user_operations: don't fetch auth_string/password, only check existence

2024-08-07 17:14:24 +02:00 · 2024-08-07 17:14:24 +02:00 · a9b8f7cee7
parent d0b750cd33
commit a9b8f7cee7
3 changed files with 26 additions and 44 deletions
--- a/src/cli/mysql_admutils_compatibility/mysql_useradm.rs
+++ b/src/cli/mysql_admutils_compatibility/mysql_useradm.rs
@ -11,7 +11,7 @@ use crate::{
        config::{get_config, mysql_connection_from_config, GlobalConfigArgs},
        user_operations::{
            create_database_user, delete_database_user, get_all_database_users_for_unix_user,
-            password_is_set_for_database_user, set_password_for_database_user, user_exists,
+            get_database_user_for_user, set_password_for_database_user, user_exists,
        },
    },
 };
@ -150,22 +150,24 @@ async fn passwd(args: PasswdArgs, connection: &mut MySqlConnection) -> anyhow::R
 async fn show(args: ShowArgs, connection: &mut MySqlConnection) -> anyhow::Result<()> {
    let users = if args.name.is_empty() {
        let unix_user = get_current_unix_user()?;
-        get_all_database_users_for_unix_user(&unix_user, connection)
-            .await?
-            .into_iter()
-            .map(|u| u.user)
-            .collect()
+        get_all_database_users_for_unix_user(&unix_user, connection).await?
    } else {
-        filter_db_or_user_names(args.name, DbOrUser::User)?
+        let filtered_usernames = filter_db_or_user_names(args.name, DbOrUser::User)?;
+        let mut result = Vec::with_capacity(filtered_usernames.len());
+        for username in filtered_usernames.iter() {
+            // TODO: fetch all users in one query
+            get_database_user_for_user(username, connection)
+                .await?
+                .map(|user| result.push(user));
+        }
+        result
    };

    for user in users {
-        let password_is_set = password_is_set_for_database_user(&user, connection).await?;
-
-        match password_is_set {
-            Some(true) => println!("User '{}': password set.", user),
-            Some(false) => println!("User '{}': no password set.", user),
-            None => {}
+        if user.has_password {
+            println!("User '{}': password set.", user.user);
+        } else {
+            println!("User '{}': no password set.", user.user);
        }
    }

--- a/src/cli/user_command.rs
+++ b/src/cli/user_command.rs
@ -197,7 +197,7 @@ async fn show_users(args: UserShowArgs, conn: &mut MySqlConnection) -> anyhow::R
        println!(
            "User '{}': {}",
            &user.user,
-            if !(user.authentication_string.is_empty() && user.password.is_empty()) {
+            if user.has_password {
                "password set."
            } else {
                "no password set."
--- a/src/core/user_operations.rs
+++ b/src/core/user_operations.rs
@ -93,30 +93,6 @@ pub async fn set_password_for_database_user(
    Ok(())
 }

-/// Helper struct to deserialize the query made in `password_is_set_for_database_user`.
-#[derive(sqlx::FromRow)]
-#[sqlx(transparent)]
-struct PasswordIsSet(bool);
-
-/// This function checks if a database user has a password set.
-/// It returns `Ok(None)` if the user does not exist.
-pub async fn password_is_set_for_database_user(
-    db_user: &str,
-    conn: &mut MySqlConnection,
-) -> anyhow::Result<Option<bool>> {
-    let unix_user = crate::core::common::get_current_unix_user()?;
-    validate_user_name(db_user, &unix_user)?;
-
-    let user_has_password = sqlx::query_as::<_, PasswordIsSet>(
-        "SELECT authentication_string != '' FROM mysql.user WHERE User = ?",
-    )
-    .bind(db_user)
-    .fetch_optional(conn)
-    .await?;
-
-    Ok(user_has_password.map(|PasswordIsSet(is_set)| is_set))
-}
-
 /// This struct contains information about a database user.
 /// This can be extended if we need more information in the future.
 #[derive(Debug, Clone, FromRow, Serialize, Deserialize)]
@ -127,10 +103,8 @@ pub struct DatabaseUser {
    #[sqlx(rename = "Host")]
    pub host: String,

-    #[sqlx(rename = "Password")]
-    pub password: String,
-
-    pub authentication_string: String,
+    #[sqlx(rename = "`Password` != '' OR `authentication_string` != ''")]
+    pub has_password: bool,
 }

 /// This function fetches all database users that have a prefix matching the
@ -141,7 +115,10 @@ pub async fn get_all_database_users_for_unix_user(
 ) -> anyhow::Result<Vec<DatabaseUser>> {
    let users = sqlx::query_as::<_, DatabaseUser>(
        r#"
-          SELECT `User`, `Host`, `Password`, `authentication_string`
+          SELECT
+            `User`,
+            `Host`,
+            `Password` != '' OR `authentication_string` != ''
          FROM `mysql`.`user`
          WHERE `User` REGEXP ?
        "#,
@ -160,7 +137,10 @@ pub async fn get_database_user_for_user(
 ) -> anyhow::Result<Option<DatabaseUser>> {
    let user = sqlx::query_as::<_, DatabaseUser>(
        r#"
-          SELECT `User`, `Host`, `Password`, `authentication_string`
+          SELECT
+            `User`,
+            `Host`,
+            `Password` != '' OR `authentication_string` != ''
          FROM `mysql`.`user`
          WHERE `User` = ?
        "#,