WL#15440 MySQL REST Service (MRS) - Umbrella WL

Bug#37616958 MRS user lookup is case insensitive, where some auth-app require case sensitivity

Changed the bahavior, now the MRS auth user provided must match the
one in the metadata case-sensitively.

Change-Id: Ia32ba15a95553ceb5271c880a2100cb65a38d9b0

Author: Andrzej Religa

mysql-test/suite/router/include/test/authentication_mrs.inc

@@ -215,6 +215,7 @@ exec $MRS_CLIENT_ARGS
 --echo
 --echo #
 --echo # III.1
+--echo Check no access for non existing user
 exec $MRS_CLIENT_ARGS
   -a $test_scram
   --path /svc1/authentication/login
@@ -223,6 +224,17 @@ exec $MRS_CLIENT_ARGS
   --expected-status Unauthorized
   --session-type $test_session_type;
 
+--echo Check the username is case-sensitive
+exec $MRS_CLIENT_ARGS
+  -a $test_scram
+  --path /svc1/authentication/login
+  -u Svc1_usr
+  -p test
+  $_test_auth_app
+  --expected-status Unauthorized
+  --session-type $test_session_type;
+
+--echo Check no access with bad password
 exec $MRS_CLIENT_ARGS
   -a $test_scram
   --path /svc1/authentication/login

mysql-test/suite/router/r/authentication_mrs_get_cookie.result

@@ -89,9 +89,15 @@ OK
 
 #
 # III.1
+Check no access for non existing user
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK
+Check the username is case-sensitive
+GET /svc1/authentication/login
+{"message":"Unauthorized","status":"401"}
+OK
+Check no access with bad password
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK

mysql-test/suite/router/r/authentication_mrs_get_jwt.result

@@ -89,9 +89,15 @@ OK
 
 #
 # III.1
+Check no access for non existing user
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK
+Check the username is case-sensitive
+GET /svc1/authentication/login
+{"message":"Unauthorized","status":"401"}
+OK
+Check no access with bad password
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK

mysql-test/suite/router/r/authentication_mrs_post_cookie.result

@@ -89,9 +89,15 @@ OK
 
 #
 # III.1
+Check no access for non existing user
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK
+Check the username is case-sensitive
+GET /svc1/authentication/login
+{"message":"Unauthorized","status":"401"}
+OK
+Check no access with bad password
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK

mysql-test/suite/router/r/authentication_mrs_post_jwt.result

@@ -89,9 +89,15 @@ OK
 
 #
 # III.1
+Check no access for non existing user
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK
+Check the username is case-sensitive
+GET /svc1/authentication/login
+{"message":"Unauthorized","status":"401"}
+OK
+Check no access with bad password
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK

mysql-test/suite/router/r/authentication_mrs_post_jwt_multiple_handlers.result

@@ -90,9 +90,15 @@ OK
 
 #
 # III.1
+Check no access for non existing user
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK
+Check the username is case-sensitive
+GET /svc1/authentication/login
+{"message":"Unauthorized","status":"401"}
+OK
+Check no access with bad password
 GET /svc1/authentication/login
 {"message":"Unauthorized","status":"401"}
 OK

router/src/mysql_rest_service/src/mrs/database/query_entry_auth_user.cc

@@ -82,8 +82,9 @@ bool QueryEntryAuthUser::query_user(MySQLSession *session,
     }
 
     if (!user_data->name.empty()) {
+      // we force a case-sensitive comparison here
       query_ << (mysqlrouter::sqlstring("and convert(name using utf8)=? "
-                                        "COLLATE \"utf8mb4_general_ci\"")
+                                        "COLLATE \"utf8mb4_bin\"")
                  << user_data->name);
       break;
     }