This is an automated email from the ASF dual-hosted git repository. jiangtian pushed a commit to branch fix_initial_old_password_not_enc in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit d9852ec2ce88e684176e2650b787e06c96b92576 Author: Tian Jiang <[email protected]> AuthorDate: Sat Oct 11 10:56:57 2025 +0800 Fix that the oldPassword of initial users not ecrypted --- .../test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java | 14 ++++++++++++++ .../apache/iotdb/db/protocol/session/SessionManager.java | 4 +++- .../java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java | 6 ++++-- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java index 6b8746bcad3..bef61a4b72d 100644 --- a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java +++ b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java @@ -20,6 +20,7 @@ package org.apache.iotdb.db.it.auth; import org.apache.iotdb.commons.auth.entity.PrivilegeType; +import org.apache.iotdb.commons.conf.CommonDescriptor; import org.apache.iotdb.commons.schema.column.ColumnHeaderConstant; import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.db.it.utils.TestUtils; @@ -1508,6 +1509,7 @@ public class IoTDBAuthIT { public void testPasswordHistory() { try (Connection connection = EnvFactory.getEnv().getConnection(); Statement statement = connection.createStatement()) { + testPasswordHistoryEncrypted(statement); testPasswordHistoryCreateAndDrop(statement); testPasswordHistoryAlter(statement); } catch (SQLException e) { @@ -1516,6 +1518,18 @@ public class IoTDBAuthIT { } } + public void testPasswordHistoryEncrypted(Statement statement) throws SQLException { + ResultSet resultSet = + statement.executeQuery("SELECT password,oldPassword from root.__audit.password_history._0"); + assertTrue(resultSet.next()); + assertEquals( + AuthUtils.encryptPassword(CommonDescriptor.getInstance().getConfig().getAdminPassword()), + resultSet.getString("root.__audit.password_history._0.password")); + assertEquals( + AuthUtils.encryptPassword(CommonDescriptor.getInstance().getConfig().getAdminPassword()), + resultSet.getString("root.__audit.password_history._0.oldPassword")); + } + public void testPasswordHistoryCreateAndDrop(Statement statement) throws SQLException { statement.execute("create user userA 'abcdef123456'"); diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java index e1851f62dc6..357d8b5a13d 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java @@ -31,6 +31,7 @@ import org.apache.iotdb.commons.service.ServiceType; import org.apache.iotdb.commons.service.metric.MetricService; import org.apache.iotdb.commons.service.metric.enums.Metric; import org.apache.iotdb.commons.service.metric.enums.Tag; +import org.apache.iotdb.commons.utils.AuthUtils; import org.apache.iotdb.commons.utils.CommonDateTimeUtils; import org.apache.iotdb.db.audit.DNAuditLogger; import org.apache.iotdb.db.auth.AuthorityChecker; @@ -175,7 +176,8 @@ public class SessionManager implements SessionManagerMBean { username); long currentTime = CommonDateTimeUtils.currentTime(); TSStatus tsStatus = - DataNodeAuthUtils.recordPasswordHistory(userId, password, password, currentTime); + DataNodeAuthUtils.recordPasswordHistory( + userId, password, AuthUtils.encryptPassword(password), currentTime); if (tsStatus.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()) { openSessionResp .sessionId(-1) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java index 3a96f72f033..28f5b229407 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java @@ -159,7 +159,7 @@ public class DataNodeAuthUtils { } public static TSStatus recordPasswordHistory( - long userId, String password, String oldPassword, long timeToRecord) { + long userId, String password, String oldEncryptedPassword, long timeToRecord) { InsertRowStatement insertRowStatement = new InsertRowStatement(); try { insertRowStatement.setDevicePath( @@ -169,7 +169,9 @@ public class DataNodeAuthUtils { insertRowStatement.setValues( new Object[] { new Binary(AuthUtils.encryptPassword(password), StandardCharsets.UTF_8), - oldPassword == null ? null : new Binary(oldPassword, StandardCharsets.UTF_8) + oldEncryptedPassword == null + ? null + : new Binary(oldEncryptedPassword, StandardCharsets.UTF_8) }); insertRowStatement.setDataTypes(new TSDataType[] {TSDataType.STRING, TSDataType.STRING}); } catch (IllegalPathException ignored) {
