#
# MDEV-9835 Valid password is not working after server restart.
#
# Various combinations of SET PASSWORD and not-empty mysql.user.plugin field
#
--source include/not_embedded.inc
#enable view protocol after fix MDEV-29542
--source include/no_view_protocol.inc

--enable_connect_log

set global secure_auth=0;

# The hash (old and new) is for 'test'
create user natauth@localhost identified via 'mysql_native_password' using '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';

create user invalidauth@localhost identified via 'mysql_native_password' using 'invalid';

create user newpass@localhost identified by password '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';

create user invalidpass@localhost identified by password 'invalid';

create user newpassnat@localhost identified via 'mysql_native_password';
set password for newpassnat@localhost = '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29';

create user invalidpassnat@localhost identified by password 'invalid';
set password for invalidpassnat@localhost = 'invalid';

create user oldauth@localhost identified with 'mysql_old_password' using '378b243e220ca493';

create user oldpass@localhost identified by password '378b243e220ca493';

create user oldpassold@localhost identified with 'mysql_old_password';
set password for oldpassold@localhost = '378b243e220ca493';

create user invalidmysql57auth@localhost identified via 'mysql_native_password' using '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE';

--sorted_result
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';

--connect(con,localhost,natauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test,)
select current_user();
--disconnect con

--connection default

flush privileges;

--connect(con,localhost,natauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test,)
select current_user();
--disconnect con

--connection default

# changing to the NEW password hash
set password for natauth@localhost = PASSWORD('test2');
set password for newpass@localhost = PASSWORD('test2');
set password for newpassnat@localhost = PASSWORD('test2');
set password for oldauth@localhost = PASSWORD('test2');
set password for oldpass@localhost = PASSWORD('test2');
set password for oldpassold@localhost = PASSWORD('test2');

--sorted_result
select user, host, password, plugin, authentication_string from mysql.user where user != 'root';

--connect(con,localhost,natauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test2,)
select current_user();
--disconnect con

--connection default

flush privileges;

--connect(con,localhost,natauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,newpassnat,test2,)
select current_user();
--disconnect con

--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
--connect(con,localhost,invalidauth,invalid,)
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
--connect(con,localhost,invalidpass,invalid,)
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
--connect(con,localhost,invalidpassnat,invalid,)
--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
--error ER_ACCESS_DENIED_ERROR
--connect(con,localhost,invalidmysql57auth,invalid,)

--connect(con,localhost,oldauth,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpass,test2,)
select current_user();
--disconnect con
--connect(con,localhost,oldpassold,test2,)
select current_user();
--disconnect con

--connection default
drop user natauth@localhost, newpass@localhost, newpassnat@localhost;
drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost,invalidmysql57auth@localhost;
drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost;
set global secure_auth=default;

#
# MDEV-16238 root/localhost authn prioritizes authentication_string over Password
#
--source include/switch_to_mysql_user.inc
create user foo@localhost identified with mysql_native_password;
update mysql.user set authentication_string=password('foo'), plugin='mysql_native_password' where user='foo' and host='localhost';
set password for 'foo'@'localhost' = password('bar');
flush privileges;
--connect foo, localhost, foo, bar
select user(), current_user();
show grants;
--disconnect foo
--connection default
select user,host,password,plugin,authentication_string from mysql.user where user='foo';
set password for 'foo'@'localhost' = '';
select user,host,password,plugin,authentication_string from mysql.user where user='foo';
drop user foo@localhost;
--source include/switch_to_mysql_global_priv.inc