xiangfu0 commented on code in PR #11904:
URL: https://github.com/apache/pinot/pull/11904#discussion_r1387466511
##########
pinot-common/src/main/java/org/apache/pinot/common/utils/BcryptUtils.java:
##########
@@ -18,33 +18,48 @@
*/
package org.apache.pinot.common.utils;
+import com.google.common.cache.Cache;
import org.mindrot.jbcrypt.BCrypt;
+
public class BcryptUtils {
- private static final int DEFALUT_LOG_ROUNDS = 10;
- private static String _bcryptPassword = null;
+ private static final int DEFALUT_LOG_ROUNDS = 10;
+ private static String _bcryptPassword = null;
- private BcryptUtils() {
- }
+ private BcryptUtils() {
+ }
- public static String encrypt(String password) {
- return encrypt(password, DEFALUT_LOG_ROUNDS);
- }
+ public static String encrypt(String password) {
+ return encrypt(password, DEFALUT_LOG_ROUNDS);
+ }
+
+ public static String encrypt(String password, int saltLogRrounds) {
+ _bcryptPassword = BCrypt.hashpw(password, BCrypt.gensalt(saltLogRrounds));
+ return _bcryptPassword;
+ }
- public static String encrypt(String password, int saltLogRrounds) {
- _bcryptPassword = BCrypt.hashpw(password,
BCrypt.gensalt(saltLogRrounds));
- return _bcryptPassword;
+ public static boolean checkpw(String pasword, String encrypedPassword) {
+ boolean isMatch = false;
+ try {
+ isMatch = BCrypt.checkpw(pasword, encrypedPassword);
+ } catch (Exception e) {
+ System.out.println(e.getMessage());
+ } finally {
+ return isMatch;
}
+ }
- public static boolean checkpw(String pasword, String encrypedPassword) {
- boolean isMatch = false;
- try {
- isMatch = BCrypt.checkpw(pasword, encrypedPassword);
- } catch (Exception e) {
- System.out.println(e.getMessage());
- } finally {
- return isMatch;
- }
+ public static boolean checkpwWithCache(String password, String
encryptedPassword,
+ Cache<String, String> userPasswordAuthCache) {
+ boolean isMatch = true;
+ String cachedPassword =
userPasswordAuthCache.getIfPresent(encryptedPassword);
+ if (cachedPassword == null || !cachedPassword.equals(password)) {
+ isMatch = checkpw(password, encryptedPassword);
Review Comment:
This means wrong credential will force the `checkpw` every time right?
Since we already have a zk subscribe, is it necessary to check the password?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
