[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #6671: Add TO in-memory User cache option to improve performance

[GitBox <gi...@apache.org>]

rawlinp commented on a change in pull request #6671:
URL: https://github.com/apache/trafficcontrol/pull/6671#discussion_r835676499



##########
File path: traffic_ops/traffic_ops_golang/auth/authorize.go
##########
@@ -197,15 +217,26 @@ func GetUserUcdn(form PasswordForm, db *sqlx.DB, ctx context.Context) (string, e
 
 func CheckLocalUserPassword(form PasswordForm, db *sqlx.DB, ctx context.Context) (bool, error, error) {
 	var hashedPassword string
-
-	err := db.GetContext(ctx, &hashedPassword, "SELECT local_passwd FROM tm_user WHERE username=$1", form.Username)
-	if err != nil {
-		if err == context.DeadlineExceeded || err == context.Canceled {
-			return false, nil, err
+	if usersCacheIsEnabled() {
+		u, exists := getUserFromCache(form.Username)
+		if !exists {
+			return false, fmt.Errorf("user '%s' not found in cache", form.Username), nil
+		}
+		if u.LocalPasswd == nil {
+			return false, nil, nil

Review comment:
       I don't think so, because this means the user doesn't have a local password, which is normal behavior if a user is LDAP-only. The original code (and non-usersCache path) will log this non-error, but I didn't feel like correcting that path since it means checking a different sql error and making that conditional more complex.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficcontrol.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org