From 6546d1de071c30d0105b9b05c9af3eccdf432922 Mon Sep 17 00:00:00 2001
From: Matej Ferencevic <matej.ferencevic@memgraph.io>
Date: Mon, 30 Jul 2018 16:07:56 +0200
Subject: [PATCH] Fix handling of Bolt init auth metadata

Summary:
Our implementation of the Bolt protocol now correctly handles INIT message
metadata used for authentification. The related description from the Bolt
standard is: 'The token must contain either just the entry {"scheme": "none"}
or the keys scheme, principal, and credentials. Example {"scheme": "basic",
"principal": "user", "credentials": "secret"}". If no scheme is provided, it
defaults to "none".'

Reviewers: msantl

Reviewed By: msantl

Subscribers: pullbot

Differential Revision: https://phabricator.memgraph.io/D1518
---
 src/communication/bolt/v1/states/init.hpp | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/communication/bolt/v1/states/init.hpp b/src/communication/bolt/v1/states/init.hpp
index e032b79b4..473c953f5 100644
--- a/src/communication/bolt/v1/states/init.hpp
+++ b/src/communication/bolt/v1/states/init.hpp
@@ -61,21 +61,27 @@ State StateInitRun(Session &session) {
             << std::endl;
 
   // Get authentication data.
+  std::string username, password;
   auto &data = metadata.ValueMap();
-  if (!data.count("scheme") || !data.count("principal") ||
-      !data.count("credentials")) {
+  if (!data.count("scheme")) {
     LOG(WARNING) << "The client didn't supply authentication information!";
     return State::Close;
   }
-  if (data["scheme"].ValueString() != "basic") {
+  if (data["scheme"].ValueString() == "basic") {
+    if (!data.count("principal") || !data.count("credentials")) {
+      LOG(WARNING) << "The client didn't supply authentication information!";
+      return State::Close;
+    }
+    username = data["principal"].ValueString();
+    password = data["credentials"].ValueString();
+  } else if (data["scheme"].ValueString() != "none") {
     LOG(WARNING) << "Unsupported authentication scheme: "
                  << data["scheme"].ValueString();
     return State::Close;
   }
 
   // Authenticate the user.
-  if (!session.Authenticate(data["principal"].ValueString(),
-                            data["credentials"].ValueString())) {
+  if (!session.Authenticate(username, password)) {
     if (!session.encoder_.MessageFailure(
             {{"code", "Memgraph.ClientError.Security.Unauthenticated"},
              {"message", "Authentication failure"}})) {