handle database without any pool yet

FerretDB · Feb 16, 2024 · 40be66d · 40be66d
1 parent 470ca14
commit 40be66d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/internal/backends/postgresql/metadata/registry.go b/internal/backends/postgresql/metadata/registry.go
@@ -122,7 +122,14 @@ func (r *Registry) getPool(ctx context.Context) (*pgxpool.Pool, error) {
 
 	if connInfo.BypassBackendAuth {
 		if p = r.p.GetAny(); p == nil {
-			return nil, lazyerrors.New("no connection pool")
+			// no connection pool has been created yet and authentication
+			// is bypassed, attempt to use credentials to connect
+			username, password := connInfo.Auth()
+
+			var err error
+			if p, err = r.p.Get(username, password); err != nil {
+				return nil, lazyerrors.Error(err)
+			}
 		}
 	} else {
 		username, password := connInfo.Auth()

diff --git a/internal/handler/msg_saslstart.go b/internal/handler/msg_saslstart.go
@@ -60,10 +60,6 @@ func (h *Handler) MsgSASLStart(ctx context.Context, msg *wire.OpMsg) (*wire.OpMs
 		if err != nil {
 			return nil, err
 		}
-
-		if err = h.authenticate(ctx, msg); err != nil {
-			return nil, err
-		}
 	default:
 		msg := fmt.Sprintf("Unsupported authentication mechanism %q.\n", mechanism) +
 			"See https://docs.ferretdb.io/security/authentication/ for more details."
@@ -73,10 +69,10 @@ func (h *Handler) MsgSASLStart(ctx context.Context, msg *wire.OpMsg) (*wire.OpMs
 	if h.EnableNewAuth {
 		// If new auth is enabled and the database does not contain any user,
 		// backend authentication is bypassed.
-		//
-		// If a user connects with any credentials or no credentials at all,
-		// the authentication succeeds until the first user is created.
 		conninfo.Get(ctx).BypassBackendAuth = true
+		if err = h.authenticate(ctx, msg); err != nil {
+			return nil, err
+		}
 	} else {
 		conninfo.Get(ctx).SetAuth(username, password)
 	}