25342609527

Committed 04 May 2026 08:45PM UTC coverage: 77.826% (-0.2%) from 78.067%

Build # 25342609527

Build Type

push

github

Committed by

web-flow

Commit Message

chore: temp-revert optimization to use password instead of sasl on tls (#965)

Coverage Stats

1 of 3 new or added lines in 1 file covered. (33.33%)

8 existing lines in 5 files now uncovered.

2513 of 3229 relevant lines covered (77.83%)

57029.71 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

61.54

/lib/supavisor/client_handler/auth_methods.ex

defmodule Supavisor.ClientHandler.AuthMethods do
  @moduledoc """
  Determines the authentication method based on tenant configuration and client options.
  """

  alias Supavisor.ClientAuthentication
  alias Supavisor.ClientHandler.AuthMethods.Jit
  alias Supavisor.Errors.SslRequiredError
  alias Supavisor.Secrets.ManagerSecrets

  @doc """
  Fetches potential authentication methods for the tenant. If the authentication
  methods enabled for the user require SSL, returns an error if SSL is not enabled.

  When `client_jit` is true (client passed `--jit=true` in options) and the tenant
  has `use_jit` enabled, returns `:jit` to route to the dedicated JIT auth module.
  """
  @spec fetch_authentication_method(
          Supavisor.Tenants.Tenant.t(),
          client_jit :: boolean(),
          ssl? :: boolean(),
          String.t()
        ) ::
          {:ok, :jit | :password | :scram_sha_256} | {:error, SslRequiredError.t()}
  def fetch_authentication_method(tenant, client_jit, ssl?, user) do
    case {tenant.use_jit, client_jit, ssl?} do
      {false, _, _} -> {:ok, :scram_sha_256}
      {true, false, false} -> {:ok, :scram_sha_256}
      {true, false, true} -> {:ok, :password}
      {true, true, false} -> {:error, %SslRequiredError{user: user}}
      {true, true, true} -> {:ok, :jit}
    end
  end

  @doc """
  Handles an auth failure in the different authentication methods.
  """
  def handle_auth_failure(%Jit.Context{}, _err) do
    :ok
  end

  def handle_auth_failure(%_{tenant: %{require_user: true}}, _err) do
    :ok
  end

  def handle_auth_failure(context, %Supavisor.Errors.WrongPasswordError{}) do
    ClientAuthentication.handle_wrong_password(
      context.id,
      context.tenant,
      ManagerSecrets.from_manager_user(context.user)
    )
  end

  def handle_auth_failure(_, _) do
    :ok
  end
end

1	defmodule Supavisor.ClientHandler.AuthMethods do
2	@moduledoc """
3	Determines the authentication method based on tenant configuration and client options.
4	"""
5
6	alias Supavisor.ClientAuthentication
7	alias Supavisor.ClientHandler.AuthMethods.Jit
8	alias Supavisor.Errors.SslRequiredError
9	alias Supavisor.Secrets.ManagerSecrets
10
11	@doc """
12	Fetches potential authentication methods for the tenant. If the authentication
13	methods enabled for the user require SSL, returns an error if SSL is not enabled.
14
15	When `client_jit` is true (client passed `--jit=true` in options) and the tenant
16	has `use_jit` enabled, returns `:jit` to route to the dedicated JIT auth module.
17	"""
18	@spec fetch_authentication_method(
19	Supavisor.Tenants.Tenant.t(),
20	client_jit :: boolean(),
21	ssl? :: boolean(),
22	String.t()
23	) ::
24	{:ok, :jit \| :password \| :scram_sha_256} \| {:error, SslRequiredError.t()}
25	def fetch_authentication_method(tenant, client_jit, ssl?, user) do
26	case {tenant.use_jit, client_jit, ssl?} do	648✔
27	{false, _, _} -> {:ok, :scram_sha_256}	648✔
NEW 28	{true, false, false} -> {:ok, :scram_sha_256}	×
NEW 29	{true, false, true} -> {:ok, :password}	×
30	{true, true, false} -> {:error, %SslRequiredError{user: user}}	×
31	{true, true, true} -> {:ok, :jit}	×
32	end
33	end
34
35	@doc """
36	Handles an auth failure in the different authentication methods.
37	"""
38	def handle_auth_failure(%Jit.Context{}, _err) do	×
39	:ok
40	end
41
42	def handle_auth_failure(%_{tenant: %{require_user: true}}, _err) do	12✔
43	:ok
44	end
45
46	def handle_auth_failure(context, %Supavisor.Errors.WrongPasswordError{}) do
47	ClientAuthentication.handle_wrong_password(	1✔
48	context.id,	1✔
49	context.tenant,	1✔
50	ManagerSecrets.from_manager_user(context.user)	1✔
51	)
52	end
53
54	def handle_auth_failure(_, _) do	1✔
55	:ok
56	end
57	end

supabase / supavisor / 25342609527

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous