update comments

FerretDB · Feb 19, 2024 · 5bdcfc4 · 5bdcfc4
1 parent 0d786cb
commit 5bdcfc4
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 37 deletions.
diff --git a/integration/users/connection_test.go b/integration/users/connection_test.go
@@ -309,9 +309,7 @@ func TestAuthenticationEnableNewAuthPLAIN(t *testing.T) {
 	t.Parallel()
 
 	s := setup.SetupWithOpts(t, nil)
-	ctx := s.Ctx
-	collection := s.Collection
-	db := collection.Database()
+	ctx, cName, db := s.Ctx, s.Collection.Name(), s.Collection.Database()
 
 	err := db.RunCommand(ctx, bson.D{
 		{"createUser", "plain-user"},
@@ -321,20 +319,6 @@ func TestAuthenticationEnableNewAuthPLAIN(t *testing.T) {
 	}).Err()
 	require.NoError(t, err, "cannot create user")
 
-	t.Cleanup(func() {
-		opts := options.Client().ApplyURI(s.MongoDBURI).SetAuth(options.Credential{
-			AuthMechanism: "PLAIN",
-			AuthSource:    db.Name(),
-			Username:      "plain-user",
-			Password:      "correct",
-		})
-
-		client, err := mongo.Connect(ctx, opts)
-		require.NoError(t, err)
-
-		require.NoError(t, client.Database(db.Name()).RunCommand(ctx, bson.D{{"dropUser", "plain-user"}}).Err())
-	})
-
 	testCases := map[string]struct {
 		username  string
 		password  string
@@ -384,8 +368,8 @@ func TestAuthenticationEnableNewAuthPLAIN(t *testing.T) {
 			client, err := mongo.Connect(ctx, opts)
 			require.NoError(t, err, "cannot connect to MongoDB")
 
-			connCollection := client.Database(db.Name()).Collection(collection.Name())
-			_, err = connCollection.InsertOne(ctx, bson.D{{"ping", "pong"}})
+			c := client.Database(db.Name()).Collection(cName)
+			_, err = c.InsertOne(ctx, bson.D{{"ping", "pong"}})
 
 			if tc.err != "" {
 				require.ErrorContains(t, err, tc.err)

diff --git a/integration/users/create_user_test.go b/integration/users/create_user_test.go
@@ -305,10 +305,9 @@ func assertSCRAMSHA256Credentials(t testtb.TB, key string, cred *types.Document)
 	assert.NotEmpty(t, must.NotFail(c.Get("storedKey")).(string))
 }
 
-// createTestRunnerUser creates a user in admin database with PLAIN mechanism
-// and returns the test database. It uses username/password pair which is
-// the same as database credentials for integration test. This is done to
-// avoid the need to reconnect as different credential in tests.
+// createTestRunnerUser creates a user in admin database with PLAIN mechanism.
+// The user uses username/password credential which is the same as the database
+// credentials. This is done to avoid the need to reconnect as different credential.
 //
 // Without this, once the first user is created, the authentication fails
 // as username/password does not exist in admin.system.users collection.

diff --git a/integration/users/usersinfo_test.go b/integration/users/usersinfo_test.go
@@ -42,9 +42,8 @@ func TestUsersinfo(t *testing.T) {
 	t.Parallel()
 
 	ctx, collection := setup.Setup(t)
-	db := collection.Database()
-	createTestRunnerUser(t, ctx, db)
-	client := db.Client()
+	createTestRunnerUser(t, ctx, collection.Database())
+	client := collection.Database().Client()
 
 	dbToUsers := []struct {
 		dbSuffix string

diff --git a/internal/backends/postgresql/metadata/registry.go b/internal/backends/postgresql/metadata/registry.go
@@ -86,9 +86,6 @@ type Registry struct {
 }
 
 // NewRegistry creates a registry for PostgreSQL databases with a given base URI.
-//
-// It gets a pool using the user and password from the base URI, which is later used
-// by connections that by passes backend authentication.
 func NewRegistry(u string, l *zap.Logger, sp *state.Provider) (*Registry, error) {
 	p, err := pool.New(u, l, sp)
 	if err != nil {
@@ -126,7 +123,7 @@ func (r *Registry) getPool(ctx context.Context) (*pgxpool.Pool, error) {
 	if connInfo.BypassBackendAuth() {
 		if p = r.p.GetAny(); p == nil {
 			var err error
-			// pass no authentication info to use credentials from the base URI
+			// use credential from the base URI by passing empty values
 			if p, err = r.p.Get("", ""); err != nil {
 				return nil, lazyerrors.Error(err)
 			}

diff --git a/internal/handler/authenticate.go b/internal/handler/authenticate.go
@@ -30,11 +30,11 @@ import (
 )
 
 // authenticate validates the user's credentials in the connection with the
-// credentials in the database. If EnableNewAuth is false or bypass backend auth
-// is set false, it succeeds authentication.
+// credentials in admin.systems.user. If EnableNewAuth is false or bypass backend auth
+// is set false, it succeeds authentication and let backend handle it.
 //
-// When admin.systems.user contains no user, the authentication delegates
-// it to the backend. This may change once local exception is implemented.
+// When admin.systems.user contains no user, the authentication is delegated to
+// the backend. This may change once local exception is implemented.
 func (h *Handler) authenticate(ctx context.Context, msg *wire.OpMsg) error {
 	if !h.EnableNewAuth {
 		return nil
@@ -96,9 +96,10 @@ func (h *Handler) authenticate(ctx context.Context, msg *wire.OpMsg) error {
 	}
 
 	if !hasUser {
-		// There is no user in the database, let backend check the authentication.
-		// Do not want unauthenticated users accessing the database, while there need
-		// to be a way to access the database until local exception is implemented.
+		// There is no user in the database, let the backend check the authentication.
+		// We do not want unauthenticated users accessing the database, while allowing
+		// users with valid backend credentials to access the database
+		// until local exception is implemented.
 		conninfo.Get(ctx).UnsetBypassBackendAuth()
 
 		return nil