Update to ensure we only request the password once

also update the caching test to allow for the fact that we request the password once on every auth attempt

Author: gdsmith

server/auth.go

@@ -60,6 +60,9 @@ func (c *Conn) compareAuthData(authPluginName string, clientAuthData []byte) err
 }
 
 func (c *Conn) acquirePassword() error {
+	if c.credential.password != "" {
+		return nil
+	}
 	credential, found, err := c.credentialProvider.GetCredential(c.user)
 	if err != nil {
 		return err

server/caching_sha2_cache_test.go

@@ -147,7 +147,7 @@ func (s *cacheTestSuite) TestCache() {
 	s.db.SetMaxIdleConns(4)
 	s.runSelect()
 	got = s.credProvider.(*RemoteThrottleProvider).getCredCallCount.Load()
-	require.Equal(s.T(), int64(1), got)
+	require.Equal(s.T(), int64(2), got)
 
 	if s.db != nil {
 		s.db.Close()

server/handshake_resp.go

@@ -200,14 +200,12 @@ func (c *Conn) handlePublicKeyRetrieval(authData []byte) (bool, error) {
 func (c *Conn) handleAuthMatch() (bool, error) {
 	// if the client responds the handshake with a different auth method, the server will send the AuthSwitchRequest packet
 	// to the client to ask the client to switch.
-	credential, _, err := c.credentialProvider.GetCredential(c.user)
-	if err != nil {
+	if err := c.acquirePassword(); err != nil {
 		return false, err
 	}
-	c.credential = credential
 
-	if c.authPluginName != credential.authPluginName {
-		if err := c.writeAuthSwitchRequest(credential.authPluginName); err != nil {
+	if c.authPluginName != c.credential.authPluginName {
+		if err := c.writeAuthSwitchRequest(c.credential.authPluginName); err != nil {
 			return false, err
 		}
 		// handle AuthSwitchResponse