This is an automated email from the ASF dual-hosted git repository.
yongzao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 300987c7cd2 Remove password history feature in iotdb. (#17436)
300987c7cd2 is described below
commit 300987c7cd28c35c22bb8194be996f26d636c2e4
Author: wenyanshi-123 <[email protected]>
AuthorDate: Tue Apr 14 09:53:53 2026 +0800
Remove password history feature in iotdb. (#17436)
---
.../partition/IoTDBAutoRegionGroupExtensionIT.java | 6 +-
.../it/partition/IoTDBPartitionGetterIT.java | 3 +-
.../confignode/it/procedure/IoTDBProcedureIT.java | 3 +-
.../IoTDBRegionGroupExpandAndShrinkForIoTV1IT.java | 6 +-
.../commit/IoTDBRegionReconstructForIoTV1IT.java | 2 +-
.../java/org/apache/iotdb/db/it/IoTDBMiscIT.java | 2 +-
.../org/apache/iotdb/db/it/auth/IoTDBAuthIT.java | 105 ------
.../iotdb/db/it/mqtt/IoTDBMQTTServiceJsonIT.java | 2 +-
.../iotdb/db/it/schema/IoTDBDeleteDatabaseIT.java | 3 +-
.../treemodel/auto/basic/IoTDBPipeLifeCycleIT.java | 2 +-
.../treemodel/auto/basic/IoTDBPipeProtocolIT.java | 4 +-
.../treemodel/auto/basic/IoTDBPipeSourceIT.java | 2 -
.../auto/enhanced/IoTDBPipeIdempotentIT.java | 36 +-
.../treemodel/manual/IoTDBPipePermissionIT.java | 6 +-
.../relational/it/mqtt/IoTDBMQTTServiceIT.java | 8 +-
.../relational/it/schema/IoTDBDatabaseIT.java | 5 +-
.../org/apache/iotdb/db/audit/DNAuditLogger.java | 1 -
.../protocol/thrift/IoTDBDataNodeReceiver.java | 9 -
.../iotdb/db/protocol/session/SessionManager.java | 52 ---
.../execution/config/TableConfigTaskVisitor.java | 2 -
.../execution/config/TreeConfigTaskVisitor.java | 3 -
.../sql/ast/RelationalAuthorStatement.java | 51 ---
.../plan/statement/sys/AuthorStatement.java | 51 ---
.../apache/iotdb/db/utils/DataNodeAuthUtils.java | 370 ---------------------
.../apache/iotdb/commons/conf/CommonConfig.java | 27 --
25 files changed, 44 insertions(+), 717 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBAutoRegionGroupExtensionIT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBAutoRegionGroupExtensionIT.java
index 33481d9faae..3cb9f6221f8 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBAutoRegionGroupExtensionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBAutoRegionGroupExtensionIT.java
@@ -189,8 +189,7 @@ public class IoTDBAutoRegionGroupExtensionIT {
.merge(regionInfo.getDataNodeId(), 1, Integer::sum);
});
// The number of RegionGroups should not less than the
testMinRegionGroupNum for each database
- // +1 for AUDIT database
- Assert.assertEquals(TEST_DATABASE_NUM + 1, databaseRegionCounter.size());
+ Assert.assertEquals(TEST_DATABASE_NUM, databaseRegionCounter.size());
databaseRegionCounter.forEach(
(database, regionCount) ->
Assert.assertTrue(
@@ -209,8 +208,7 @@ public class IoTDBAutoRegionGroupExtensionIT {
<= 1);
// The maximal Region count - minimal Region count should be less than or
equal to 1 for each
// Database
- // +1 for system database
- Assert.assertEquals(TEST_DATABASE_NUM + 1,
databaseDataNodeRegionCounter.size());
+ Assert.assertEquals(TEST_DATABASE_NUM,
databaseDataNodeRegionCounter.size());
databaseDataNodeRegionCounter.forEach(
(database, dataNodeRegionCount) ->
Assert.assertTrue(
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBPartitionGetterIT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBPartitionGetterIT.java
index f110d4a8d28..37fec43648e 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBPartitionGetterIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/partition/IoTDBPartitionGetterIT.java
@@ -534,8 +534,7 @@ public class IoTDBPartitionGetterIT {
nodeManagementResp =
client.getSchemaNodeManagementPartition(nodeManagementReq);
Assert.assertEquals(
TSStatusCode.SUCCESS_STATUS.getStatusCode(),
nodeManagementResp.getStatus().getCode());
- // +1 for AUDIT database
- Assert.assertEquals(databaseNum + 1,
nodeManagementResp.getMatchedNodeSize());
+ Assert.assertEquals(databaseNum,
nodeManagementResp.getMatchedNodeSize());
Assert.assertNotNull(nodeManagementResp.getSchemaRegionMap());
Assert.assertEquals(0, nodeManagementResp.getSchemaRegionMapSize());
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/procedure/IoTDBProcedureIT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/procedure/IoTDBProcedureIT.java
index ef56141d0bf..bae794807f3 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/procedure/IoTDBProcedureIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/procedure/IoTDBProcedureIT.java
@@ -137,7 +137,8 @@ public class IoTDBProcedureIT {
Callable<Boolean> finalCheck =
() -> {
TShowDatabaseResp resp1 =
newLeaderClient.showDatabase(showAllDatabasesReq);
- if (MAX_STATE != resp1.getDatabaseInfoMap().size() - 1) {
+ if (resp1.getDatabaseInfoMap() == null
+ || MAX_STATE != resp1.getDatabaseInfoMap().size()) {
return false;
}
resp1
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionGroupExpandAndShrinkForIoTV1IT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionGroupExpandAndShrinkForIoTV1IT.java
index 99d061a443c..1e1b300fdf6 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionGroupExpandAndShrinkForIoTV1IT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionGroupExpandAndShrinkForIoTV1IT.java
@@ -94,8 +94,7 @@ public class IoTDBRegionGroupExpandAndShrinkForIoTV1IT
Set<Integer> allDataNodeId = getAllDataNodes(statement);
// expect one data region, one schema region
- // plus one AUDIT data region, one AUDIT schema region
- Assert.assertEquals(4, regionMap.size());
+ Assert.assertEquals(2, regionMap.size());
// expand
for (int selectedRegion : regionMap.keySet()) {
@@ -217,8 +216,7 @@ public class IoTDBRegionGroupExpandAndShrinkForIoTV1IT
Set<Integer> allDataNodeId = getAllDataNodes(statement);
// expect one data region, one schema region
- // plus one AUDIT data region, one AUDIT schema region
- Assert.assertEquals(4, regionMap.size());
+ Assert.assertEquals(2, regionMap.size());
// select multiple regions for testing
List<Integer> selectedRegions = new ArrayList<>(regionMap.keySet());
diff --git
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionReconstructForIoTV1IT.java
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionReconstructForIoTV1IT.java
index 3dc4468e526..fbecdabcc60 100644
---
a/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionReconstructForIoTV1IT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/confignode/it/regionmigration/pass/commit/IoTDBRegionReconstructForIoTV1IT.java
@@ -104,7 +104,7 @@ public class IoTDBRegionReconstructForIoTV1IT extends
IoTDBRegionOperationReliab
Set<Integer> allDataNodeId = getAllDataNodes(statement);
// select datanode
- final int selectedRegion = 3;
+ final int selectedRegion = 1;
Assert.assertTrue(dataRegionMap.containsKey(selectedRegion));
Pair<Integer, Set<Integer>> leaderAndNodeIds =
dataRegionMap.get(selectedRegion);
Assert.assertEquals(2, leaderAndNodeIds.right.size());
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBMiscIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBMiscIT.java
index e5fffd3dbde..809148535a5 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBMiscIT.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBMiscIT.java
@@ -56,7 +56,7 @@ public class IoTDBMiscIT {
statement.execute("insert into
root.comprssion_ratio_file.d1(timestamp,s1) values(1,1.0)");
statement.execute("flush");
// one global file and two data region file (including one AUDIT region)
- assertEquals(3, collectCompressionRatioFiles(nodeWrapper).size());
+ assertEquals(2, collectCompressionRatioFiles(nodeWrapper).size());
statement.execute("drop database root.comprssion_ratio_file");
// one global file and system region file
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
index 441dd1fdb5c..5ec674b2a37 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBAuthIT.java
@@ -20,9 +20,7 @@
package org.apache.iotdb.db.it.auth;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
-import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.schema.column.ColumnHeaderConstant;
-import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.db.it.utils.TestUtils;
import org.apache.iotdb.it.env.EnvFactory;
import org.apache.iotdb.it.framework.IoTDBTestRunner;
@@ -51,8 +49,6 @@ import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
-import static org.apache.iotdb.commons.auth.entity.User.INTERNAL_USER_END_ID;
-import static org.apache.iotdb.db.audit.DNAuditLogger.PREFIX_PASSWORD_HISTORY;
import static org.apache.iotdb.db.it.utils.TestUtils.createUser;
import static org.apache.iotdb.db.it.utils.TestUtils.executeNonQuery;
import static org.apache.iotdb.db.it.utils.TestUtils.resultSetEqualTest;
@@ -1521,107 +1517,6 @@ public class IoTDBAuthIT {
}
}
- @Test
- public void testPasswordHistory() {
- try (Connection connection = EnvFactory.getEnv().getConnection();
- Statement statement = connection.createStatement()) {
- testPasswordHistoryEncrypted(statement);
- testPasswordHistoryCreateAndDrop(statement);
- testPasswordHistoryAlter(statement);
- } catch (SQLException e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
- }
-
- public void testPasswordHistoryEncrypted(Statement statement) throws
SQLException {
- ResultSet resultSet =
- statement.executeQuery("SELECT password,oldPassword from
root.__audit.password_history._0");
- assertTrue(resultSet.next());
- assertEquals(
-
AuthUtils.encryptPassword(CommonDescriptor.getInstance().getConfig().getAdminPassword()),
- resultSet.getString("root.__audit.password_history._0.password"));
- assertEquals(
-
AuthUtils.encryptPassword(CommonDescriptor.getInstance().getConfig().getAdminPassword()),
- resultSet.getString("root.__audit.password_history._0.oldPassword"));
- }
-
- public void testPasswordHistoryCreateAndDrop(Statement statement) throws
SQLException {
- statement.execute("create user userA 'abcdef123456'");
-
- long expectedUserAId = INTERNAL_USER_END_ID + 1;
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select last password from %s.`_" + expectedUserAId + "`",
- PREFIX_PASSWORD_HISTORY))) {
- if (!resultSet.next()) {
- fail("Password history not found");
- }
- assertEquals(AuthUtils.encryptPassword("abcdef123456"),
resultSet.getString("Value"));
- }
-
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select last oldPassword from %s.`_" + expectedUserAId + "`",
- PREFIX_PASSWORD_HISTORY))) {
- if (!resultSet.next()) {
- fail("Password history not found");
- }
- assertEquals(AuthUtils.encryptPassword("abcdef123456"),
resultSet.getString("Value"));
- }
-
- statement.execute("drop user userA");
-
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select last password from %s.`_" + expectedUserAId + "`",
- PREFIX_PASSWORD_HISTORY))) {
- assertFalse(resultSet.next());
- }
-
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select last oldPassword from %s.`_" + expectedUserAId + "`",
- PREFIX_PASSWORD_HISTORY))) {
- assertFalse(resultSet.next());
- }
- }
-
- public void testPasswordHistoryAlter(Statement statement) throws
SQLException {
- statement.execute("create user userA 'abcdef123456'");
- statement.execute("alter user userA set password 'abcdef654321'");
-
- long expectedUserAId = INTERNAL_USER_END_ID + 2;
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select last password from %s.`_" + expectedUserAId + "`",
- PREFIX_PASSWORD_HISTORY))) {
- if (!resultSet.next()) {
- fail("Password history not found");
- }
- assertEquals(AuthUtils.encryptPassword("abcdef654321"),
resultSet.getString("Value"));
- }
-
- try (ResultSet resultSet =
- statement.executeQuery(
- String.format(
- "select oldPassword from %s.`_" + expectedUserAId + "` order
by time desc limit 1",
- PREFIX_PASSWORD_HISTORY))) {
- if (!resultSet.next()) {
- fail("Password history not found");
- }
- assertEquals(
- AuthUtils.encryptPassword("abcdef123456"),
- resultSet.getString(
- String.format("%s._" + expectedUserAId + ".oldPassword",
PREFIX_PASSWORD_HISTORY)));
- }
- }
-
@Test
public void testChangeBackPassword() {
try (Connection connection = EnvFactory.getEnv().getConnection();
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/mqtt/IoTDBMQTTServiceJsonIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/mqtt/IoTDBMQTTServiceJsonIT.java
index 91031c0202d..38b0bd8ccc7 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/mqtt/IoTDBMQTTServiceJsonIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/mqtt/IoTDBMQTTServiceJsonIT.java
@@ -77,7 +77,7 @@ public class IoTDBMQTTServiceJsonIT {
mqtt.setUserName(USER);
mqtt.setPassword(PASSWORD);
mqtt.setConnectAttemptsMax(3);
- mqtt.setReconnectDelay(10);
+ mqtt.setReconnectDelay(1000);
mqtt.setClientId("jsonClientId1");
connection = mqtt.blockingConnection();
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/schema/IoTDBDeleteDatabaseIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/schema/IoTDBDeleteDatabaseIT.java
index 4de6b726d44..c1a08c2fd82 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/schema/IoTDBDeleteDatabaseIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/schema/IoTDBDeleteDatabaseIT.java
@@ -159,8 +159,7 @@ public class IoTDBDeleteDatabaseIT extends AbstractSchemaIT
{
result.add(resultSet.getString(1));
}
}
- // One for un-deletable AUDIT database
- assertEquals(1, result.size());
+ assertEquals(0, result.size());
}
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
index 226c9344e7a..dae6f1060ce 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeLifeCycleIT.java
@@ -258,7 +258,7 @@ public class IoTDBPipeLifeCycleIT extends
AbstractPipeDualTreeModelAutoIT {
"count(timeseries),",
Collections.singleton("0,"));
TestUtils.assertDataEventuallyOnEnv(
- receiverEnv, "count databases", "count,",
Collections.singleton("4,"));
+ receiverEnv, "count databases", "count,",
Collections.singleton("3,"));
}
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeProtocolIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeProtocolIT.java
index b5e4127e946..8a7ac4f1947 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeProtocolIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeProtocolIT.java
@@ -460,10 +460,10 @@ public class IoTDBPipeProtocolIT extends
AbstractPipeDualTreeModelAutoIT {
null);
TestUtils.assertDataEventuallyOnEnv(
- receiverEnv, "count timeseries", "count(timeseries),",
Collections.singleton("4,"));
+ receiverEnv, "count timeseries", "count(timeseries),",
Collections.singleton("2,"));
TestUtils.assertDataEventuallyOnEnv(
- receiverEnv, "count databases", "count,",
Collections.singleton("3,"));
+ receiverEnv, "count databases", "count,",
Collections.singleton("2,"));
// Test file mode
sourceAttributes.put("source.inclusion", "data");
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeSourceIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeSourceIT.java
index a45115f5a49..d93cb5e42d4 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeSourceIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/basic/IoTDBPipeSourceIT.java
@@ -1040,8 +1040,6 @@ public class IoTDBPipeSourceIT extends
AbstractPipeDualTreeModelAutoIT {
}
private void assertTimeseriesCountOnReceiver(BaseEnv receiverEnv, int count)
{
- // for system password history
- count += 2;
TestUtils.assertDataEventuallyOnEnv(
receiverEnv,
"count timeseries root.**",
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/enhanced/IoTDBPipeIdempotentIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/enhanced/IoTDBPipeIdempotentIT.java
index fb499ae5e43..6596c779132 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/enhanced/IoTDBPipeIdempotentIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/auto/enhanced/IoTDBPipeIdempotentIT.java
@@ -179,7 +179,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -190,7 +190,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -202,7 +202,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -214,7 +214,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -227,7 +227,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -241,7 +241,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -271,7 +271,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -282,7 +282,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -293,7 +293,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("3,"));
+ Collections.singleton("2,"));
}
@Test
@@ -304,7 +304,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg2",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -315,7 +315,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -326,7 +326,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -337,7 +337,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -350,7 +350,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -361,7 +361,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -375,7 +375,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -386,7 +386,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
@Test
@@ -397,7 +397,7 @@ public class IoTDBPipeIdempotentIT extends
AbstractPipeDualTreeModelAutoIT {
"create database root.sg1",
"count databases",
"count,",
- Collections.singleton("2,"));
+ Collections.singleton("1,"));
}
private void testIdempotent(
diff --git
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java
index 24807622cf6..cf6eaf6a9c5 100644
---
a/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/pipe/it/dual/treemodel/manual/IoTDBPipePermissionIT.java
@@ -198,7 +198,6 @@ public class IoTDBPipePermissionIT extends
AbstractPipeDualTreeModelManualIT {
"create user someUser 'passwd'",
"create timeseries root.noPermission.wf02.wt01.status with
datatype=BOOLEAN,encoding=PLAIN"),
null);
- awaitUntilFlush(senderEnv);
final Map<String, String> sourceAttributes = new HashMap<>();
final Map<String, String> processorAttributes = new HashMap<>();
@@ -229,7 +228,10 @@ public class IoTDBPipePermissionIT extends
AbstractPipeDualTreeModelManualIT {
"Timeseries,Alias,Database,DataType,Encoding,Compression,Tags,Attributes,Deadband,DeadbandParameters,ViewType,",
Collections.emptySet());
TestUtils.assertDataAlwaysOnEnv(
- receiverEnv, "list user", "User,", Collections.singleton("root,"));
+ receiverEnv,
+ "list user",
+ "UserId,User,",
+ new HashSet<>(Arrays.asList("0,root,", "10000,thulab,")));
}
}
diff --git
a/integration-test/src/test/java/org/apache/iotdb/relational/it/mqtt/IoTDBMQTTServiceIT.java
b/integration-test/src/test/java/org/apache/iotdb/relational/it/mqtt/IoTDBMQTTServiceIT.java
index 16e3c33129f..031322cc502 100644
---
a/integration-test/src/test/java/org/apache/iotdb/relational/it/mqtt/IoTDBMQTTServiceIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/relational/it/mqtt/IoTDBMQTTServiceIT.java
@@ -104,7 +104,9 @@ public class IoTDBMQTTServiceIT {
try (final SessionDataSet dataSet =
session.executeQueryStatement(
"select tag1,tag2,field1,field2,field3 from test1
where time = 1")) {
- assertEquals(5, dataSet.getColumnNames().size());
+ if (dataSet.getColumnNames().size() != 5 ||
!dataSet.hasNext()) {
+ return false;
+ }
List<Field> fields = dataSet.next().getFields();
assertEquals("t1", fields.get(0).getStringValue());
assertEquals("t2", fields.get(1).getStringValue());
@@ -139,7 +141,9 @@ public class IoTDBMQTTServiceIT {
try (final SessionDataSet dataSet =
session.executeQueryStatement(
"select tag1,tag2,attr3,attr4,field1,field2,field3
from test2 where time = 1")) {
- assertEquals(7, dataSet.getColumnNames().size());
+ if (dataSet.getColumnNames().size() != 7 ||
!dataSet.hasNext()) {
+ return false;
+ }
List<Field> fields = dataSet.next().getFields();
assertEquals("t1", fields.get(0).getStringValue());
assertEquals("t2", fields.get(1).getStringValue());
diff --git
a/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
b/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
index 94c215a52ae..398830efaec 100644
---
a/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/relational/it/schema/IoTDBDatabaseIT.java
@@ -751,8 +751,7 @@ public class IoTDBDatabaseIT {
Collections.singleton(EnvFactory.getEnv().getConfigNodeWrapperList().size() +
","));
Set<String> resultSet = new HashSet<>();
- // data region created from writing password history
- resultSet.add("1,");
+ resultSet.add("0,");
for (int i = 1; i < EnvFactory.getEnv().getDataNodeWrapperList().size();
i++) {
resultSet.add("0,");
}
@@ -821,7 +820,7 @@ public class IoTDBDatabaseIT {
try (final Connection connection = EnvFactory.getEnv().getConnection();
final Statement statement = connection.createStatement()) {
// One for AUDIT database
- TestUtils.assertResultSetSize(statement.executeQuery("show databases"),
2);
+ TestUtils.assertResultSetSize(statement.executeQuery("show databases"),
1);
}
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
index 3a07ac9aa69..c838ff8ef3f 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
@@ -32,7 +32,6 @@ import javax.validation.constraints.NotNull;
import java.util.function.Supplier;
public class DNAuditLogger extends AbstractAuditLogger {
- public static final String PREFIX_PASSWORD_HISTORY =
"root.__audit.password_history";
private Coordinator coordinator;
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/thrift/IoTDBDataNodeReceiver.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/thrift/IoTDBDataNodeReceiver.java
index 254928e9191..c4664f552de 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/thrift/IoTDBDataNodeReceiver.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/receiver/protocol/thrift/IoTDBDataNodeReceiver.java
@@ -105,7 +105,6 @@ import
org.apache.iotdb.db.storageengine.rescon.disk.FolderManager;
import
org.apache.iotdb.db.storageengine.rescon.disk.strategy.DirectoryStrategyType;
import org.apache.iotdb.db.tools.schema.SRStatementGenerator;
import org.apache.iotdb.db.tools.schema.SchemaRegionSnapshotParser;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.pipe.api.exception.PipeException;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
@@ -955,14 +954,6 @@ public class IoTDBDataNodeReceiver extends
IoTDBFileReceiver {
return RpcUtils.getStatus(openSessionResp.getCode(),
openSessionResp.getMessage());
}
- long userId = AuthorityChecker.getUserId(username).orElse(-1L);
- Long timeToExpire = DataNodeAuthUtils.checkPasswordExpiration(userId,
password, false);
- if (timeToExpire != null && timeToExpire <= System.currentTimeMillis()) {
- return RpcUtils.getStatus(
- TSStatusCode.ILLEGAL_PASSWORD.getStatusCode(),
- "Password has expired, please use \"ALTER USER\" to change to a new
one");
- }
-
return AuthorityChecker.checkUser(username, password);
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
index ac7cc236d9f..cf0705dbb53 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
@@ -24,14 +24,12 @@ import org.apache.iotdb.commons.audit.AuditEventType;
import org.apache.iotdb.commons.audit.AuditLogFields;
import org.apache.iotdb.commons.audit.AuditLogOperation;
import org.apache.iotdb.commons.audit.UserEntity;
-import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.service.JMXService;
import org.apache.iotdb.commons.service.ServiceType;
import org.apache.iotdb.commons.service.metric.MetricService;
import org.apache.iotdb.commons.service.metric.enums.Metric;
import org.apache.iotdb.commons.service.metric.enums.Tag;
-import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.commons.utils.CommonDateTimeUtils;
import org.apache.iotdb.db.audit.DNAuditLogger;
import org.apache.iotdb.db.auth.AuthorityChecker;
@@ -42,7 +40,6 @@ import org.apache.iotdb.db.queryengine.common.ConnectionInfo;
import org.apache.iotdb.db.queryengine.common.SessionInfo;
import
org.apache.iotdb.db.queryengine.plan.execution.config.session.PreparedStatementMemoryManager;
import
org.apache.iotdb.db.storageengine.dataregion.read.control.QueryResourceManager;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.metrics.utils.MetricLevel;
import org.apache.iotdb.metrics.utils.MetricType;
import org.apache.iotdb.rpc.RpcUtils;
@@ -55,10 +52,7 @@ import org.apache.tsfile.external.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.time.Instant;
-import java.time.LocalDateTime;
import java.time.ZoneId;
-import java.time.format.DateTimeFormatter;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
@@ -148,16 +142,6 @@ public class SessionManager implements SessionManagerMBean
{
final long userId = AuthorityChecker.getUserId(username).orElse(-1L);
- Long timeToExpire =
- DataNodeAuthUtils.checkPasswordExpiration(userId, password,
useEncryptedPassword);
- if (timeToExpire != null && timeToExpire <= System.currentTimeMillis()) {
- openSessionResp
- .sessionId(-1)
- .setCode(TSStatusCode.ILLEGAL_PASSWORD.getStatusCode())
- .setMessage("Password has expired, please use \"ALTER USER\" to
change to a new one");
- return openSessionResp;
- }
-
boolean enableLoginLock = userId != -1;
LoginLockManager loginLockManager = LoginLockManager.getInstance();
if (enableLoginLock && loginLockManager.checkLock(userId,
session.getClientAddress())) {
@@ -182,42 +166,6 @@ public class SessionManager implements SessionManagerMBean
{
session.setSqlDialect(sqlDialect);
supplySession(session, userId, username, ZoneId.of(zoneId),
clientVersion);
String logInMessage = "Login successfully";
- if (timeToExpire != null && timeToExpire != Long.MAX_VALUE) {
- DateTimeFormatter dateFormat =
DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
- logInMessage +=
- ". Your password will expire at "
- + dateFormat.format(
- LocalDateTime.ofInstant(
- Instant.ofEpochMilli(timeToExpire),
ZoneId.systemDefault()));
- } else if (timeToExpire == null) {
- LOGGER.info(
- "No password history for user {}, using the current time to
create a new one",
- username);
- long currentTime = CommonDateTimeUtils.currentTime();
- TSStatus tsStatus =
- DataNodeAuthUtils.recordPasswordHistory(
- userId, password, AuthUtils.encryptPassword(password),
currentTime);
- if (tsStatus.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- openSessionResp
- .sessionId(-1)
- .setCode(tsStatus.getCode())
- .setMessage(tsStatus.getMessage());
- return openSessionResp;
- }
- timeToExpire =
- CommonDateTimeUtils.convertIoTDBTimeToMillis(currentTime)
- +
CommonDescriptor.getInstance().getConfig().getPasswordExpirationDays()
- * 1000
- * 86400;
- if (timeToExpire > System.currentTimeMillis()) {
- DateTimeFormatter dateFormat =
DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
- logInMessage +=
- ". Your password will expire at "
- + dateFormat.format(
- LocalDateTime.ofInstant(
- Instant.ofEpochMilli(timeToExpire),
ZoneId.systemDefault()));
- }
- }
openSessionResp
.sessionId(session.getId())
.setCode(TSStatusCode.SUCCESS_STATUS.getStatusCode())
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
index 9a622a751c3..320c904ac20 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
@@ -249,7 +249,6 @@ import
org.apache.iotdb.db.queryengine.plan.statement.sys.SetSystemStatusStateme
import
org.apache.iotdb.db.queryengine.plan.statement.sys.ShowConfigurationStatement;
import
org.apache.iotdb.db.queryengine.plan.statement.sys.StartRepairDataStatement;
import
org.apache.iotdb.db.queryengine.plan.statement.sys.StopRepairDataStatement;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.pipe.api.customizer.parameter.PipeParameters;
import org.apache.iotdb.rpc.TSStatusCode;
@@ -1497,7 +1496,6 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
throw new SemanticException("User " + node.getUserName() + " not found");
}
node.setOldPassword(user.getPassword());
- DataNodeAuthUtils.verifyPasswordReuse(node.getAssociatedUserId(),
node.getPassword());
}
@Override
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TreeConfigTaskVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TreeConfigTaskVisitor.java
index 1ea10ef37e8..362982f645c 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TreeConfigTaskVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TreeConfigTaskVisitor.java
@@ -227,7 +227,6 @@ import
org.apache.iotdb.db.queryengine.plan.statement.sys.quota.SetSpaceQuotaSta
import
org.apache.iotdb.db.queryengine.plan.statement.sys.quota.SetThrottleQuotaStatement;
import
org.apache.iotdb.db.queryengine.plan.statement.sys.quota.ShowSpaceQuotaStatement;
import
org.apache.iotdb.db.queryengine.plan.statement.sys.quota.ShowThrottleQuotaStatement;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.tsfile.exception.NotImplementedException;
@@ -346,8 +345,6 @@ public class TreeConfigTaskVisitor extends
StatementVisitor<IConfigTask, MPPQuer
throw new SemanticException("User " + statement.getUserName() + " not
found");
}
statement.setPassWord(user.getPassword());
- DataNodeAuthUtils.verifyPasswordReuse(
- statement.getAssociatedUsedId(), statement.getNewPassword());
}
private void visitRenameUser(AuthorStatement statement) {
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
index 8fbf1339e41..8509b21987d 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/ast/RelationalAuthorStatement.java
@@ -22,14 +22,10 @@ import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.schema.table.Audit;
import org.apache.iotdb.commons.schema.table.InformationSchema;
-import org.apache.iotdb.commons.utils.AuthUtils;
-import org.apache.iotdb.commons.utils.CommonDateTimeUtils;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.relational.type.AuthorRType;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.rpc.RpcUtils;
-import org.apache.iotdb.rpc.StatementExecutionException;
import com.google.common.collect.ImmutableList;
import org.apache.tsfile.utils.RamUsageEstimator;
@@ -300,53 +296,6 @@ public class RelationalAuthorStatement extends Statement {
* @return null if the post-process succeeds, a status otherwise.
*/
public TSStatus onSuccess() {
- if (authorType == AuthorRType.CREATE_USER) {
- return onCreateUserSuccess();
- } else if (authorType == AuthorRType.UPDATE_USER) {
- return onUpdateUserSuccess();
- } else if (authorType == AuthorRType.DROP_USER) {
- return onDropUserSuccess();
- }
- return null;
- }
-
- private TSStatus onCreateUserSuccess() {
- associatedUserId = AuthorityChecker.getUserId(userName).orElse(-1L);
- // the old password is expected to be encrypted during updates, so we also
encrypt it here to
- // keep consistency
- TSStatus tsStatus =
- DataNodeAuthUtils.recordPasswordHistory(
- associatedUserId,
- password,
- AuthUtils.encryptPassword(password),
- CommonDateTimeUtils.currentTime());
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
- return null;
- }
-
- private TSStatus onUpdateUserSuccess() {
- TSStatus tsStatus =
- DataNodeAuthUtils.recordPasswordHistory(
- associatedUserId, password, oldPassword,
CommonDateTimeUtils.currentTime());
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
- return null;
- }
-
- private TSStatus onDropUserSuccess() {
- TSStatus tsStatus =
DataNodeAuthUtils.deletePasswordHistory(associatedUserId);
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
return null;
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
index faf0db5391f..ecc10a8ae7a 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/statement/sys/AuthorStatement.java
@@ -22,8 +22,6 @@ package org.apache.iotdb.db.queryengine.plan.statement.sys;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.schema.table.Audit;
-import org.apache.iotdb.commons.utils.AuthUtils;
-import org.apache.iotdb.commons.utils.CommonDateTimeUtils;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.queryengine.plan.analyze.QueryType;
import org.apache.iotdb.db.queryengine.plan.statement.AuthorType;
@@ -31,9 +29,7 @@ import
org.apache.iotdb.db.queryengine.plan.statement.IConfigStatement;
import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.StatementType;
import org.apache.iotdb.db.queryengine.plan.statement.StatementVisitor;
-import org.apache.iotdb.db.utils.DataNodeAuthUtils;
import org.apache.iotdb.rpc.RpcUtils;
-import org.apache.iotdb.rpc.StatementExecutionException;
import java.util.Collections;
import java.util.List;
@@ -265,53 +261,6 @@ public class AuthorStatement extends Statement implements
IConfigStatement {
* @return null if the post-process succeeds, a status otherwise.
*/
public TSStatus onSuccess() {
- if (authorType == AuthorType.CREATE_USER) {
- return onCreateUserSuccess();
- } else if (authorType == AuthorType.UPDATE_USER) {
- return onUpdateUserSuccess();
- } else if (authorType == AuthorType.DROP_USER) {
- return onDropUserSuccess();
- }
- return null;
- }
-
- private TSStatus onCreateUserSuccess() {
- associatedUsedId = AuthorityChecker.getUserId(userName).orElse(-1L);
- // the old password is expected to be encrypted during updates, so we also
encrypt it here to
- // keep consistency
- TSStatus tsStatus =
- DataNodeAuthUtils.recordPasswordHistory(
- associatedUsedId,
- password,
- AuthUtils.encryptPassword(password),
- CommonDateTimeUtils.currentTime());
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
- return null;
- }
-
- private TSStatus onUpdateUserSuccess() {
- TSStatus tsStatus =
- DataNodeAuthUtils.recordPasswordHistory(
- associatedUsedId, newPassword, password,
CommonDateTimeUtils.currentTime());
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
- return null;
- }
-
- private TSStatus onDropUserSuccess() {
- TSStatus tsStatus =
DataNodeAuthUtils.deletePasswordHistory(associatedUsedId);
- try {
- RpcUtils.verifySuccess(tsStatus);
- } catch (StatementExecutionException e) {
- return new TSStatus(e.getStatusCode()).setMessage(e.getMessage());
- }
return null;
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java
deleted file mode 100644
index 6ee378282ad..00000000000
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/utils/DataNodeAuthUtils.java
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.iotdb.db.utils;
-
-import org.apache.iotdb.common.rpc.thrift.TSStatus;
-import org.apache.iotdb.commons.audit.UserEntity;
-import org.apache.iotdb.commons.conf.CommonDescriptor;
-import org.apache.iotdb.commons.exception.IllegalPathException;
-import org.apache.iotdb.commons.exception.IoTDBException;
-import org.apache.iotdb.commons.exception.IoTDBRuntimeException;
-import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.utils.AuthUtils;
-import org.apache.iotdb.commons.utils.CommonDateTimeUtils;
-import org.apache.iotdb.commons.utils.StatusUtils;
-import org.apache.iotdb.db.audit.DNAuditLogger;
-import org.apache.iotdb.db.auth.AuthorityChecker;
-import org.apache.iotdb.db.conf.IoTDBDescriptor;
-import org.apache.iotdb.db.exception.sql.SemanticException;
-import org.apache.iotdb.db.protocol.session.SessionManager;
-import org.apache.iotdb.db.queryengine.common.SessionInfo;
-import org.apache.iotdb.db.queryengine.plan.Coordinator;
-import org.apache.iotdb.db.queryengine.plan.analyze.ClusterPartitionFetcher;
-import
org.apache.iotdb.db.queryengine.plan.analyze.schema.ClusterSchemaFetcher;
-import org.apache.iotdb.db.queryengine.plan.execution.ExecutionResult;
-import org.apache.iotdb.db.queryengine.plan.execution.IQueryExecution;
-import org.apache.iotdb.db.queryengine.plan.parser.StatementGenerator;
-import org.apache.iotdb.db.queryengine.plan.statement.Statement;
-import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertRowStatement;
-import
org.apache.iotdb.db.queryengine.plan.statement.metadata.DeleteTimeSeriesStatement;
-import org.apache.iotdb.rpc.TSStatusCode;
-import org.apache.iotdb.service.rpc.thrift.TSLastDataQueryReq;
-
-import org.apache.tsfile.enums.TSDataType;
-import org.apache.tsfile.read.common.block.TsBlock;
-import org.apache.tsfile.utils.Binary;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.nio.charset.StandardCharsets;
-import java.time.ZoneId;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Optional;
-
-public class DataNodeAuthUtils {
-
- private DataNodeAuthUtils() {}
-
- private static final Logger LOGGER =
LoggerFactory.getLogger(DataNodeAuthUtils.class);
-
- /**
- * @return the timestamp when the password of the user is lastly changed
from the given one to a
- * new one, or -1 if the password has not been changed.
- */
- public static long getPasswordChangeTimeMillis(long userId, String password)
{
-
- long queryId = -1;
- try {
- Statement statement =
- StatementGenerator.createStatement(
- "SELECT password from "
- + DNAuditLogger.PREFIX_PASSWORD_HISTORY
- + ".`_"
- + userId
- + "` where oldPassword='"
- + AuthUtils.encryptPassword(password)
- + "' order by time desc limit 1",
- ZoneId.systemDefault());
-
- SessionInfo sessionInfo =
- new SessionInfo(
- 0,
- new UserEntity(
- AuthorityChecker.INTERNAL_AUDIT_USER_ID,
- AuthorityChecker.INTERNAL_AUDIT_USER,
-
IoTDBDescriptor.getInstance().getConfig().getInternalAddress()),
- ZoneId.systemDefault());
-
- queryId = SessionManager.getInstance().requestQueryId();
- ExecutionResult result =
- Coordinator.getInstance()
- .executeForTreeModel(
- statement,
- queryId,
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- ClusterSchemaFetcher.getInstance());
- if (result.status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- LOGGER.warn("Fail to get password change time: {}", result.status);
- return -1;
- }
-
- IQueryExecution queryExecution =
Coordinator.getInstance().getQueryExecution(queryId);
- TsBlock lastTsBlock;
- Optional<TsBlock> batchResult = queryExecution.getBatchResult();
- lastTsBlock = batchResult.orElse(null);
- if (lastTsBlock != null) {
- if (lastTsBlock.getPositionCount() <= 0) {
- // no password history, may have upgraded from an older version
- return -1;
- }
- long timeByIndex =
lastTsBlock.getTimeByIndex(lastTsBlock.getPositionCount() - 1);
- return CommonDateTimeUtils.convertIoTDBTimeToMillis(timeByIndex);
- }
- } catch (IoTDBException e) {
- LOGGER.warn("Cannot generate query for checking password reuse
interval", e);
- } finally {
- if (queryId != -1) {
- Coordinator.getInstance().cleanupQueryExecution(queryId);
- }
- }
- return -1;
- }
-
- public static void verifyPasswordReuse(long userId, String password) {
- long passwordReuseIntervalDays =
-
CommonDescriptor.getInstance().getConfig().getPasswordReuseIntervalDays();
- if (password == null || passwordReuseIntervalDays <= 0) {
- return;
- }
-
- long passwordChangeTime =
DataNodeAuthUtils.getPasswordChangeTimeMillis(userId, password);
- long currentTimeMillis = System.currentTimeMillis();
- long elapsedTime = currentTimeMillis - passwordChangeTime;
- long reuseIntervalMillis =
- passwordReuseIntervalDays * 1000 * 86400 > 0
- ? passwordReuseIntervalDays * 1000 * 86400
- : Long.MAX_VALUE;
- if (elapsedTime <= reuseIntervalMillis) {
- throw new SemanticException(
- String.format(
- "The password has been used recently, and it cannot be reused
before %s",
- new Date(passwordChangeTime + reuseIntervalMillis)));
- }
- LOGGER.info(
- "It has been {}ms, since the password was changed {} -> {}",
- elapsedTime,
- passwordChangeTime,
- currentTimeMillis);
- }
-
- public static TSStatus recordPasswordHistory(
- long userId, String password, String oldEncryptedPassword, long
timeToRecord) {
- InsertRowStatement insertRowStatement = new InsertRowStatement();
- try {
- insertRowStatement.setDevicePath(
- new PartialPath(DNAuditLogger.PREFIX_PASSWORD_HISTORY + ".`_" +
userId + "`"));
- insertRowStatement.setTime(timeToRecord);
- insertRowStatement.setMeasurements(new String[] {"password",
"oldPassword"});
- insertRowStatement.setValues(
- new Object[] {
- new Binary(AuthUtils.encryptPassword(password),
StandardCharsets.UTF_8),
- oldEncryptedPassword == null
- ? null
- : new Binary(oldEncryptedPassword, StandardCharsets.UTF_8)
- });
- insertRowStatement.setDataTypes(new TSDataType[] {TSDataType.STRING,
TSDataType.STRING});
- } catch (IllegalPathException ignored) {
- return new TSStatus(TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode())
- .setMessage(
- "Cannot create password history for " + userId + " because the
path will be illegal");
- }
-
- long queryId = -1;
- try {
- SessionInfo sessionInfo =
- new SessionInfo(
- 0,
- new UserEntity(
- AuthorityChecker.INTERNAL_AUDIT_USER_ID,
- AuthorityChecker.INTERNAL_AUDIT_USER,
-
IoTDBDescriptor.getInstance().getConfig().getInternalAddress()),
- ZoneId.systemDefault());
-
- queryId = SessionManager.getInstance().requestQueryId();
- ExecutionResult result =
- Coordinator.getInstance()
- .executeForTreeModel(
- insertRowStatement,
- queryId,
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- ClusterSchemaFetcher.getInstance());
- return result.status;
- } catch (Exception e) {
- if
(CommonDescriptor.getInstance().getConfig().isMayBypassPasswordCheckInException())
{
- return StatusUtils.OK;
- }
- LOGGER.error("Cannot create password history for {}", userId, e);
- return new TSStatus(TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode())
- .setMessage("The server is not ready for login, please check the
server log for details");
- } finally {
- if (queryId != -1) {
- Coordinator.getInstance().cleanupQueryExecution(queryId);
- }
- }
- }
-
- public static TSStatus deletePasswordHistory(long userId) {
- DeleteTimeSeriesStatement deleteTimeSeriesStatement = new
DeleteTimeSeriesStatement();
- deleteTimeSeriesStatement.setMayDeleteAudit(true);
- try {
- PartialPath devicePath =
- new PartialPath(DNAuditLogger.PREFIX_PASSWORD_HISTORY + ".`_" +
userId + "`");
- deleteTimeSeriesStatement.setPathPatternList(
- Arrays.asList(
- devicePath.concatAsMeasurementPath("password"),
- devicePath.concatAsMeasurementPath("oldPassword")));
- } catch (IllegalPathException ignored) {
- return new TSStatus(TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode())
- .setMessage(
- "Cannot delete password history for " + userId + " because the
path will be illegal");
- }
-
- long queryId = -1;
- try {
- SessionInfo sessionInfo =
- new SessionInfo(
- 0,
- new UserEntity(
- AuthorityChecker.INTERNAL_AUDIT_USER_ID,
- AuthorityChecker.INTERNAL_AUDIT_USER,
-
IoTDBDescriptor.getInstance().getConfig().getInternalAddress()),
- ZoneId.systemDefault());
-
- queryId = SessionManager.getInstance().requestQueryId();
- ExecutionResult result =
- Coordinator.getInstance()
- .executeForTreeModel(
- deleteTimeSeriesStatement,
- queryId,
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- ClusterSchemaFetcher.getInstance());
- return result.status;
- } catch (Exception e) {
- if
(CommonDescriptor.getInstance().getConfig().isMayBypassPasswordCheckInException())
{
- return StatusUtils.OK;
- }
- LOGGER.error("Cannot delete password history for {}", userId, e);
- return new TSStatus(TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode())
- .setMessage(
- "The server is not ready for this operation, please check the
server log for details");
- } finally {
- if (queryId != -1) {
- Coordinator.getInstance().cleanupQueryExecution(queryId);
- }
- }
- }
-
- /**
- * Check if the password for the give user has expired.
- *
- * @return the timestamp when the password will expire. Long.MAX if the
password never expires.
- * Null if the password history cannot be found.
- */
- public static Long checkPasswordExpiration(
- final long userId, final String password, final boolean
useEncryptedPassword) {
- if (userId == -1) {
- return null;
- }
-
- // check password expiration
- long passwordExpirationDays =
- CommonDescriptor.getInstance().getConfig().getPasswordExpirationDays();
- boolean mayBypassPasswordCheckInException =
-
CommonDescriptor.getInstance().getConfig().isMayBypassPasswordCheckInException();
-
- TSLastDataQueryReq lastDataQueryReq = new TSLastDataQueryReq();
- lastDataQueryReq.setSessionId(0);
- lastDataQueryReq.setPaths(
- Collections.singletonList(
- DNAuditLogger.PREFIX_PASSWORD_HISTORY + ".`_" + userId +
"`.password"));
-
- long queryId = -1;
- try {
- Statement statement =
StatementGenerator.createStatement(lastDataQueryReq);
- SessionInfo sessionInfo =
- new SessionInfo(
- 0,
- new UserEntity(
- AuthorityChecker.INTERNAL_AUDIT_USER_ID,
- AuthorityChecker.INTERNAL_AUDIT_USER,
-
IoTDBDescriptor.getInstance().getConfig().getInternalAddress()),
- ZoneId.systemDefault());
-
- queryId = SessionManager.getInstance().requestQueryId();
- ExecutionResult result =
- Coordinator.getInstance()
- .executeForTreeModel(
- statement,
- queryId,
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- ClusterSchemaFetcher.getInstance());
- if (result.status.getCode() !=
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- LOGGER.warn("Fail to check password expiration: {}", result.status);
- throw new IoTDBRuntimeException(
- "Cannot query password history because: "
- + result
- + ", please log in later or disable password expiration.",
- result.status.getCode());
- }
-
- IQueryExecution queryExecution =
Coordinator.getInstance().getQueryExecution(queryId);
- Optional<TsBlock> batchResult = queryExecution.getBatchResult();
- if (batchResult.isPresent()) {
- TsBlock tsBlock = batchResult.get();
- if (tsBlock.getPositionCount() <= 0) {
- // no password history, may have upgraded from an older version
- return null;
- }
- long lastPasswordTime =
-
CommonDateTimeUtils.convertIoTDBTimeToMillis(tsBlock.getTimeByIndex(0));
- // columns of last query: [timeseriesName, value, dataType]
- String oldPassword = tsBlock.getColumn(1).getBinary(0).toString();
- if (oldPassword.equals(
- useEncryptedPassword ? password :
AuthUtils.encryptPassword(password))) {
- if (lastPasswordTime + passwordExpirationDays * 1000 * 86400 <=
lastPasswordTime) {
- // overflow or passwordExpirationDays <= 0
- return Long.MAX_VALUE;
- } else {
- return lastPasswordTime + passwordExpirationDays * 1000 * 86400;
- }
- } else {
- // 1. the password is incorrect, later logIn will fail
- // 2. the password history does not record correctly, use the
current time to create one
- return null;
- }
- } else {
- return null;
- }
- } catch (Throwable e) {
- LOGGER.error("Fail to check password expiration", e);
- if (mayBypassPasswordCheckInException) {
- return Long.MAX_VALUE;
- } else {
- throw new IoTDBRuntimeException(
- "Internal server error " + ", please log in later or disable
password expiration.",
- TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode());
- }
- } finally {
- if (queryId != -1) {
- Coordinator.getInstance().cleanupQueryExecution(queryId);
- }
- }
- }
-}
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
index dcf5e36ea58..4703fa77f92 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/conf/CommonConfig.java
@@ -466,9 +466,6 @@ public class CommonConfig {
private String userEncryptTokenHint = "not set yet";
private boolean enforceStrongPassword = false;
- private long passwordExpirationDays = -1;
- // an old password cannot be reused within the given interval if >= 0.
- private long passwordReuseIntervalDays = -1;
private boolean mayBypassPasswordCheckInException = true;
/** whether to enable the audit log * */
@@ -2754,30 +2751,6 @@ public class CommonConfig {
this.enforceStrongPassword = enforceStrongPassword;
}
- public long getPasswordExpirationDays() {
- return passwordExpirationDays;
- }
-
- public void setPasswordExpirationDays(long passwordExpirationDays) {
- this.passwordExpirationDays = passwordExpirationDays;
- }
-
- public long getPasswordReuseIntervalDays() {
- return passwordReuseIntervalDays;
- }
-
- public void setPasswordReuseIntervalDays(long passwordReuseIntervalDays) {
- this.passwordReuseIntervalDays = passwordReuseIntervalDays;
- }
-
- public boolean isMayBypassPasswordCheckInException() {
- return mayBypassPasswordCheckInException;
- }
-
- public void setMayBypassPasswordCheckInException(boolean
mayBypassPasswordCheckInException) {
- this.mayBypassPasswordCheckInException = mayBypassPasswordCheckInException;
- }
-
public boolean isEnableAuditLog() {
return enableAuditLog;
}
