Merge branch 'wl10718-extended-auth'

# Conflicts:
#	include/mysql_xapi.h

Author: rsomla1

cdk/include/mysql/cdk/data_source.h

@@ -152,33 +152,50 @@ class Protocol_options
 class TCPIP::Options
   : public ds::Options<Protocol_options>
 {
+private:
+
+#ifdef WITH_SSL
+  cdk::connection::TLS::Options m_tls_options;
+#endif
+  bool m_auth_method_set;
+  auth_method_t m_auth_method;
+
 public:
 
-  Options()
+  Options() : m_auth_method_set(false),
+              m_auth_method(auth_method_t::MYSQL41)
   {
-    m_auth_method = auth_method_t::MYSQL41;
   }
 
   Options(const string &usr, const std::string *pwd =NULL)
-    : ds::Options<Protocol_options>(usr, pwd)
+    : ds::Options<Protocol_options>(usr, pwd),
+      m_auth_method_set(false),
+      m_auth_method(auth_method_t::MYSQL41)
   {
     /*
       We don't know if the connection will be over SSL.
       Guessing unencrypted connection and MYSQL41 auth.
     */
-    m_auth_method = auth_method_t::MYSQL41;
   }
 
 #ifdef WITH_SSL
 
   void set_tls(const cdk::connection::TLS::Options& options)
   {
     m_tls_options = options;
-    // Use PLAIN auth for SSL connections
-    if (options.ssl_mode() == cdk::connection::TLS::Options::SSL_MODE::DISABLED)
-      m_auth_method = auth_method_t::MYSQL41;
-    else
-      m_auth_method = auth_method_t::PLAIN;
+
+    /*
+      The authentication method should not be changed
+      if the user code set it specifically
+    */
+    if (!m_auth_method_set)
+    {
+      // Use PLAIN auth for SSL connections
+      if (options.ssl_mode() == cdk::connection::TLS::Options::SSL_MODE::DISABLED)
+        m_auth_method = auth_method_t::MYSQL41;
+      else
+        m_auth_method = auth_method_t::PLAIN;
+    }
   }
 
   const cdk::connection::TLS::Options& get_tls() const
@@ -191,16 +208,9 @@ class TCPIP::Options
   void set_auth_method(auth_method_t auth_method)
   {
     m_auth_method = auth_method;
+    m_auth_method_set = true;
   }
 
-private:
-
-#ifdef WITH_SSL
-  cdk::connection::TLS::Options m_tls_options;
-#endif
-  auth_method_t m_auth_method;
-
-
   auth_method_t auth_method() const
   {
     return m_auth_method;

devapi/session.cc

@@ -195,6 +195,25 @@ void set_ssl_mode(cdk::connection::TLS::Options &tls_opt,
 #endif //WITH_SSL
 
 
+cdk::ds::mysqlx::Protocol_options::auth_method_t get_auth_method(const std::string &name)
+{
+#define map_auth(x) { #x, cdk::ds::mysqlx::Protocol_options::x },
+  static std::map<std::string, cdk::ds::mysqlx::Protocol_options::auth_method_t>
+    auth_methods{ AUTH_METHODS(map_auth) };
+
+  try {
+    return auth_methods.at(name);
+  }
+  catch (const std::out_of_range&)
+  {
+    std::string msg = "Invalid auth value: " + std::string(name);
+    throw_error(msg.c_str());
+    // Quiet compiler warnings
+    return cdk::ds::mysqlx::Protocol_options::MYSQL41;
+  }
+}
+
+
 struct Host_sources : public cdk::ds::Multi_source
 {
 
@@ -342,6 +361,13 @@ struct URI_parser
           " without TLS support."
           );
 #endif
+    } else if (lc_key == "auth")
+    {
+      std::string auth;
+      auth.resize(val.size());
+      std::transform(val.begin(), val.end(), auth.begin(), ::toupper);
+
+      set_auth_method(get_auth_method(auth));
     } else
     {
       std::stringstream err;
@@ -456,6 +482,30 @@ Session::Session(SessionSettings settings)
       opt.set_tls(opt_ssl);
 #endif
 
+      /*
+        Setting Authentication method after SSL options
+        to override the defaults if necessary
+      */
+      if (settings.has_option(SessionOption::AUTH))
+      {
+        AuthMethod am =
+          AuthMethod(
+            settings.find(SessionOption::AUTH).get<unsigned>());
+
+        switch(am)
+        {
+        case AuthMethod::PLAIN:
+          opt.set_auth_method(cdk::ds::mysqlx::Protocol_options::PLAIN);
+        break;
+        case AuthMethod::MYSQL41:
+          opt.set_auth_method(cdk::ds::mysqlx::Protocol_options::MYSQL41);
+        break;
+        case AuthMethod::EXTERNAL:
+          opt.set_auth_method(cdk::ds::mysqlx::Protocol_options::EXTERNAL);
+        break;
+        }
+      }
+
       Host_sources source;
 
       std::string host = "localhost";

devapi/tests/session-t.cc

@@ -281,6 +281,117 @@ TEST_F(Sess, trx)
   cout << "Done!" << endl;
 }
 
+TEST_F(Sess, auth_method)
+{
+
+  SKIP_IF_NO_XPLUGIN;
+
+  auto check_user = [](mysqlx::Session &sess)
+  {
+    SqlResult res = sess.sql("SELECT CURRENT_USER()").execute();
+    auto row = res.fetchOne();
+    string str = row[0];
+    cout << "User: " << str << endl;
+  };
+
+  {
+    mysqlx::Session sess(SessionOption::PORT, get_port(),
+                         SessionOption::USER, get_user(),
+                         SessionOption::PWD, get_password() ? get_password() : nullptr,
+                         SessionOption::SSL_MODE, SSLMode::DISABLED,
+                         SessionOption::AUTH, AuthMethod::MYSQL41
+    );
+    check_user(sess);
+  }
+
+  {
+    // This will throw because of plain auth without SSL
+    EXPECT_THROW(mysqlx::Session sess(SessionOption::PORT, get_port(),
+                         SessionOption::USER, get_user(),
+                         SessionOption::PWD, get_password() ? get_password() : nullptr,
+                         SessionOption::SSL_MODE, SSLMode::DISABLED,
+                         SessionOption::AUTH, AuthMethod::PLAIN),
+                 Error);
+  }
+
+  {
+    mysqlx::Session sess(SessionOption::PORT, get_port(),
+                         SessionOption::USER, get_user(),
+                         SessionOption::PWD, get_password() ? get_password() : nullptr,
+                         SessionOption::SSL_MODE, SSLMode::REQUIRED,
+                         SessionOption::AUTH, AuthMethod::PLAIN
+    );
+    check_user(sess);
+  }
+
+  {
+    mysqlx::Session sess(SessionOption::PORT, get_port(),
+                         SessionOption::USER, get_user(),
+                         SessionOption::PWD, get_password() ? get_password() : nullptr,
+                         SessionOption::SSL_MODE, SSLMode::REQUIRED,
+                         SessionOption::AUTH, AuthMethod::MYSQL41
+    );
+    check_user(sess);
+  }
+
+  std::stringstream uri;
+  uri << "mysqlx://" << get_user();
+  if (get_password() && *get_password())
+    uri << ":" << get_password();
+  uri << "@" << "localhost:" << get_port();
+
+  {
+    std::stringstream str;
+    str << uri.str() << "/?ssl-mode=disabled&auth=mysql41";
+    mysqlx::Session sess(str.str());
+    check_user(sess);
+  }
+
+  {
+    std::stringstream str;
+    str << uri.str() << "/?ssl-mode=disabled&auth=plain";
+    EXPECT_THROW(mysqlx::Session sess(str.str()), Error);
+  }
+
+  {
+    std::stringstream str;
+    str << uri.str() << "/?ssl-mode=required&auth=plain";
+    mysqlx::Session sess(str.str());
+    check_user(sess);
+  }
+
+  {
+    std::stringstream str;
+    str << uri.str() << "/?ssl-mode=required&auth=mysql41";
+    mysqlx::Session sess(str.str());
+    check_user(sess);
+  }
+}
+
+TEST_F(Sess, auth_external)
+{
+
+  SKIP_IF_NO_XPLUGIN;
+
+  // This will throw because of EXTERNAL is not supported
+  EXPECT_THROW(mysqlx::Session sess(SessionOption::PORT, get_port(),
+                                    SessionOption::USER, get_user(),
+                                    SessionOption::PWD, get_password() ? get_password() : nullptr,
+                                    SessionOption::SSL_MODE, SSLMode::DISABLED,
+                                    SessionOption::AUTH, AuthMethod::PLAIN),
+               Error);
+
+  std::stringstream uri;
+  uri << "mysqlx://" << get_user();
+  if (get_password() && *get_password())
+    uri << ":" << get_password();
+  uri << "@" << "localhost:" << get_port();
+
+    uri << "/?ssl-mode=required&auth=external";
+    EXPECT_THROW(mysqlx::Session sess(uri.str()),
+                 Error);
+}
+
 
 TEST_F(Sess, ssl_session)
 {

include/devapi/detail/settings.h

@@ -19,8 +19,9 @@ namespace internal {
 template <typename Traits>
 class Settings_detail
 {
-  using Options = typename Traits::Options;
-  using SSLMode = typename Traits::SSLMode;
+  using Options    = typename Traits::Options;
+  using SSLMode    = typename Traits::SSLMode;
+  using AuthMethod = typename Traits::AuthMethod;
 
 protected:
 
@@ -34,6 +35,20 @@ class Settings_detail
   void do_add(Options opt, Value &&v);
   Value& find(Options opt);
 
+  /*
+    Declare options that require specific type of value (mostly enumerations).
+    For such options we do not accept setting them to arbitrary values. Instead
+    an overload of opt_val() with appropriate type will be used to set value
+    of the option.
+  */
+
+#define OPT_VAL_TYPE(X) \
+  X(SSL_MODE,SSLMode) \
+  X(AUTH,AuthMethod)
+
+#define CHECK_OPT(Opt,Type) \
+  if (opt == Options::Opt) \
+    throw Error(#Opt "setting requires value of type " #Type);
 
   /*
     Store option value in Value object (with basic run-time type checks)
@@ -42,8 +57,7 @@ class Settings_detail
 
   static Value opt_val(Options opt, Value &&val)
   {
-    if (opt == Options::SSL_MODE)
-      throw Error("SSL_MODE setting requires SessionSettings::SSLMode value.");
+    OPT_VAL_TYPE(CHECK_OPT)
     return val;
   }
 
@@ -59,8 +73,7 @@ class Settings_detail
   >
   static Value opt_val(Options opt, V &&val)
   {
-    if (opt == Options::SSL_MODE)
-      throw Error("SSL_MODE setting requires SessionSettings::SSLMode value.");
+    OPT_VAL_TYPE(CHECK_OPT)
     return string(val);
   }
 
@@ -71,6 +84,15 @@ class Settings_detail
     return unsigned(m);
   }
 
+  static Value opt_val(Options opt, AuthMethod m)
+  {
+    if (opt != Options::AUTH)
+      throw Error("SessionSettings::AuthMethod value can only be used on AUTH setting.");
+    return unsigned(m);
+  }
+
+
+
   /*
     TODO: Document it
   */