pub fn authenticate_connect(
users: &UserStore,
expected_password: Option<&str>,
username: Option<&str>,
password: Option<&str>,
) -> AuthOutcomeExpand description
Pure, exhaustively-testable authentication decision for a CONNECT handshake.
Policy:
- If
usershas at least one user, multi-user auth is in force: ausernameis required andusers.authenticate(username, password)must succeed. Unknown user, wrong password, or a missing username all reject with an indistinguishableRejected(no user-vs-password leak). - If
usersis empty, fall back verbatim to the legacy behavior: whenexpected_passwordisSome, the candidate must match it (constant time); whenNone, no auth is required (open). Theusernameis ignored here so that a new client talking to a shared-password server still connects.