diff --git a/tests/queries/0_stateless/03174_multiple_authentication_methods.reference b/tests/queries/0_stateless/03174_multiple_authentication_methods.reference index c7dbf67d784..cc8628c1ac0 100644 --- a/tests/queries/0_stateless/03174_multiple_authentication_methods.reference +++ b/tests/queries/0_stateless/03174_multiple_authentication_methods.reference @@ -23,39 +23,10 @@ Only the latest should work, below should fail AUTHENTICATION_FAILED Should work 1 -Multiple identified with, not allowed -Syntax error -CREATE Multiple identified with, not allowed -Syntax error -Create user with no identification -Add identified with, should not be allowed because user is currently identified with no_password and it can not co-exist with other auth types -BAD_ARGUMENTS -Try to add no_password mixed with other authentication methods, should not be allowed -SYNTAX_ERROR -Adding no_password, should fail -SYNTAX_ERROR Replacing existing authentication methods in favor of no_password, should succeed CREATE USER u01_03174 IDENTIFIED WITH no_password Trying to auth with no pwd, should succeed 1 -Create user with mix both implicit and explicit auth type, starting with with -CREATE USER u01_03174 IDENTIFIED WITH plaintext_password, sha256_password, bcrypt_password, sha256_password -Create user with mix both implicit and explicit auth type, starting with by -CREATE USER u01_03174 IDENTIFIED WITH sha256_password, plaintext_password, bcrypt_password, sha256_password -Use WITH without providing authentication type, should fail -Syntax error -Create user with ADD identification, should fail, add is not allowed for create query -SYNTAX_ERROR -Trailing comma should result in syntax error -SYNTAX_ERROR -First auth method can't specify type if WITH keyword is not present -SYNTAX_ERROR -RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement -SYNTAX_ERROR -ADD NOT IDENTIFIED should result in syntax error -SYNTAX_ERROR -RESET AUTHENTICATION METHODS TO NEW cannot be used along with [ADD] IDENTIFIED clauses -SYNTAX_ERROR On cluster tests localhost 9000 0 0 0 localhost 9000 0 0 0 @@ -90,45 +61,8 @@ Only the latest should work, below should fail AUTHENTICATION_FAILED Should work 1 -Multiple identified with, not allowed -Syntax error -localhost 9000 0 0 0 -CREATE Multiple identified with, not allowed -Syntax error -localhost 9000 0 0 0 -Create user with no identification -localhost 9000 0 0 0 -Add identified with, should not be allowed because user is currently identified with no_password and it can not co-exist with other auth types -BAD_ARGUMENTS -Try to add no_password mixed with other authentication methods, should not be allowed -SYNTAX_ERROR -Adding no_password, should fail -SYNTAX_ERROR Replacing existing authentication methods in favor of no_password, should succeed localhost 9000 0 0 0 CREATE USER u01_03174 IDENTIFIED WITH no_password Trying to auth with no pwd, should succeed 1 -localhost 9000 0 0 0 -Create user with mix both implicit and explicit auth type, starting with with -localhost 9000 0 0 0 -CREATE USER u01_03174 IDENTIFIED WITH plaintext_password, sha256_password, bcrypt_password, sha256_password -localhost 9000 0 0 0 -Create user with mix both implicit and explicit auth type, starting with by -localhost 9000 0 0 0 -CREATE USER u01_03174 IDENTIFIED WITH sha256_password, plaintext_password, bcrypt_password, sha256_password -localhost 9000 0 0 0 -Use WITH without providing authentication type, should fail -Syntax error -Create user with ADD identification, should fail, add is not allowed for create query -SYNTAX_ERROR -Trailing comma should result in syntax error -SYNTAX_ERROR -First auth method can't specify type if WITH keyword is not present -SYNTAX_ERROR -RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement -SYNTAX_ERROR -ADD NOT IDENTIFIED should result in syntax error -SYNTAX_ERROR -RESET AUTHENTICATION METHODS TO NEW cannot be used along with [ADD] IDENTIFIED clauses -SYNTAX_ERROR diff --git a/tests/queries/0_stateless/03174_multiple_authentication_methods.sh b/tests/queries/0_stateless/03174_multiple_authentication_methods.sh index bfb7775dbb0..d775034bd59 100755 --- a/tests/queries/0_stateless/03174_multiple_authentication_methods.sh +++ b/tests/queries/0_stateless/03174_multiple_authentication_methods.sh @@ -89,28 +89,6 @@ function test echo "Should work" test_login_pwd ${user} '6' - echo "Multiple identified with, not allowed" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH plaintext_password by '7', IDENTIFIED plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error" - - ${CLICKHOUSE_CLIENT} --query "DROP USER ${user} $1" - - echo "CREATE Multiple identified with, not allowed" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH plaintext_password by '7', IDENTIFIED WITH plaintext_password by '8'" 2>&1 | grep -m1 -o "Syntax error" - - ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1" - - echo "Create user with no identification" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1" - - echo "Add identified with, should not be allowed because user is currently identified with no_password and it can not co-exist with other auth types" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '7'" 2>&1 | grep -m1 -o "BAD_ARGUMENTS" - - echo "Try to add no_password mixed with other authentication methods, should not be allowed" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '8', no_password" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "Adding no_password, should fail" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - echo "Replacing existing authentication methods in favor of no_password, should succeed" ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH no_password" ${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}" @@ -118,43 +96,7 @@ function test echo "Trying to auth with no pwd, should succeed" test_login_no_pwd ${user} - ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1" - - echo "Create user with mix both implicit and explicit auth type, starting with with" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH plaintext_password by '1', by '2', bcrypt_password by '3', by '4';" - ${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}" - - ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1" - - echo "Create user with mix both implicit and explicit auth type, starting with by" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED by '1', plaintext_password by '2', bcrypt_password by '3', by '4';" - ${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}" - - ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user} $1" - - echo "Use WITH without providing authentication type, should fail" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED WITH BY '1';" 2>&1 | grep -m1 -o "Syntax error" - - echo "Create user with ADD identification, should fail, add is not allowed for create query" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '1'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "Trailing comma should result in syntax error" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD IDENTIFIED WITH plaintext_password by '1'," 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "First auth method can't specify type if WITH keyword is not present" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 IDENTIFIED plaintext_password by '1'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement" - ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} $1 RESET AUTHENTICATION METHODS TO NEW" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "ADD NOT IDENTIFIED should result in syntax error" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 ADD NOT IDENTIFIED" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - - echo "RESET AUTHENTICATION METHODS TO NEW cannot be used along with [ADD] IDENTIFIED clauses" - ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} $1 IDENTIFIED WITH plaintext_password by '1' RESET AUTHENTICATION METHODS TO NEW" 2>&1 | grep -m1 -o "SYNTAX_ERROR" - ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}" - } test "" diff --git a/tests/queries/0_stateless/03174_multiple_authentication_methods_no_login.sql b/tests/queries/0_stateless/03174_multiple_authentication_methods_no_login.sql new file mode 100644 index 00000000000..b21b90700b6 --- /dev/null +++ b/tests/queries/0_stateless/03174_multiple_authentication_methods_no_login.sql @@ -0,0 +1,70 @@ +DROP USER IF EXISTS u_03174_no_login; + +CREATE USER u_03174_no_login; + +-- multiple identified with, not allowed +ALTER USER u_03174_no_login IDENTIFIED WITH plaintext_password by '7', IDENTIFIED plaintext_password by '8'; -- { clientError SYNTAX_ERROR } + +-- CREATE Multiple identified with, not allowed +CREATE USER u_03174_no_login IDENTIFIED WITH plaintext_password by '7', IDENTIFIED WITH plaintext_password by '8'; -- { clientError SYNTAX_ERROR } + +DROP USER u_03174_no_login; + +-- Create user with no identification +CREATE USER u_03174_no_login; + +-- Add identified with, should not be allowed because user is currently identified with no_password and it can not co-exist with other auth types +ALTER USER u_03174_no_login ADD IDENTIFIED WITH plaintext_password by '7'; -- { serverError BAD_ARGUMENTS } + +-- Try to add no_password mixed with other authentication methods, should not be allowed +ALTER USER u_03174_no_login ADD IDENTIFIED WITH plaintext_password by '8', no_password; -- { clientError SYNTAX_ERROR } + +-- Adding no_password, should fail +ALTER USER u_03174_no_login ADD IDENTIFIED WITH no_password; -- { clientError SYNTAX_ERROR } + +DROP USER IF EXISTS u_03174_no_login; + +-- Create user with mix both implicit and explicit auth type, starting with with +CREATE USER u_03174_no_login IDENTIFIED WITH plaintext_password by '1', by '2', bcrypt_password by '3', by '4'; +SHOW CREATE USER u_03174_no_login; + +DROP USER IF EXISTS u_03174_no_login; + +-- Create user with mix both implicit and explicit auth type, starting with with. On cluster +CREATE USER u_03174_no_login ON CLUSTER test_shard_localhost IDENTIFIED WITH plaintext_password by '1', by '2', bcrypt_password by '3', by '4'; +SHOW CREATE USER u_03174_no_login; + +DROP USER IF EXISTS u_03174_no_login; + +-- Create user with mix both implicit and explicit auth type, starting with by +CREATE USER u_03174_no_login IDENTIFIED by '1', plaintext_password by '2', bcrypt_password by '3', by '4'; +SHOW CREATE USER u_03174_no_login; + +DROP USER IF EXISTS u_03174_no_login; + +-- Create user with mix both implicit and explicit auth type, starting with by. On cluster +CREATE USER u_03174_no_login ON CLUSTER test_shard_localhost IDENTIFIED by '1', plaintext_password by '2', bcrypt_password by '3', by '4'; +SHOW CREATE USER u_03174_no_login; + +DROP USER IF EXISTS u_03174_no_login; + +-- Use WITH without providing authentication type, should fail +CREATE USER u_03174_no_login IDENTIFIED WITH BY '1'; -- { clientError SYNTAX_ERROR } + +-- Create user with ADD identification, should fail, add is not allowed for create query +CREATE USER u_03174_no_login ADD IDENTIFIED WITH plaintext_password by '1'; -- { clientError SYNTAX_ERROR } + +-- Trailing comma should result in syntax error +ALTER USER u_03174_no_login ADD IDENTIFIED WITH plaintext_password by '1',; -- { clientError SYNTAX_ERROR } + +-- First auth method can't specify type if WITH keyword is not present +CREATE USER u_03174_no_login IDENTIFIED plaintext_password by '1'; -- { clientError SYNTAX_ERROR } + +-- RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement +CREATE USER u_03174_no_login RESET AUTHENTICATION METHODS TO NEW; -- { clientError SYNTAX_ERROR } + +-- ADD NOT IDENTIFIED should result in syntax error +ALTER USER u_03174_no_login ADD NOT IDENTIFIED; -- { clientError SYNTAX_ERROR } + +-- RESET AUTHENTICATION METHODS TO NEW cannot be used along with [ADD] IDENTIFIED clauses +ALTER USER u_03174_no_login IDENTIFIED WITH plaintext_password by '1' RESET AUTHENTICATION METHODS TO NEW; -- { clientError SYNTAX_ERROR }