Explain the heads in rabbit_auth_backend_internal:user_login_authentication/2.

[#153435857] (cherry picked from commit 20945a9ba27d4ab35e431bc9552962b92c54ed71)
author: Michael Klishin <michael@clojurewerkz.org> 2018-01-03 18:07:15 +0800
committer: Michael Klishin <mklishin@pivotal.io> 2018-01-03 18:10:00 +0800
commit: d1e52956bb415fd79ee19347504a10640213d829 (patch)
tree: b61fac5f7b7eb304f658b60aa751dde851061dbd
parent: 9c79348ed61d2c803ec4e6aa8153177fed282a18 (diff)
download: rabbitmq-server-git-d1e52956bb415fd79ee19347504a10640213d829.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl
index 7335a35242..bd0acd1360 100644
--- a/src/rabbit_auth_backend_internal.erl
+++ b/src/rabbit_auth_backend_internal.erl
@@ -98,8 +98,14 @@ hashing_module_for_user(#internal_user{
     hashing_algorithm = ModOrUndefined}) ->
         rabbit_password:hashing_mod(ModOrUndefined).
 
+%% For cases when we do not have a set of credentials,
+%% namely when x509 (TLS) certificates are used. This should only be
+%% possible when the EXTERNAL authentication mechanism is used, see
+%% rabbit_auth_mechanism_plain:handle_response/2 and rabbit_reader:auth_phase/2.
 user_login_authentication(Username, []) ->
     internal_check_user_login(Username, fun(_) -> true end);
+%% For cases when we do have a set of credentials. rabbit_auth_mechanism_plain:handle_response/2
+%% performs initial validation.
 user_login_authentication(Username, AuthProps) ->
     case lists:keyfind(password, 1, AuthProps) of
         {password, Cleartext} ->
author	Michael Klishin <michael@clojurewerkz.org>	2018-01-03 18:07:15 +0800
committer	Michael Klishin <mklishin@pivotal.io>	2018-01-03 18:10:00 +0800
commit	d1e52956bb415fd79ee19347504a10640213d829 (patch)
tree	b61fac5f7b7eb304f658b60aa751dde851061dbd
parent	9c79348ed61d2c803ec4e6aa8153177fed282a18 (diff)
download	rabbitmq-server-git-d1e52956bb415fd79ee19347504a10640213d829.tar.gz