Those gotta be the best commits I've ever seen 😁

Failures unrelated

Marking offtopic hides the comments only, or aborts the backport? The commits 1+4 should be backported until 16. 2+3 could be skipped, as they just make debugging easier as it makes handling of exceptions more explicit, but they don't fix a primary error.

Marking offtopic hides the comments only, or aborts the backport?

only hide :)
This was for visibility 😉

Okay this fixes the authentication plugin situation currently, but e.g. requires maintenance when new MySQL version come up or MariaDB switches to a different default authentication method, when a password is supplied that way.

An alternative that would be more future prove:

$query = "CREATE USER '$name'@'localhost' IDENTIFIED WITH mysql_native_password;"
$connection->executeUpdate($query);
$query = "ALTER USER '$name'@'localhost' IDENTIFIED BY '$password';"
$connection->executeUpdate($query);

• The syntax here is the same with all MySQL and MariaDB versions: [17.0.2] "occ maintenance:install" uses "oc_<admin>" before creating it #18513 (comment)
• Ah but to be true I am currently not sure if creating the user with plugin works without applying a password in the same query for all MySQL/MariaDB versions.

I checked that and it didn't work on mysql 8 and mariadb 10.4 with the same Syntax. Password needs to be hashed manually for mariadb etc. So i think that's the better story for now

backport to stable18 in #19326

/backport to stable17

/backport to stable16

backport to stable17 in #19327

backport to stable16 in #19328

@nickvergessen

I checked that and it didn't work on mysql 8 and mariadb 10.4 with the same Syntax. Password needs to be hashed manually for mariadb etc. So i think that's the better story for now

Strange, works perfectly fine here with MariaDB:

2020-02-06 23:28:45 root@VM-Buster:~$ mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 47
Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> select user,host,plugin,password from mysql.user;
+------+-----------+-------------+----------+
| user | host      | plugin      | password |
+------+-----------+-------------+----------+
| root | localhost | unix_socket |          |
+------+-----------+-------------+----------+
1 row in set (0.000 sec)

MariaDB [(none)]> create user test@localhost identified with mysql_native_password;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> select user,host,plugin,password from mysql.user;
+------+-----------+-------------+----------+
| user | host      | plugin      | password |
+------+-----------+-------------+----------+
| root | localhost | unix_socket |          |
| test | localhost |             |          |
+------+-----------+-------------+----------+
2 rows in set (0.000 sec)

MariaDB [(none)]> alter user test@localhost identified by 'test';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> select user,host,plugin,password from mysql.user;
+------+-----------+-------------+-------------------------------------------+
| user | host      | plugin      | password                                  |
+------+-----------+-------------+-------------------------------------------+
| root | localhost | unix_socket |                                           |
| test | localhost |             | *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29 |
+------+-----------+-------------+-------------------------------------------+
2 rows in set (0.000 sec)

Also the docs state clearly that plain test password must be used here: https://mariadb.com/kb/en/alter-user/
Hashed password is possible/required when using:

... IDENTIFIED BY PASSWORD 'password_hash'

Such a solution would solve the issue with Nextcloud 16 as well: #19328 (comment)

Sadly Debian does not ship MariaDB even on Bullseye+Sid and no MySQL, hence I cannot test with these.

Well yes it works like that, but that doesn't work with mysql8. And if you specify the plugin it requires the hash in mariadb. Anyway the PR we use now fixes it for all supported dbs... Good enough

@nickvergessen

And if you specify the plugin it requires the hash in mariadb.

That must be either wrong or new in MariaDB 10.4, as with 10.3 it's not true, as of the two different syntax for plain and hashed password, see above.

but that doesn't work with mysql8

Okay, no chance then. A pain that syntax differs on such basic SQL commands 😢.