fix: fix sha256_password to work correctly over a TLS connection (#3809)

* fix: handle case with sha256_authentication over tls connection

* fix: lint

* fix: ensure tls over the stream instance

* fix: variable name

---------

Co-authored-by: Weslley Araújo <[email protected]>

Author: viladimiru

lib/auth_plugins/sha256_password.js

@@ -3,6 +3,7 @@
 const PLUGIN_NAME = 'sha256_password';
 const crypto = require('crypto');
 const { xorRotating } = require('../auth_41');
+const Tls = require('tls');
 
 const REQUEST_SERVER_KEY_PACKET = Buffer.from([1]);
 
@@ -32,6 +33,14 @@ module.exports =
     return (data) => {
       switch (state) {
         case STATE_INITIAL:
+          if (
+            connection.stream instanceof Tls.TLSSocket &&
+            connection.stream.encrypted === true
+          ) {
+            // We don't need to encrypt passwords over TLS connection
+            return Buffer.from(`${password}\0`, 'utf8');
+          }
+
           scramble = data.slice(0, 20);
           // if client provides key we can save one extra roundrip on first connection
           if (pluginOptions.serverPublicKey) {