(iotdb) branch master updated: Fix raw password user sync under strong policy (#18021)

Thu, 25 Jun 2026 01:45:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

jt2594838 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/master by this push:
     new e0e79aaaaaf Fix raw password user sync under strong policy (#18021)
e0e79aaaaaf is described below

commit e0e79aaaaafe077db04ac4f55e01d4e1ccbbd855
Author: Caideyipi <[email protected]>
AuthorDate: Thu Jun 25 16:44:48 2026 +0800

    Fix raw password user sync under strong policy (#18021)
---
 .../confignode/persistence/AuthorInfoTest.java     | 44 +++++++++++++++++++++-
 .../iotdb/commons/auth/user/BasicUserManager.java  |  6 ++-
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --git 
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
 
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
index 34a9a411133..6e5e80fff5d 100644
--- 
a/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
+++ 
b/iotdb-core/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
@@ -649,7 +649,9 @@ public class AuthorInfoTest {
   }
 
   @Test
-  public void createUserWithRawPassword() {
+  public void createUserWithRawPassword() throws AuthException {
+    cleanUserAndRole();
+
     TSStatus status;
     AuthorPlan authorPlan;
     authorPlan =
@@ -666,6 +668,46 @@ public class AuthorInfoTest {
     assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), 
status.getCode());
     TPermissionInfoResp result = authorInfo.login("testuser", 
"password123456", false);
     assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), 
result.getStatus().getCode());
+
+    final boolean originalEnforceStrongPassword =
+        CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword();
+    CommonDescriptor.getInstance().getConfig().setEnforceStrongPassword(true);
+    try {
+      authorPlan =
+          new AuthorTreePlan(
+              ConfigPhysicalPlanType.CreateUser,
+              "legacyuser",
+              "",
+              "legacyuser",
+              "",
+              new HashSet<>(),
+              false,
+              new ArrayList<>());
+      status = authorInfo.authorNonQuery(authorPlan);
+      assertEquals(TSStatusCode.ILLEGAL_PASSWORD.getStatusCode(), 
status.getCode());
+
+      assertEquals(
+          TSStatusCode.USER_NOT_EXIST.getStatusCode(),
+          authorInfo.login("legacyuser", "legacyuser", 
true).getStatus().getCode());
+      authorPlan =
+          new AuthorTreePlan(
+              ConfigPhysicalPlanType.CreateUserWithRawPassword,
+              "legacyuser",
+              "",
+              "legacyuser",
+              "",
+              new HashSet<>(),
+              false,
+              new ArrayList<>());
+      status = authorInfo.authorNonQuery(authorPlan);
+      assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), 
status.getCode());
+      result = authorInfo.login("legacyuser", "legacyuser", true);
+      assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(), 
result.getStatus().getCode());
+    } finally {
+      CommonDescriptor.getInstance()
+          .getConfig()
+          .setEnforceStrongPassword(originalEnforceStrongPassword);
+    }
   }
 
   private void checkAuthorNonQueryReturn(AuthorPlan plan) {
diff --git 
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
 
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
index ad5f2214dff..f359c3665b5 100644
--- 
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
+++ 
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
@@ -205,7 +205,8 @@ public abstract class BasicUserManager extends 
BasicRoleManager {
   private void validCheckForNewUser(String username, String password, boolean 
enableEncrypt)
       throws AuthException {
     if 
(!CommonDescriptor.getInstance().getConfig().getDefaultAdminName().equals(username))
 {
-      if (username.equals(password)
+      if (enableEncrypt
+          && username.equals(password)
           && 
CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()) {
         throw new AuthException(
             TSStatusCode.ILLEGAL_PASSWORD, 
AuthMessages.PASSWORD_SAME_AS_USERNAME);
@@ -220,7 +221,8 @@ public abstract class BasicUserManager extends 
BasicRoleManager {
   private void validCheckForBuiltinUser(
       String username, String password, boolean enableEncrypt, long userId) 
throws AuthException {
     if 
(!CommonDescriptor.getInstance().getConfig().getDefaultAdminName().equals(username))
 {
-      if (username.equals(password)
+      if (enableEncrypt
+          && username.equals(password)
           && 
CommonDescriptor.getInstance().getConfig().isEnforceStrongPassword()) {
         throw new AuthException(
             TSStatusCode.ILLEGAL_PASSWORD, 
AuthMessages.PASSWORD_SAME_AS_USERNAME);

Reply via email to