Merge pull request #1354 from ruiquelhas/async-authplugin-error-handlers

Handle errors generated by asynchronous authentication plugins

Author: sidorares

lib/commands/auth_switch.js

@@ -1,3 +1,8 @@
+// This file was modified by Oracle on July 5, 2021.
+// Errors generated by asynchronous authentication plugins are now being
+// handled and subsequently emitted at the command level.
+// Modifications copyright (c) 2021, Oracle and/or its affiliates.
+
 'use strict';
 
 const Packets = require('../packets/index.js');
@@ -17,6 +22,14 @@ function warnLegacyAuthSwitch() {
   );
 }
 
+function authSwitchPluginError(error, command) {
+  // Authentication errors are fatal
+  error.code = 'AUTH_SWITCH_PLUGIN_ERROR';
+  error.fatal = true;
+
+  command.emit('error', error);
+}
+
 function authSwitchRequest(packet, connection, command) {
   const { pluginName, pluginData } = Packets.AuthSwitchRequest.fromPacket(
     packet
@@ -34,8 +47,7 @@ function authSwitchRequest(packet, connection, command) {
     warnLegacyAuthSwitch();
     legacySwitchHandler({ pluginName, pluginData }, (err, data) => {
       if (err) {
-        connection.emit('error', err);
-        return;
+        return authSwitchPluginError(err, command);
       }
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     });
@@ -54,19 +66,20 @@ function authSwitchRequest(packet, connection, command) {
     if (data) {
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     }
+  }).catch(err => {
+    authSwitchPluginError(err, command);
   });
 }
 
-function authSwitchRequestMoreData(packet, connection) {
+function authSwitchRequestMoreData(packet, connection, command) {
   const { data } = Packets.AuthSwitchRequestMoreData.fromPacket(packet);
 
   if (connection.config.authSwitchHandler) {
     const legacySwitchHandler = connection.config.authSwitchHandler;
     warnLegacyAuthSwitch();
     legacySwitchHandler({ pluginData: data }, (err, data) => {
       if (err) {
-        connection.emit('error', err);
-        return;
+        return authSwitchPluginError(err, command);
       }
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     });
@@ -82,6 +95,8 @@ function authSwitchRequestMoreData(packet, connection) {
     if (data) {
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     }
+  }).catch(err => {
+    authSwitchPluginError(err, command);
   });
 }
 

test/integration/test-auth-switch-plugin-async-error.js

@@ -0,0 +1,89 @@
+// Copyright (c) 2021, Oracle and/or its affiliates.
+
+'use strict';
+
+const mysql = require('../../index.js');
+const Command = require('../../lib/commands/command.js');
+const Packets = require('../../lib/packets/index.js');
+
+const assert = require('assert');
+
+class TestAuthSwitchPluginError extends Command {
+  constructor(args) {
+    super();
+    this.args = args;
+  }
+
+  start(_, connection) {
+    const serverHelloPacket = new Packets.Handshake({
+      // "required" properties
+      protocolVersion: 10,
+      serverVersion: 'node.js rocks'
+    });
+    this.serverHello = serverHelloPacket;
+    serverHelloPacket.setScrambleData(() => {
+      connection.writePacket(serverHelloPacket.toPacket(0));
+    });
+    return TestAuthSwitchPluginError.prototype.sendAuthSwitchRequest;
+  }
+
+  sendAuthSwitchRequest(_, connection) {
+    const asr = new Packets.AuthSwitchRequest(this.args);
+    connection.writePacket(asr.toPacket());
+    return TestAuthSwitchPluginError.prototype.finish;
+  }
+
+  finish(_, connection) {
+    connection.end();
+    return TestAuthSwitchPluginError.prototype.finish;
+  }
+}
+
+const server = mysql.createServer(conn => {
+  conn.addCommand(
+    new TestAuthSwitchPluginError({
+      pluginName: 'auth_test_plugin',
+      pluginData: Buffer.allocUnsafe(0)
+    })
+  );
+});
+
+let error;
+let uncaughtExceptions = 0;
+
+const portfinder = require('portfinder');
+portfinder.getPort((_, port) => {
+  server.listen(port);
+  const conn = mysql.createConnection({
+    port: port,
+    authPlugins: {
+      auth_test_plugin () {
+        return function () {
+          return Promise.reject(Error('boom'));
+        }
+      }
+    }
+  });
+
+  conn.on('error', err => {
+    error = err;
+
+    conn.end();
+    server.close();
+  });
+});
+
+process.on('uncaughtException', err => {
+  // The plugin reports a fatal error
+  assert.equal(error.code, 'AUTH_SWITCH_PLUGIN_ERROR');
+  assert.equal(error.message, 'boom');
+  assert.equal(error.fatal, true);
+  // The server must close the connection
+  assert.equal(err.code, 'PROTOCOL_CONNECTION_LOST');
+
+  uncaughtExceptions += 1;
+});
+
+process.on('exit', () => {
+  assert.equal(uncaughtExceptions, 1);
+});