number	Diff line number	Diff line change
`@@ -592,10 +592,9 @@ func (db MySQLDb) AddLockedSuperUser(ed Editor, username string, host string,`
`592`	`592`	`}`
`593`	`593`	`}`
`594`	`594`
`595`		`-// matchesHostPattern checks if a host matches a MySQL host pattern.`
`596`		`-// This function handles wildcard patterns like '127.0.0.%' which should match '127.0.0.1', '127.0.0.255', etc.`
	`595`	`+// matchesHostPattern checks if a host matches a host pattern with wildcards.`
`597`	`596`	`func matchesHostPattern(host, pattern string) bool {`
`598`		`- // If pattern doesn't contain %, it's not a wildcard pattern`
	`597`	`+ // No wildcard, not a pattern`
`599`	`598`	`if !strings.Contains(pattern, "%") {`
`600`	`599`	`return false`
`601`	`600`	`}`