LCOV - code coverage report
Current view: top level - proxy/src/auth/backend - classic.rs (source / functions) Coverage Total Hit
Test: f8d8f5b90fa487a9e82c42da223f012f5d4fece7.info Lines: 78.4 % 51 40
Test Date: 2024-09-19 20:36:02 Functions: 12.5 % 24 3

            Line data    Source code
       1              : use super::{ComputeCredentials, ComputeUserInfo};
       2              : use crate::{
       3              :     auth::{self, backend::ComputeCredentialKeys, AuthFlow},
       4              :     compute,
       5              :     config::AuthenticationConfig,
       6              :     console::AuthSecret,
       7              :     context::RequestMonitoring,
       8              :     sasl,
       9              :     stream::{PqStream, Stream},
      10              : };
      11              : use tokio::io::{AsyncRead, AsyncWrite};
      12              : use tracing::{info, warn};
      13              : 
      14            1 : pub(super) async fn authenticate(
      15            1 :     ctx: &RequestMonitoring,
      16            1 :     creds: ComputeUserInfo,
      17            1 :     client: &mut PqStream<Stream<impl AsyncRead + AsyncWrite + Unpin>>,
      18            1 :     config: &'static AuthenticationConfig,
      19            1 :     secret: AuthSecret,
      20            1 : ) -> auth::Result<ComputeCredentials> {
      21            1 :     let flow = AuthFlow::new(client);
      22            1 :     let scram_keys = match secret {
      23              :         #[cfg(any(test, feature = "testing"))]
      24              :         AuthSecret::Md5(_) => {
      25            0 :             info!("auth endpoint chooses MD5");
      26            0 :             return Err(auth::AuthError::bad_auth_method("MD5"));
      27              :         }
      28            1 :         AuthSecret::Scram(secret) => {
      29            1 :             info!("auth endpoint chooses SCRAM");
      30            1 :             let scram = auth::Scram(&secret, ctx);
      31              : 
      32            1 :             let auth_outcome = tokio::time::timeout(
      33            1 :                 config.scram_protocol_timeout,
      34            1 :                 async {
      35            1 : 
      36            1 :                     flow.begin(scram).await.map_err(|error| {
      37            0 :                         warn!(?error, "error sending scram acknowledgement");
      38            0 :                         error
      39            2 :                     })?.authenticate().await.map_err(|error| {
      40            0 :                         warn!(?error, "error processing scram messages");
      41            0 :                         error
      42            1 :                     })
      43            1 :                 }
      44            1 :             )
      45            2 :             .await
      46            1 :             .map_err(|e| {
      47            0 :                 warn!("error processing scram messages error = authentication timed out, execution time exceeded {} seconds", config.scram_protocol_timeout.as_secs());
      48            0 :                 auth::AuthError::user_timeout(e)
      49            1 :             })??;
      50              : 
      51            1 :             let client_key = match auth_outcome {
      52            1 :                 sasl::Outcome::Success(key) => key,
      53            0 :                 sasl::Outcome::Failure(reason) => {
      54            0 :                     info!("auth backend failed with an error: {reason}");
      55            0 :                     return Err(auth::AuthError::auth_failed(&*creds.user));
      56              :                 }
      57              :             };
      58              : 
      59            1 :             compute::ScramKeys {
      60            1 :                 client_key: client_key.as_bytes(),
      61            1 :                 server_key: secret.server_key.as_bytes(),
      62            1 :             }
      63            1 :         }
      64            1 :     };
      65            1 : 
      66            1 :     Ok(ComputeCredentials {
      67            1 :         info: creds,
      68            1 :         keys: ComputeCredentialKeys::AuthKeys(tokio_postgres::config::AuthKeys::ScramSha256(
      69            1 :             scram_keys,
      70            1 :         )),
      71            1 :     })
      72            1 : }
        

Generated by: LCOV version 2.1-beta