Explain the heads in rabbit_auth_backend_internal:user_login_authentication/2.

[#153435857]
author: Michael Klishin <michael@clojurewerkz.org> 2018-01-03 18:07:15 +0800
committer: Michael Klishin <mklishin@pivotal.io> 2018-01-03 18:09:31 +0800
commit: 82ed78914bf0c121f1ba367c15966b51219e142e (patch)
tree: 6d476e99c55822fd65ac7aed4ba8ef6bd66a728e
parent: eed0d39554e78af942512f3027d259645ba6305e (diff)
download: rabbitmq-server-git-82ed78914bf0c121f1ba367c15966b51219e142e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl
index 7335a35242..bd0acd1360 100644
--- a/src/rabbit_auth_backend_internal.erl
+++ b/src/rabbit_auth_backend_internal.erl
@@ -98,8 +98,14 @@ hashing_module_for_user(#internal_user{
     hashing_algorithm = ModOrUndefined}) ->
         rabbit_password:hashing_mod(ModOrUndefined).
 
+%% For cases when we do not have a set of credentials,
+%% namely when x509 (TLS) certificates are used. This should only be
+%% possible when the EXTERNAL authentication mechanism is used, see
+%% rabbit_auth_mechanism_plain:handle_response/2 and rabbit_reader:auth_phase/2.
 user_login_authentication(Username, []) ->
     internal_check_user_login(Username, fun(_) -> true end);
+%% For cases when we do have a set of credentials. rabbit_auth_mechanism_plain:handle_response/2
+%% performs initial validation.
 user_login_authentication(Username, AuthProps) ->
     case lists:keyfind(password, 1, AuthProps) of
         {password, Cleartext} ->
author	Michael Klishin <michael@clojurewerkz.org>	2018-01-03 18:07:15 +0800
committer	Michael Klishin <mklishin@pivotal.io>	2018-01-03 18:09:31 +0800
commit	82ed78914bf0c121f1ba367c15966b51219e142e (patch)
tree	6d476e99c55822fd65ac7aed4ba8ef6bd66a728e
parent	eed0d39554e78af942512f3027d259645ba6305e (diff)
download	rabbitmq-server-git-82ed78914bf0c121f1ba367c15966b51219e142e.tar.gz