Explain the heads in rabbit_auth_backend_internal:user_login_authentication/2.

michaelklishin · michaelklishin · commit 20945a9ba27d · 2018-01-03T18:07:15.000+08:00
[#153435857]
diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl
@@ -93,8 +93,14 @@ hashing_module_for_user(#internal_user{
     hashing_algorithm = ModOrUndefined}) ->
         rabbit_password:hashing_mod(ModOrUndefined).
 
+%% For cases when we do not have a set of credentials,
+%% namely when x509 (TLS) certificates are used. This should only be
+%% possible when the EXTERNAL authentication mechanism is used, see
+%% rabbit_auth_mechanism_plain:handle_response/2 and rabbit_reader:auth_phase/2.
 user_login_authentication(Username, []) ->
     internal_check_user_login(Username, fun(_) -> true end);
+%% For cases when we do have a set of credentials. rabbit_auth_mechanism_plain:handle_response/2
+%% performs initial validation.
 user_login_authentication(Username, AuthProps) ->
     case lists:keyfind(password, 1, AuthProps) of
         {password, Cleartext} ->
