add async authPlugin error handlers

ruiquelhas · ruiquelhas · commit b027425f91c0 · 2021-07-06T10:44:32.000+01:00
Errors reported by asynchronous authentication plugins are not properly
handled, leading the client to become idle, at least until the server
closes the connection because of inactivity.

This patch introduces the changes to ensure all errors generated by
asynchronous authentication plugins result in fatal 'error' events
emitted at the command level (and subsequently bubbled up to the
connection instance), allowing the client to immediately close the
underlying socket connection and stop the process.
diff --git a/lib/commands/auth_switch.js b/lib/commands/auth_switch.js
@@ -1,3 +1,8 @@
+// This file was modified by Oracle on July 5, 2021.
+// Errors generated by asynchronous authentication plugins are now being
+// handled and subsequently emitted at the command level.
+// Modifications copyright (c) 2021, Oracle and/or its affiliates.
+
 'use strict';
 
 const Packets = require('../packets/index.js');
@@ -17,6 +22,14 @@ function warnLegacyAuthSwitch() {
   );
 }
 
+function authSwitchPluginError(error, command) {
+  // Authentication errors are fatal
+  error.code = 'AUTH_SWITCH_PLUGIN_ERROR';
+  error.fatal = true;
+
+  command.emit('error', error);
+}
+
 function authSwitchRequest(packet, connection, command) {
   const { pluginName, pluginData } = Packets.AuthSwitchRequest.fromPacket(
     packet
@@ -34,8 +47,7 @@ function authSwitchRequest(packet, connection, command) {
     warnLegacyAuthSwitch();
     legacySwitchHandler({ pluginName, pluginData }, (err, data) => {
       if (err) {
-        connection.emit('error', err);
-        return;
+        return authSwitchPluginError(err, command);
       }
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     });
@@ -54,19 +66,20 @@ function authSwitchRequest(packet, connection, command) {
     if (data) {
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     }
+  }).catch(err => {
+    authSwitchPluginError(err, command);
   });
 }
 
-function authSwitchRequestMoreData(packet, connection) {
+function authSwitchRequestMoreData(packet, connection, command) {
   const { data } = Packets.AuthSwitchRequestMoreData.fromPacket(packet);
 
   if (connection.config.authSwitchHandler) {
     const legacySwitchHandler = connection.config.authSwitchHandler;
     warnLegacyAuthSwitch();
     legacySwitchHandler({ pluginData: data }, (err, data) => {
       if (err) {
-        connection.emit('error', err);
-        return;
+        return authSwitchPluginError(err, command);
       }
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     });
@@ -82,6 +95,8 @@ function authSwitchRequestMoreData(packet, connection) {
     if (data) {
       connection.writePacket(new Packets.AuthSwitchResponse(data).toPacket());
     }
+  }).catch(err => {
+    authSwitchPluginError(err, command);
   });
 }
 
diff --git a/test/integration/test-auth-switch-plugin-async-error.js b/test/integration/test-auth-switch-plugin-async-error.js
@@ -0,0 +1,89 @@
+// Copyright (c) 2021, Oracle and/or its affiliates.
+
+'use strict';
+
+const mysql = require('../../index.js');
+const Command = require('../../lib/commands/command.js');
+const Packets = require('../../lib/packets/index.js');
+
+const assert = require('assert');
+
+class TestAuthSwitchPluginError extends Command {
+  constructor(args) {
+    super();
+    this.args = args;
+  }
+
+  start(_, connection) {
+    const serverHelloPacket = new Packets.Handshake({
+      // "required" properties
+      protocolVersion: 10,
+      serverVersion: 'node.js rocks'
+    });
+    this.serverHello = serverHelloPacket;
+    serverHelloPacket.setScrambleData(() => {
+      connection.writePacket(serverHelloPacket.toPacket(0));
+    });
+    return TestAuthSwitchPluginError.prototype.sendAuthSwitchRequest;
+  }
+
+  sendAuthSwitchRequest(_, connection) {
+    const asr = new Packets.AuthSwitchRequest(this.args);
+    connection.writePacket(asr.toPacket());
+    return TestAuthSwitchPluginError.prototype.finish;
+  }
+
+  finish(_, connection) {
+    connection.end();
+    return TestAuthSwitchPluginError.prototype.finish;
+  }
+}
+
+const server = mysql.createServer(conn => {
+  conn.addCommand(
+    new TestAuthSwitchPluginError({
+      pluginName: 'auth_test_plugin',
+      pluginData: Buffer.allocUnsafe(0)
+    })
+  );
+});
+
+let error;
+let uncaughtExceptions = 0;
+
+const portfinder = require('portfinder');
+portfinder.getPort((_, port) => {
+  server.listen(port);
+  const conn = mysql.createConnection({
+    port: port,
+    authPlugins: {
+      auth_test_plugin () {
+        return function () {
+          return Promise.reject(Error('boom'));
+        }
+      }
+    }
+  });
+
+  conn.on('error', err => {
+    error = err;
+
+    conn.end();
+    server.close();
+  });
+});
+
+process.on('uncaughtException', err => {
+  // The plugin reports a fatal error
+  assert.equal(error.code, 'AUTH_SWITCH_PLUGIN_ERROR');
+  assert.equal(error.message, 'boom');
+  assert.equal(error.fatal, true);
+  // The server must close the connection
+  assert.equal(err.code, 'PROTOCOL_CONNECTION_LOST');
+
+  uncaughtExceptions += 1;
+});
+
+process.on('exit', () => {
+  assert.equal(uncaughtExceptions, 1);
+});
