You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2022/12/12 07:43:50 UTC

[GitHub] [servicecomb-service-center] Sphairis opened a new pull request, #1365: extend password

Sphairis opened a new pull request, #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365

   Follow this checklist to help us incorporate your contribution quickly and easily:
   
    - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/SCB) filed for the change (usually before you start working on it).  Trivial changes like typos do not require a JIRA issue.  Your pull request should address just this issue, without pulling in other changes.
    - [ ] Each commit in the pull request should have a meaningful subject line and body.
    - [ ] Format the pull request title like `[SCB-XXX] Fixes bug in ApproximateQuantiles`, where you replace `SCB-XXX` with the appropriate JIRA issue.
    - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
    - [ ] Run `go build` `go test` `go fmt` `go vet` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
    - [ ] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
    - [ ] Never comment source code, delete it.
    - [ ] UT should has "context, subject, expected result" result as test case name, when you call t.Run().
   ---
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] Sphairis commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

Sphairis commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045785416


##########
pkg/privacy/password_test.go:
##########
@@ -23,42 +23,9 @@ import (
 
 	"github.com/apache/servicecomb-service-center/pkg/privacy"
 	scrypt "github.com/elithrar/simple-scrypt"
-	"github.com/go-chassis/foundation/stringutil"
-	"github.com/stretchr/testify/assert"
 	"golang.org/x/crypto/pbkdf2"
 )
 
-func TestHashPassword(t *testing.T) {

Review Comment:
   用例是那个废弃方法的



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] Sphairis commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

Sphairis commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045785416


##########
pkg/privacy/password_test.go:
##########
@@ -23,42 +23,9 @@ import (
 
 	"github.com/apache/servicecomb-service-center/pkg/privacy"
 	scrypt "github.com/elithrar/simple-scrypt"
-	"github.com/go-chassis/foundation/stringutil"
-	"github.com/stretchr/testify/assert"
 	"golang.org/x/crypto/pbkdf2"
 )
 
-func TestHashPassword(t *testing.T) {

Review Comment:
   用例是哪个废弃方法的



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

little-cui commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045518865


##########
pkg/privacy/password.go:
##########
@@ -33,6 +33,17 @@ const (
 
 var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
 
+// DefaultManager default manager
+var DefaultManager PasswordManager = &Password{}
+
+type PasswordManager interface {
+	ScryptPassword(pwd string) (string, error)
+	SamePassword(hashedPwd, pwd string) bool
+}
+
+type Password struct {
+}
+
 // HashPassword
 // Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
 func HashPassword(pwd string) (string, error) {

Review Comment:
   删除此方法



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

little-cui commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045805569


##########
pkg/privacy/password_test.go:
##########
@@ -117,3 +96,10 @@ func BenchmarkPbkdf2(b *testing.B) {
 	})
 	b.ReportAllocs()
 }
+func TestDefaultManager(t *testing.T) {
+	privacy.DefaultManager = &mockPassword{}

Review Comment:
   执行完，得还原，怕其他UT依赖默认实现



##########
pkg/privacy/password_test.go:
##########
@@ -19,46 +19,25 @@ package privacy_test
 
 import (
 	"crypto/sha512"
+	"github.com/stretchr/testify/assert"

Review Comment:
   执行goimport



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] Sphairis commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

Sphairis commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045627495


##########
pkg/privacy/password.go:
##########
@@ -33,6 +33,17 @@ const (
 
 var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
 
+// DefaultManager default manager
+var DefaultManager PasswordManager = &Password{}
+
+type PasswordManager interface {
+	ScryptPassword(pwd string) (string, error)
+	SamePassword(hashedPwd, pwd string) bool
+}
+
+type Password struct {
+}
+
 // HashPassword
 // Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
 func HashPassword(pwd string) (string, error) {

Review Comment:
   已删除



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui merged pull request #1365: [feat]RBAC帐号password加密算法支持自定义扩展

Posted by GitBox <gi...@apache.org>.

little-cui merged PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

little-cui commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045517591


##########
pkg/privacy/password.go:
##########
@@ -42,14 +53,14 @@ func HashPassword(pwd string) (string, error) {
 	}
 	return stringutil.Bytes2str(hash), nil
 }
-func ScryptPassword(pwd string) (string, error) {
+func (p *Password) ScryptPassword(pwd string) (string, error) {

Review Comment:
   不需要修改对外公开的方法，而是在方法里引用DefaultManager，这样其他地方就不需要修改，其他扩展的地方，只需要Init时替换DefaultManager即可



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

little-cui commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045518865


##########
pkg/privacy/password.go:
##########
@@ -33,6 +33,17 @@ const (
 
 var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
 
+// DefaultManager default manager
+var DefaultManager PasswordManager = &Password{}
+
+type PasswordManager interface {
+	ScryptPassword(pwd string) (string, error)
+	SamePassword(hashedPwd, pwd string) bool
+}
+
+type Password struct {
+}
+
 // HashPassword
 // Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
 func HashPassword(pwd string) (string, error) {

Review Comment:
   改成私有



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] little-cui commented on a diff in pull request #1365: extend password

Posted by GitBox <gi...@apache.org>.

little-cui commented on code in PR #1365:
URL: https://github.com/apache/servicecomb-service-center/pull/1365#discussion_r1045565608


##########
pkg/privacy/password.go:
##########
@@ -33,23 +32,26 @@ const (
 
 var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
 
-// HashPassword
-// Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
-func HashPassword(pwd string) (string, error) {
-	hash, err := bcrypt.GenerateFromPassword([]byte(pwd), 14)
-	if err != nil {
-		return "", err
-	}
-	return stringutil.Bytes2str(hash), nil
+// DefaultManager default manager
+var DefaultManager PasswordManager = &Password{}
+
+type PasswordManager interface {
+	EncryptPassword(pwd string) (string, error)
+	CheckPassword(hashedPwd, pwd string) bool
 }
-func ScryptPassword(pwd string) (string, error) {
+
+type Password struct {
+}
+
+func (p Password) EncryptPassword(pwd string) (string, error) {

Review Comment:
   应该是p *Password



##########
pkg/privacy/password.go:
##########
@@ -33,23 +32,26 @@ const (
 
 var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
 
-// HashPassword
-// Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
-func HashPassword(pwd string) (string, error) {
-	hash, err := bcrypt.GenerateFromPassword([]byte(pwd), 14)
-	if err != nil {
-		return "", err
-	}
-	return stringutil.Bytes2str(hash), nil
+// DefaultManager default manager
+var DefaultManager PasswordManager = &Password{}
+
+type PasswordManager interface {
+	EncryptPassword(pwd string) (string, error)
+	CheckPassword(hashedPwd, pwd string) bool
 }
-func ScryptPassword(pwd string) (string, error) {
+
+type Password struct {

Review Comment:
   改成私有，小写passwordManager



##########
pkg/privacy/password_test.go:
##########
@@ -23,42 +23,9 @@ import (
 
 	"github.com/apache/servicecomb-service-center/pkg/privacy"
 	scrypt "github.com/elithrar/simple-scrypt"
-	"github.com/go-chassis/foundation/stringutil"
-	"github.com/stretchr/testify/assert"
 	"golang.org/x/crypto/pbkdf2"
 )
 
-func TestHashPassword(t *testing.T) {

Review Comment:
   1、为什么要删除用例？
   2、请增加UT：test中使用mock的struct替换defaultmanager的测试



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org