WL13335: Connectors should handle expired password sandbox without SET

isrgomez · isrgomez · commit 3b6428b7664e · 2019-08-24T20:25:30.000-05:00
operations

Server does not allow to run any other statement different from ALTER
when user's password has been expired. This worklog ensures the user is
capable to change an expired password using the ALTER statement with
the use of the 'CAN_HANDLE_EXPIRED_PASSWORDS' flag, the use of this
flag will make the connector skip any SET statement; normally run to
set configuration options after a successfully connection.
diff --git a/lib/mysql/connector/abstracts.py b/lib/mysql/connector/abstracts.py
@@ -779,7 +779,10 @@ def connect(self, **kwargs):
 
         self.disconnect()
         self._open_connection()
-        self._post_connection()
+        # Server does not allow to run any other statement different from ALTER 
+        # when user's password has been expired.
+        if not self._client_flags & ClientFlag.CAN_HANDLE_EXPIRED_PASSWORDS:
+            self._post_connection()
 
     def reconnect(self, attempts=1, delay=0):
         """Attempt to reconnect to the MySQL server
diff --git a/tests/test_connection.py b/tests/test_connection.py
@@ -1950,3 +1950,39 @@ def test_connection_attributes_user_defined(self):
                                  "Attribute {} with value {} differs of {}"
                                  "".format(attr_name, res_dict[attr_name],
                                            expected_attrs[attr_name]))
+
+
+class WL13335(tests.MySQLConnectorTests):
+    """WL#13335: Avoid set config values whit flag CAN_HANDLE_EXPIRED_PASSWORDS
+    """
+    def setUp(self):
+        self.config = tests.get_mysql_config()
+        cnx = connection.MySQLConnection(**self.config)
+        self.user = "expired_pw_user"
+        self.passw = "i+QEqGkFr8h5"
+        self.hosts = ["localhost", "127.0.0.1"]
+        for host in self.hosts:
+            cnx.cmd_query("CREATE USER '{}'@'{}' IDENTIFIED BY "
+                          "'{}'".format(self.user, host, self.passw))
+            cnx.cmd_query("GRANT ALL ON *.* TO '{}'@'{}'"
+                          "".format(self.user, host))
+            cnx.cmd_query("ALTER USER '{}'@'{}' PASSWORD EXPIRE"
+                          "".format(self.user, host))
+        cnx.close()
+
+    def tearDown(self):
+        cnx = connection.MySQLConnection(**self.config)
+        for host in self.hosts:
+            cnx.cmd_query("DROP USER '{}'@'{}'".format(self.user, host))
+        cnx.close()
+
+    @tests.foreach_cnx()
+    def test_connect_with_can_handle_expired_pw_flag(self):
+        cnx_config = self.config.copy()
+        cnx_config['user'] = self.user
+        cnx_config['password'] = self.passw
+        flags = constants.ClientFlag.get_default()
+        flags |= constants.ClientFlag.CAN_HANDLE_EXPIRED_PASSWORDS
+        cnx_config['client_flags'] =flags
+        # connection must be successful
+        _ = self.cnx.__class__(**cnx_config)
