Skip to content

Commit e0e79aa

Browse files
authored
Fix raw password user sync under strong policy (#18021)
1 parent f1b4508 commit e0e79aa

2 files changed

Lines changed: 47 additions & 3 deletions

File tree

iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java

Lines changed: 43 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -649,7 +649,9 @@ public void testMultiPathsPermission() throws AuthException, IllegalPathExceptio
649649
}
650650

651651
@Test
652-
public void createUserWithRawPassword() {
652+
public void createUserWithRawPassword() throws AuthException {
653+
cleanUserAndRole();
654+
653655
TSStatus status;
654656
AuthorPlan authorPlan;
655657
authorPlan =
@@ -666,6 +668,46 @@ public void createUserWithRawPassword() {
666668
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
667669
TPermissionInfoResp result = authorInfo.login("testuser", "password123456", false);
668670
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), result.getStatus().getCode());
671+
672+
final boolean originalEnforceStrongPassword =
673+
CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword();
674+
CommonDescriptor.getInstance().getConfig().setEnforceStrongPassword(true);
675+
try {
676+
authorPlan =
677+
new AuthorTreePlan(
678+
ConfigPhysicalPlanType.CreateUser,
679+
"legacyuser",
680+
"",
681+
"legacyuser",
682+
"",
683+
new HashSet<>(),
684+
false,
685+
new ArrayList<>());
686+
status = authorInfo.authorNonQuery(authorPlan);
687+
assertEquals(TSStatusCode.ILLEGAL_PASSWORD.getStatusCode(), status.getCode());
688+
689+
assertEquals(
690+
TSStatusCode.USER_NOT_EXIST.getStatusCode(),
691+
authorInfo.login("legacyuser", "legacyuser", true).getStatus().getCode());
692+
authorPlan =
693+
new AuthorTreePlan(
694+
ConfigPhysicalPlanType.CreateUserWithRawPassword,
695+
"legacyuser",
696+
"",
697+
"legacyuser",
698+
"",
699+
new HashSet<>(),
700+
false,
701+
new ArrayList<>());
702+
status = authorInfo.authorNonQuery(authorPlan);
703+
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), status.getCode());
704+
result = authorInfo.login("legacyuser", "legacyuser", true);
705+
assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), result.getStatus().getCode());
706+
} finally {
707+
CommonDescriptor.getInstance()
708+
.getConfig()
709+
.setEnforceStrongPassword(originalEnforceStrongPassword);
710+
}
669711
}
670712

671713
private void checkAuthorNonQueryReturn(AuthorPlan plan) {

iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,8 @@ public void tryToCreateBuiltinUser(
205205
private void validCheckForNewUser(String username, String password, boolean enableEncrypt)
206206
throws AuthException {
207207
if (!CommonDescriptor.getInstance().getConfig().getDefaultAdminName().equals(username)) {
208-
if (username.equals(password)
208+
if (enableEncrypt
209+
&& username.equals(password)
209210
&& CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()) {
210211
throw new AuthException(
211212
TSStatusCode.ILLEGAL_PASSWORD, AuthMessages.PASSWORD_SAME_AS_USERNAME);
@@ -220,7 +221,8 @@ private void validCheckForNewUser(String username, String password, boolean enab
220221
private void validCheckForBuiltinUser(
221222
String username, String password, boolean enableEncrypt, long userId) throws AuthException {
222223
if (!CommonDescriptor.getInstance().getConfig().getDefaultAdminName().equals(username)) {
223-
if (username.equals(password)
224+
if (enableEncrypt
225+
&& username.equals(password)
224226
&& CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()) {
225227
throw new AuthException(
226228
TSStatusCode.ILLEGAL_PASSWORD, AuthMessages.PASSWORD_SAME_AS_USERNAME);

0 commit comments

Comments
 (0)