This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 9d513a73704 Fix/password upgrade failed (#16089)
9d513a73704 is described below
commit 9d513a737047d280dea788a7999a59713d142136
Author: Hongzhi Gao <[email protected]>
AuthorDate: Wed Aug 6 09:25:46 2025 +0800
Fix/password upgrade failed (#16089)
* Old password invalid under current policy (ignored)
* Old password invalid under current policy (ignored)
* fix ut
* implement forceUpdateUserPassword for old password
* fix updateUserPassword
---
.../iotdb/commons/auth/authorizer/BasicAuthorizer.java | 16 +++++++++++++---
.../apache/iotdb/commons/auth/user/BasicUserManager.java | 15 +++++++++------
2 files changed, 22 insertions(+), 9 deletions(-)
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
index 543c034b100..6f373dd49ea 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
@@ -119,7 +119,10 @@ public abstract class BasicAuthorizer implements
IAuthorizer, IService {
}
if (AuthUtils.validatePassword(
password, user.getPassword(), AsymmetricEncrypt.DigestAlgorithm.MD5)) {
- userManager.updateUserPassword(username, password);
+ try {
+ forceUpdateUserPassword(username, password);
+ } catch (AuthException ignore) {
+ }
return true;
}
return false;
@@ -141,7 +144,7 @@ public abstract class BasicAuthorizer implements
IAuthorizer, IService {
if (AuthUtils.validatePassword(
password, user.getPassword(), AsymmetricEncrypt.DigestAlgorithm.MD5)) {
try {
- userManager.updateUserPassword(username, password);
+ forceUpdateUserPassword(username, password);
} catch (AuthException ignore) {
}
return userManager.getEntity(username).getPassword();
@@ -311,7 +314,14 @@ public abstract class BasicAuthorizer implements
IAuthorizer, IService {
@Override
public void updateUserPassword(String userName, String newPassword) throws
AuthException {
- if (!userManager.updateUserPassword(userName, newPassword)) {
+ if (!userManager.updateUserPassword(userName, newPassword, false)) {
+ throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER, "password " + newPassword + " is
illegal");
+ }
+ }
+
+ private void forceUpdateUserPassword(String userName, String newPassword)
throws AuthException {
+ if (!userManager.updateUserPassword(userName, newPassword, true)) {
throw new AuthException(
TSStatusCode.ILLEGAL_PARAMETER, "password " + newPassword + " is
illegal");
}
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
index 4e041e02253..296cd0fa6a4 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
@@ -133,13 +133,16 @@ public abstract class BasicUserManager extends
BasicRoleManager {
}
}
- public boolean updateUserPassword(String username, String newPassword)
throws AuthException {
- if (CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()
- && username.equals(newPassword)) {
- throw new AuthException(
- TSStatusCode.ILLEGAL_PASSWORD, "Password cannot be the same as user
name");
+ public boolean updateUserPassword(String username, String newPassword,
boolean bypassValidate)
+ throws AuthException {
+ if (!bypassValidate) {
+ if (CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()
+ && username.equals(newPassword)) {
+ throw new AuthException(
+ TSStatusCode.ILLEGAL_PASSWORD, "Password cannot be the same as
user name");
+ }
+ AuthUtils.validatePassword(newPassword);
}
- AuthUtils.validatePassword(newPassword);
lock.writeLock(username);
try {
