You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ti...@apache.org on 2021/03/16 06:46:42 UTC
[servicecomb-service-center] branch master updated: password can be
decrypted (#897)
This is an automated email from the ASF dual-hosted git repository.
tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
The following commit(s) were added to refs/heads/master by this push:
new 1ace350 password can be decrypted (#897)
1ace350 is described below
commit 1ace3502372be568f8bae4df29210f4571ed5287
Author: Shawn <xi...@gmail.com>
AuthorDate: Tue Mar 16 14:46:36 2021 +0800
password can be decrypted (#897)
---
server/service/rbac/rbac.go | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/server/service/rbac/rbac.go b/server/service/rbac/rbac.go
index 67ca5f1..4268c38 100644
--- a/server/service/rbac/rbac.go
+++ b/server/service/rbac/rbac.go
@@ -46,6 +46,7 @@ var (
ErrNoPermChangeAccount = errors.New("can not change other account password")
ErrWrongPassword = errors.New("current pwd is wrong")
ErrSamePassword = errors.New("the password can not be same as old one")
+ ErrEmptyPassword = errors.New("empty password")
)
//Init decide whether enable rbac function and save root account to db
@@ -110,8 +111,8 @@ func readPublicKey() {
}
func initFirstTime(admin string) {
//handle root account
- pwd := archaius.GetString(InitPassword, "")
- if pwd == "" {
+ pwd, err := getPassword()
+ if err != nil {
log.Fatal("can not enable rbac, password is empty", nil)
}
a := &rbac.Account{
@@ -119,7 +120,7 @@ func initFirstTime(admin string) {
Password: pwd,
Roles: []string{rbacframe.RoleAdmin},
}
- err := service.ValidateCreateAccount(a)
+ err = service.ValidateCreateAccount(a)
if err != nil {
log.Fatal("invalid pwd", err)
return
@@ -134,6 +135,20 @@ func initFirstTime(admin string) {
log.Info("root account init success")
}
+func getPassword() (string, error) {
+ p := archaius.GetString(InitPassword, "")
+ if p == "" {
+ log.Fatal("can not enable rbac, password is empty", nil)
+ return "", ErrEmptyPassword
+ }
+ d, err := cipher.Decrypt(p)
+ if err != nil {
+ log.Warn("cipher fallback: " + err.Error())
+ return p, nil
+ }
+ return d, nil
+}
+
func Enabled() bool {
return config.GetRBAC().EnableRBAC
}
@@ -148,6 +163,7 @@ func privateKey() string {
ep := archaius.GetString("rbac_private_key", "")
p, err := cipher.Decrypt(ep)
if err != nil {
+ log.Warn("cipher fallback: " + err.Error())
return ep
}
return p