Stabilization: replication semi-sync, MVCC aborted deleters, SSTable level, SCRAM fix
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
CI / test (push) Has been cancelled
CI / verify (push) Has been cancelled
Clients CI / build-server (push) Has been cancelled
Clients CI / test-python (push) Has been cancelled
Clients CI / test-javascript (push) Has been cancelled
Clients CI / test-nim (push) Has been cancelled
Clients CI / test-rust (push) Has been cancelled
P0-P1 fixes: - replication.nim: rmSync/rmSemiSync now wait for replica ACKs - mvcc.nim: aborted deleters no longer hide records (return true for visibility) - storage/lsm.nim: SSTable level persisted in header (version 2, backward compat) - protocol/auth.nim: removed insecure SCRAM raw hash fallback Build: 0 warnings, 0 errors. All tests pass.
This commit is contained in:
@@ -271,15 +271,9 @@ proc validateCredentials*(am: AuthManager, creds: AuthCredentials): AuthResult =
|
||||
role: claims.role, database: claims.database)
|
||||
return AuthResult(authenticated: false, error: "Invalid token")
|
||||
of amSCRAMSHA256:
|
||||
## Legacy fallback: simple hash comparison for backward compatibility.
|
||||
## Real SCRAM should use startScram() / finishScram().
|
||||
if creds.username in am.users:
|
||||
let stored = am.users[creds.username]
|
||||
let clientHash = if creds.payload.len > 0: creds.payload else: hmacSha256(am.secretKey, "")
|
||||
if stored == clientHash or stored == hmacSha256(am.secretKey, creds.payload):
|
||||
return AuthResult(authenticated: true, username: creds.username,
|
||||
role: "user", database: "default")
|
||||
return AuthResult(authenticated: false, error: "Invalid SCRAM credentials")
|
||||
## SCRAM-SHA-256 requires a full challenge-response handshake.
|
||||
## Use startScram() / finishScram() instead of validateCredentials().
|
||||
return AuthResult(authenticated: false, error: "SCRAM requires challenge-response handshake. Use startScram/finishScram.")
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Token / user management
|
||||
|
||||
Reference in New Issue
Block a user