From 53ed899cbc9635cf7ebc7fb8223eae71463bdef8 Mon Sep 17 00:00:00 2001
From: Akhil Thayyil <loginakhil@gmail.com>
Date: Sun, 22 Nov 2020 10:03:40 +0100
Subject: [PATCH] refactoring error handling in sasl auth

---
 internal/auth/sasl.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/internal/auth/sasl.go b/internal/auth/sasl.go
index de547136..06417ce0 100644
--- a/internal/auth/sasl.go
+++ b/internal/auth/sasl.go
@@ -32,6 +32,7 @@ import (
 
 var (
 	ErrUnsupportedMech = errors.New("Unsupported SASL mechanism")
+	ErrInvalidAuthCred = errors.New("auth: invalid credentials")
 )
 
 // SASLAuth is a wrapper that initializes sasl.Server using authenticators that
@@ -63,14 +64,10 @@ func (s *SASLAuth) AuthPlain(username, password string) error {
 
 	var lastErr error
 	for _, p := range s.Plain {
-		err := p.AuthPlain(username, password)
-		if err == nil {
+		lastErr = p.AuthPlain(username, password)
+		if lastErr == nil {
 			return nil
 		}
-		if err != nil {
-			lastErr = err
-			continue
-		}
 	}
 
 	return fmt.Errorf("no auth. provider accepted creds, last err: %w", lastErr)
@@ -88,7 +85,7 @@ func (s *SASLAuth) CreateSASL(mech string, remoteAddr net.Addr, successCb func(i
 			err := s.AuthPlain(username, password)
 			if err != nil {
 				s.Log.Error("authentication failed", err, "username", username, "src_ip", remoteAddr)
-				return errors.New("auth: invalid credentials")
+				return ErrInvalidAuthCred
 			}
 
 			return successCb(identity)
@@ -98,7 +95,7 @@ func (s *SASLAuth) CreateSASL(mech string, remoteAddr net.Addr, successCb func(i
 			err := s.AuthPlain(username, password)
 			if err != nil {
 				s.Log.Error("authentication failed", err, "username", username, "src_ip", remoteAddr)
-				return errors.New("auth: invalid credentials")
+				return ErrInvalidAuthCred
 			}
 
 			return successCb(username)