You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kylin.apache.org by xx...@apache.org on 2022/12/05 10:20:55 UTC

[kylin] 03/22: KYLIN-5312 Add verification to the parameters about update password

This is an automated email from the ASF dual-hosted git repository.

xxyu pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 4989854945e1ba3dfe3b49e51a5c921c71227e31
Author: KmCherry0 <86...@users.noreply.github.com>
AuthorDate: Thu Oct 13 15:18:44 2022 +0800

    KYLIN-5312 Add verification to the parameters about update password
---
 .../org/apache/kylin/rest/controller/NUserController.java   | 13 +++++--------
 .../apache/kylin/rest/controller/NUserControllerTest.java   |  6 +++---
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java b/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
index baf08f0375..5321112578 100644
--- a/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
+++ b/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
@@ -54,6 +54,7 @@ import org.apache.kylin.common.persistence.transaction.AclTCRRevokeEventNotifier
 import org.apache.kylin.common.scheduler.EventBusFactory;
 import org.apache.kylin.common.util.RandomUtil;
 import org.apache.kylin.metadata.MetadataConstants;
+import org.apache.kylin.metadata.user.ManagedUser;
 import org.apache.kylin.rest.config.initialize.AfterMetadataReadyEvent;
 import org.apache.kylin.rest.constant.Constant;
 import org.apache.kylin.rest.exception.UnauthorizedException;
@@ -101,7 +102,6 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 
-import org.apache.kylin.metadata.user.ManagedUser;
 import io.swagger.annotations.ApiOperation;
 import lombok.SneakyThrows;
 import lombok.val;
@@ -423,21 +423,15 @@ public class NUserController extends NBasicController implements ApplicationList
             throw new KylinException(PERMISSION_DENIED, msg.getPermissionDenied());
         }
         accessService.checkDefaultAdmin(username, true);
-        val oldPassword = pwdBase64Decode(StringUtils.isEmpty(user.getPassword()) ? StringUtils.EMPTY : user.getPassword());
-        val newPassword = pwdBase64Decode(user.getNewPassword());
 
         checkUsername(username);
 
-        checkPasswordLength(newPassword);
-
-        checkPasswordCharacter(newPassword);
-
         ManagedUser existingUser = getManagedUser(username);
         if (existingUser == null) {
             throw new KylinException(USER_NOT_EXIST, String.format(Locale.ROOT, msg.getUserNotFound(), username));
         }
         val actualOldPassword = existingUser.getPassword();
-
+        val oldPassword = pwdBase64Decode(StringUtils.isEmpty(user.getPassword()) ? StringUtils.EMPTY : user.getPassword());
         // when reset oneself's password (includes ADMIN users), check old password
         if (StringUtils.equals(getPrincipal(), username)) {
             checkRequiredArg("password", user.getPassword());
@@ -447,6 +441,9 @@ public class NUserController extends NBasicController implements ApplicationList
         }
 
         checkRequiredArg("new_password", user.getNewPassword());
+        val newPassword = pwdBase64Decode(StringUtils.isEmpty(user.getNewPassword()) ? StringUtils.EMPTY : user.getNewPassword());
+        checkPasswordLength(newPassword);
+        checkPasswordCharacter(newPassword);
 
         if (newPassword.equals(oldPassword)) {
             throw new KylinException(FAILED_UPDATE_PASSWORD, msg.getNewPasswordSameAsOld());
diff --git a/src/metadata-server/src/test/java/org/apache/kylin/rest/controller/NUserControllerTest.java b/src/metadata-server/src/test/java/org/apache/kylin/rest/controller/NUserControllerTest.java
index 06fa4416f7..74a4f4b467 100644
--- a/src/metadata-server/src/test/java/org/apache/kylin/rest/controller/NUserControllerTest.java
+++ b/src/metadata-server/src/test/java/org/apache/kylin/rest/controller/NUserControllerTest.java
@@ -42,6 +42,7 @@ import org.apache.kylin.common.msg.Message;
 import org.apache.kylin.common.util.JsonUtil;
 import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
 import org.apache.kylin.junit.rule.ClearKEPropertiesRule;
+import org.apache.kylin.metadata.user.ManagedUser;
 import org.apache.kylin.rest.request.PasswordChangeRequest;
 import org.apache.kylin.rest.request.UserRequest;
 import org.apache.kylin.rest.response.EnvelopeResponse;
@@ -79,7 +80,6 @@ import org.springframework.web.accept.ContentNegotiationManager;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 
-import org.apache.kylin.metadata.user.ManagedUser;
 import lombok.val;
 
 public class NUserControllerTest extends NLocalFileMetadataTestCase {
@@ -408,7 +408,7 @@ public class NUserControllerTest extends NLocalFileMetadataTestCase {
 
     @Test
     public void testUpdatePassword_InvalidPasswordPattern() throws Exception {
-        val user = new ManagedUser();
+        val user = new ManagedUser("ADMIN", pwdEncoder.encode("KYLIN"), false);
         val request = new PasswordChangeRequest();
 
         request.setUsername("ADMIN");
@@ -427,7 +427,7 @@ public class NUserControllerTest extends NLocalFileMetadataTestCase {
 
     @Test
     public void testUpdatePassword_InvalidPasswordLength() throws Exception {
-        val user = new ManagedUser();
+        val user = new ManagedUser("ADMIN", pwdEncoder.encode("KYLIN"), false);
         val request = new PasswordChangeRequest();
 
         request.setUsername("ADMIN");