lgoldstein commented on pull request #156: URL: https://github.com/apache/mina-sshd/pull/156#issuecomment-669991915
Looks good - while reading it I was wondering what if the user calls `auth()` again (e.g., after unsuccessful attempt). In such a case, the `earlyErrors` have been nullified so on the 2nd call they will no longer be accumulated. According to the code in the `ClientUserAuthService` it is allowed to start a new `auth()` even while another is in progress. I therefore think that we should only save the first signaled error after a null in an `AtomicReference` and nullify its contents when new auth occurs. I have pushed your changes + the above change for your review. It does pose an interesting question which I believe is not covered by both our changes: since the early error is nullified, a 2nd attempt will not "sense" it... Is it OK to have this "gap" and rely on the user timing out ? If so, the how do we prevent the user from using the infinite `verify` or `await` ? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
