This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 956ae6bd4 [#5968] fix(server-common): The owner of the catalog is
incorrect when using Basic Auth and Password is empty (#6023)
956ae6bd4 is described below
commit 956ae6bd4cd61e4c6ee6a3a2e4cddddfaecc0993
Author: TengYao Chi <[email protected]>
AuthorDate: Mon Dec 30 15:41:35 2024 +0800
[#5968] fix(server-common): The owner of the catalog is incorrect when
using Basic Auth and Password is empty (#6023)
### Why are the changes needed?
Current implementation of `SimpleAuthenticator` doesn't comply with HTTP
Basic Authentication specification, which allows username-only or
username with empty password formats.
Fix: #5968
### Does this PR introduce _any_ user-facing change?
n/a
### How was this patch tested?
Unit test
---
.../server/authentication/SimpleAuthenticator.java | 2 +-
.../authentication/TestSimpleAuthenticator.java | 27 ++++++++++++++++++++--
2 files changed, 26 insertions(+), 3 deletions(-)
diff --git
a/server-common/src/main/java/org/apache/gravitino/server/authentication/SimpleAuthenticator.java
b/server-common/src/main/java/org/apache/gravitino/server/authentication/SimpleAuthenticator.java
index 88ecebd91..1ff2195f1 100644
---
a/server-common/src/main/java/org/apache/gravitino/server/authentication/SimpleAuthenticator.java
+++
b/server-common/src/main/java/org/apache/gravitino/server/authentication/SimpleAuthenticator.java
@@ -59,7 +59,7 @@ class SimpleAuthenticator implements Authenticator {
try {
String[] userInformation =
new String(Base64.getDecoder().decode(credential),
StandardCharsets.UTF_8).split(":");
- if (userInformation.length != 2) {
+ if (userInformation.length < 1 || userInformation[0].isEmpty()) {
return ANONYMOUS_PRINCIPAL;
}
return new UserPrincipal(userInformation[0]);
diff --git
a/server-common/src/test/java/org/apache/gravitino/server/authentication/TestSimpleAuthenticator.java
b/server-common/src/test/java/org/apache/gravitino/server/authentication/TestSimpleAuthenticator.java
index fd12e71d3..c98380b97 100644
---
a/server-common/src/test/java/org/apache/gravitino/server/authentication/TestSimpleAuthenticator.java
+++
b/server-common/src/test/java/org/apache/gravitino/server/authentication/TestSimpleAuthenticator.java
@@ -47,11 +47,34 @@ public class TestSimpleAuthenticator {
.authenticateToken(
AuthConstants.AUTHORIZATION_BASIC_HEADER.getBytes(StandardCharsets.UTF_8))
.getName());
+ String fullCredentials = "test-user:123";
+ String basicToken =
+ AuthConstants.AUTHORIZATION_BASIC_HEADER
+ +
Base64.getEncoder().encodeToString(fullCredentials.getBytes(StandardCharsets.UTF_8));
+ Assertions.assertEquals(
+ fullCredentials.split(":")[0],
+ simpleAuthenticator
+ .authenticateToken(basicToken.getBytes(StandardCharsets.UTF_8))
+ .getName());
+ String credentialsOnlyHaveUsername = "test-user:";
+ basicToken =
+ AuthConstants.AUTHORIZATION_BASIC_HEADER
+ + Base64.getEncoder()
+
.encodeToString(credentialsOnlyHaveUsername.getBytes(StandardCharsets.UTF_8));
+ Assertions.assertEquals(
+ fullCredentials.split(":")[0],
+ simpleAuthenticator
+ .authenticateToken(basicToken.getBytes(StandardCharsets.UTF_8))
+ .getName());
+ String credentialsOnlyHavePassword = ":123";
+ basicToken =
+ AuthConstants.AUTHORIZATION_BASIC_HEADER
+ + Base64.getEncoder()
+
.encodeToString(credentialsOnlyHavePassword.getBytes(StandardCharsets.UTF_8));
Assertions.assertEquals(
AuthConstants.ANONYMOUS_USER,
simpleAuthenticator
- .authenticateToken(
- (AuthConstants.AUTHORIZATION_BASIC_HEADER +
"xx").getBytes(StandardCharsets.UTF_8))
+ .authenticateToken(basicToken.getBytes(StandardCharsets.UTF_8))
.getName());
Assertions.assertEquals(
"gravitino",
