This is an automated email from the ASF dual-hosted git repository.
xincheng pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new a826ed2c1a [Improvement][security] get-user-info API endpoint should
not return the user's password in MD5 format (#14680)
a826ed2c1a is described below
commit a826ed2c1a797396ec71ddabe914fabafd77e977
Author: Gallardot <[email protected]>
AuthorDate: Mon Aug 14 18:28:11 2023 +0800
[Improvement][security] get-user-info API endpoint should not return the
user's password in MD5 format (#14680)
* [Improvement][security] get-user-info API endpoint should not return the
user's password in MD5 format
Signed-off-by: Gallardot <[email protected]>
* [Improvement][security] list-paging API endpoint should not return the
user's password in MD5 format
Signed-off-by: Gallardot <[email protected]>
---------
Signed-off-by: Gallardot <[email protected]>
Co-authored-by: Aaron Wang <[email protected]>
---
.../org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java | 3 +++
.../resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index 9baf454c14..91a5a78afc 100644
---
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -1086,6 +1086,9 @@ public class UsersServiceImpl extends BaseServiceImpl
implements UsersService {
user.setTimeZone(TimeZone.getDefault().toZoneId().getId());
}
+ // remove password
+ user.setUserPassword(null);
+
result.put(Constants.DATA_LIST, user);
putMsg(result, Status.SUCCESS);
diff --git
a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
index 719e9c59df..ef8b1ce2a2 100644
---
a/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
+++
b/dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
@@ -48,7 +48,7 @@
where user_name=#{userName} and user_password = #{password}
</select>
<select id="queryUserPaging"
resultType="org.apache.dolphinscheduler.dao.entity.User">
- select
u.id,u.user_name,u.user_password,u.user_type,u.email,u.phone,u.tenant_id,u.create_time,
+ select
u.id,u.user_name,u.user_type,u.email,u.phone,u.tenant_id,u.create_time,
u.update_time,t.tenant_code,u.state,
case when u.queue <![CDATA[ <> ]]> '' then u.queue else q.queue_name
end as queue, q.queue_name
from t_ds_user u