This is an automated email from the ASF dual-hosted git repository.
critas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 8e61e3072ab Remove JDBC sensitive information output (#14857)
8e61e3072ab is described below
commit 8e61e3072ab9ee9a1bbf6c3230014111965462bf
Author: CritasWang <[email protected]>
AuthorDate: Mon Feb 17 16:13:54 2025 +0800
Remove JDBC sensitive information output (#14857)
* Remove JDBC sensitive information output
* fix todos
* fix todos
* remove OpenId sensitive information output
* fix openid
* remove pw for User.toString
* fix ut
---
.github/workflows/todos-check.yml | 20 +++++++++++++-------
.../apache/iotdb/jdbc/IoTDBDataSourceFactory.java | 3 ---
.../org/apache/iotdb/db/auth/entity/UserTest.java | 4 ++--
.../commons/auth/authorizer/OpenIdAuthorizer.java | 6 ++----
.../org/apache/iotdb/commons/auth/entity/User.java | 8 +++++---
5 files changed, 22 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/todos-check.yml
b/.github/workflows/todos-check.yml
index 46b4f0ad5af..602edfb4612 100644
--- a/.github/workflows/todos-check.yml
+++ b/.github/workflows/todos-check.yml
@@ -37,12 +37,18 @@ jobs:
echo "No changes detected."
exit 0
fi
+
+
# Check the diff for TODOs
- echo "$DIFF" | grep -E '^\+.*(TODO|FIXME)' > check.log
- if [ $(wc -l < check.log> -eq 0)]; then
- echo "No TODOs or FIXMEs found in changed content."
- else
- echo "TODO or FIXME found in the changes. Please resolve it before
merging."
- cat check.log
- exit 1
+
+ # Check the diff for TODOs
+ echo Check the diff for TODOs
+ TODOsCOUNT=$(echo "$DIFF" | grep -E '^\+.*(TODO|FIXME)' | wc -l)
+ if [ "$TODOsCOUNT" -eq 0 ]; then
+ echo "No TODOs or FIXMEs found in changed content.";
+ exit 0
fi
+
+ echo "TODO or FIXME found in the changes. Please resolve it before
merging."
+ echo "$DIFF" | grep -E '^\+.*(TODO|FIXME)' | tee -a output.log
+ exit 1
diff --git
a/iotdb-client/jdbc/src/main/java/org/apache/iotdb/jdbc/IoTDBDataSourceFactory.java
b/iotdb-client/jdbc/src/main/java/org/apache/iotdb/jdbc/IoTDBDataSourceFactory.java
index 81259278dc8..8e601d5df6f 100644
---
a/iotdb-client/jdbc/src/main/java/org/apache/iotdb/jdbc/IoTDBDataSourceFactory.java
+++
b/iotdb-client/jdbc/src/main/java/org/apache/iotdb/jdbc/IoTDBDataSourceFactory.java
@@ -45,16 +45,13 @@ public class IoTDBDataSourceFactory implements
DataSourceFactory {
String url = (String) properties.remove(DataSourceFactory.JDBC_URL);
if (url != null) {
ds.setUrl(url);
- logger.info("URL set {}", url);
}
String user = (String) properties.remove(DataSourceFactory.JDBC_USER);
ds.setUser(user);
- logger.info("User set {}", user);
String password = (String)
properties.remove(DataSourceFactory.JDBC_PASSWORD);
ds.setPassword(password);
- logger.info("Password set {}", password);
logger.info("Remaining properties {}", properties.size());
diff --git
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
index 42d9c7c497c..8f46433439d 100644
---
a/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
+++
b/iotdb-core/datanode/src/test/java/org/apache/iotdb/db/auth/entity/UserTest.java
@@ -39,13 +39,13 @@ public class UserTest {
user.setPathPrivileges(
new PartialPath("root.ln"),
Collections.singleton(PrivilegeType.WRITE_DATA));
Assert.assertEquals(
- "User{name='user', password='password', pathPrivilegeList=[root.ln :
WRITE_DATA], "
+ "User{name='user', pathPrivilegeList=[root.ln : WRITE_DATA], "
+ "sysPrivilegeSet=[], AnyScopePrivilegeMap=[],
objectPrivilegeMap={}, roleList=[], isOpenIdUser=false}",
user.toString());
User user1 = new User("user1", "password1");
user1.deserialize(user.serialize());
Assert.assertEquals(
- "User{name='user', password='password', pathPrivilegeList=[root.ln :
WRITE_DATA], "
+ "User{name='user', pathPrivilegeList=[root.ln : WRITE_DATA], "
+ "sysPrivilegeSet=[], AnyScopePrivilegeMap=[],
objectPrivilegeMap={}, roleList=[], isOpenIdUser=false}",
user1.toString());
Assert.assertEquals(user1, user);
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
index f46ba20348e..f540269e3cc 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
@@ -148,9 +148,7 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
public boolean login(String token, String password) throws AuthException {
if (password != null && !password.isEmpty()) {
logger.error(
- "JWT Login failed as a non-empty Password was given username
(token): {}, password: {}",
- token,
- password);
+ "JWT Login failed as a non-empty Password was given username
(token): {}", token);
return false;
}
if (token == null || token.isEmpty()) {
@@ -162,7 +160,7 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
try {
claims = validateToken(token);
} catch (JwtException e) {
- logger.error("Unable to login the user wit jwt {}", password, e);
+ logger.error("Unable to login the user with Username (token) {}", token,
e);
return false;
}
logger.debug("JWT was validated successfully!");
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java
index 7fef5856c61..c0098cf0d51 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/User.java
@@ -188,15 +188,17 @@ public class User extends Role {
roleSet = new HashSet<>(SerializeUtils.deserializeStringList(buffer));
}
+ /**
+ * TestOnly, get the string representation of the user.
+ *
+ * @return string representation of the user
+ */
@Override
public String toString() {
return "User{"
+ "name='"
+ super.getName()
+ '\''
- + ", password='"
- + password
- + '\''
+ ", pathPrivilegeList="
+ pathPrivilegeList
+ ", sysPrivilegeSet="
