BREAKING(sasl): make sasl mechanisms async

Author: Pierre Cauchois

lib/sasl.js

@@ -71,13 +71,13 @@ var PlainClient = function(username, password) {
     this.password = password;
 };
 
-PlainClient.prototype.start = function() {
+PlainClient.prototype.start = function(callback) {
     var response = new Buffer(1 + this.username.length + 1 + this.password.length);
     response.writeUInt8(0, 0);
     response.write(this.username, 1);
     response.writeUInt8(0, 1 + this.username.length);
     response.write(this.password, 1 + this.username.length + 1);
-    return response;
+    callback(undefined, response);
 };
 
 var AnonymousServer = function() {
@@ -94,11 +94,11 @@ var AnonymousClient = function(name) {
     this.username = name ? name : 'anonymous';
 };
 
-AnonymousClient.prototype.start = function() {
+AnonymousClient.prototype.start = function(callback) {
     var response = new Buffer(1 + this.username.length);
     response.writeUInt8(0, 0);
     response.write(this.username, 1);
-    return response;
+    callback(undefined, response);
 };
 
 var ExternalServer = function() {
@@ -114,20 +114,20 @@ var ExternalClient = function() {
     this.username = undefined;
 };
 
-ExternalClient.prototype.start = function() {
-    return '';
+ExternalClient.prototype.start = function(callback) {
+    callback(undefined, '');
 };
 
-ExternalClient.prototype.step = function() {
-    return '';
+ExternalClient.prototype.step = function(callback) {
+    callback(undefined, '');
 };
 
 var XOAuth2Client = function(username, token) {
     this.username = username;
     this.token = token;
 };
 
-XOAuth2Client.prototype.start = function() {
+XOAuth2Client.prototype.start = function(callback) {
     var response = new Buffer(this.username.length + this.token.length + 5 + 12 + 3);
     var count = 0;
     response.write('user=', count);
@@ -144,7 +144,7 @@ XOAuth2Client.prototype.start = function() {
     count += 1;
     response.writeUInt8(1, count);
     count += 1;
-    return response;
+    callback(response);
 };
 
 /**
@@ -228,25 +228,41 @@ SaslClient.prototype.on_sasl_mechanisms = function (frame) {
         var mech = frame.performative.sasl_server_mechanisms[i];
         var f = this.mechanisms[mech];
         if (f) {
-            this.mechanism = f();
+            this.mechanism = typeof f === 'function' ? f() : f;
             this.mechanism_name = mech;
         }
     }
     if (this.mechanism) {
-        var response = this.mechanism.start();
-        var init = {'mechanism':this.mechanism_name,'initial_response':response};
-        if (this.hostname) {
-            init.hostname = this.hostname;
+        var self = this;
+        this.mechanism.start(function (err, response) {
+            if (err) {
+                self.failed = true;
+                self.connection.sasl_failed('SASL mechanism init failed: ' + err);
+            } else {
+                var init = {'mechanism':self.mechanism_name,'initial_response':response};
+                if (self.hostname) {
+                    init.hostname = self.hostname;
+                }
+                self.transport.encode(frames.sasl_frame(frames.sasl_init(init).described()));
+                self.connection.output();
         }
-        this.transport.encode(frames.sasl_frame(frames.sasl_init(init).described()));
+        });
     } else {
         this.failed = true;
         this.connection.sasl_failed('No suitable mechanism; server supports ' + frame.performative.sasl_server_mechanisms);
     }
 };
 SaslClient.prototype.on_sasl_challenge = function (frame) {
-    var response = this.mechanism.step(frame.performative.challenge);
-    this.transport.encode(frames.sasl_frame(frames.sasl_response({'response':response}).described()));
+    var self = this;
+    this.mechanism.step(frame.performative.challenge, function (err, response) {
+        if (err) {
+            self.failed = true;
+            self.connection.sasl_failed('SASL mechanism challenge failed: ' + err);
+        } else {
+            self.transport.encode(frames.sasl_frame(frames.sasl_response({'response':response}).described()));
+            self.connection.output();
+        }
+    });
 };
 SaslClient.prototype.on_sasl_outcome = function (frame) {
     switch (frame.performative.code) {

test/sasl.ts

@@ -43,7 +43,7 @@ describe('sasl plain', function() {
         container.connect({username:'bob',password:'bob',port:listener.address().port}).on('connection_open', function(context) { context.connection.close(); done(); });
     });
     it('handles authentication failure', function(done: Function) {
-        container.connect({username:'whatsit',password:'anyoldrubbish',port:listener.address().port}).on('connection_error', function(context) { 
+        container.connect({username:'whatsit',password:'anyoldrubbish',port:listener.address().port}).on('connection_error', function(context) {
             var error = context.connection.get_error();
             assert.equal(error.condition, 'amqp:unauthorized-access');
             done();
@@ -132,3 +132,91 @@ describe('sasl anonymous', function() {
         });
     });
 });
+
+describe('user-provided sasl mechanism', function () {
+    var container: rhea.Container, listener: any;
+    var testClientSaslMechanism = {
+        start: function (callback: Function) { callback(null, 'initialResponse'); },
+        step: function (challenge: any, callback: Function) { callback (null, 'challengeResponse'); }
+    };
+
+    beforeEach(function(done: Function) {
+        container = rhea.create_container();
+        container.on('disconnected', function () {});
+        listener = container.listen({port:0});
+        listener.on('listening', function() {
+            done();
+        });
+    });
+
+    afterEach(function() {
+        listener.close();
+    });
+
+    it('calls start and step on the custom sasl mechanism', function (done: Function) {
+        var startCalled = false;
+        var stepCalled = false;
+        var connectOptions = {
+            sasl_mechanisms: {
+                'CUSTOM': testClientSaslMechanism
+            },
+            port: listener.address().port
+        }
+
+        container.sasl_server_mechanisms['CUSTOM'] = function () {
+            return {
+                outcome: undefined,
+                start: function () {
+                    startCalled = true;
+                    return 'initialResponse';
+                },
+                step: function () {
+                    stepCalled = true;
+                    this.outcome = <any>true;
+                    return;
+                }
+            };
+        };
+
+        container.connect(connectOptions).on('connection_open', function(context) {
+            context.connection.close();
+            assert(startCalled);
+            assert(stepCalled);
+            done();
+        });
+    });
+
+    it('handles authentication failure if the custom server sasl mechanism fails', function (done: Function) {
+        var startCalled = false;
+        var stepCalled = false;
+        var connectOptions = {
+            sasl_mechanisms: {
+                'CUSTOM': testClientSaslMechanism
+            },
+            port: listener.address().port
+        }
+
+        container.sasl_server_mechanisms['CUSTOM'] = function () {
+            return {
+                outcome: undefined,
+                start: function () {
+                    startCalled = true;
+                    return 'initialResponse';
+                },
+                step: function () {
+                    stepCalled = true;
+                    this.outcome = <any>false;
+                    return;
+                }
+            };
+        };
+
+        container.connect(connectOptions).on('connection_error', function(context) {
+            var error = context.connection.get_error();
+            assert.equal(error.condition, 'amqp:unauthorized-access');
+            assert(startCalled);
+            assert(stepCalled);
+            done();
+        });
+    });
+});