Rename header and config setting for consistency.

2024-11-21 23:21:59 +00:00 · 2022-02-19 03:58:58 +07:00 · 2022-02-19 03:58:58 +07:00 · cb66a63aa4
commit cb66a63aa4
parent 765d136d2a
4 changed files with 7 additions and 7 deletions
--- a/src/Access/UsersConfigAccessStorage.cpp
+++ b/src/Access/UsersConfigAccessStorage.cpp
@ -62,7 +62,7 @@ namespace
        bool has_ldap = config.has(user_config + ".ldap");
        bool has_kerberos = config.has(user_config + ".kerberos");

-        const auto certificates_config = user_config + ".certificates";
+        const auto certificates_config = user_config + ".ssl_certificates";
        bool has_certificates = config.has(certificates_config);

        size_t num_password_fields = has_no_password + has_password_plaintext + has_password_sha256_hex + has_password_double_sha1_hex + has_ldap + has_kerberos + has_certificates;
--- a/src/Server/HTTPHandler.cpp
+++ b/src/Server/HTTPHandler.cpp
@ -330,7 +330,7 @@ bool HTTPHandler::authenticateUser(

    /// The header 'X-ClickHouse-SSL-Certificate-Auth: on' enables checking the common name
    /// extracted from the SSL certificate used for this connection instead of checking password.
-    bool has_ssl_certificate_auth = (request.get("X-ClickHouse-X509Authentication", "") == "yes");
+    bool has_ssl_certificate_auth = (request.get("X-ClickHouse-SSL-Certificate-Auth", "") == "on");
    bool has_auth_headers = !user.empty() || !password.empty() || !quota_key.empty() || has_ssl_certificate_auth;

    /// User name and password can be passed using HTTP Basic auth or query parameters
--- a/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml
+++ b/tests/integration/test_ssl_cert_authentication/configs/users_with_ssl_auth.xml
@ -2,15 +2,15 @@
 <clickhouse>
    <users>
        <john>
-            <certificates>
+            <ssl_certificates>
                <common_name>client1</common_name>
-            </certificates>
+            </ssl_certificates>
        </john>
        <lucy>
-            <certificates>
+            <ssl_certificates>
                <common_name>client2</common_name>
                <common_name>client3</common_name>
-            </certificates>
+            </ssl_certificates>
        </lucy>
        <peter>
            <no_password/>
--- a/tests/integration/test_ssl_cert_authentication/test.py
+++ b/tests/integration/test_ssl_cert_authentication/test.py
@ -40,7 +40,7 @@ def execute_query_https(query, user, enable_ssl_auth=True, cert_name=None, passw
    request = urllib.request.Request(url)
    request.add_header('X-ClickHouse-User', user)
    if enable_ssl_auth:
-        request.add_header('X-ClickHouse-X509Authentication', 'yes')
+        request.add_header('X-ClickHouse-SSL-Certificate-Auth', 'on')
    if password:
        request.add_header('X-ClickHouse-Key', password)
    response = urllib.request.urlopen(request, context=get_ssl_context(cert_name)).read()