INNOCENT-BOY commented on code in PR #11904:
URL: https://github.com/apache/pinot/pull/11904#discussion_r1387499908
##########
pinot-common/src/main/java/org/apache/pinot/common/utils/BcryptUtils.java:
##########
@@ -18,33 +18,48 @@
*/
package org.apache.pinot.common.utils;
+import com.google.common.cache.Cache;
import org.mindrot.jbcrypt.BCrypt;
+
public class BcryptUtils {
- private static final int DEFALUT_LOG_ROUNDS = 10;
- private static String _bcryptPassword = null;
+ private static final int DEFALUT_LOG_ROUNDS = 10;
+ private static String _bcryptPassword = null;
- private BcryptUtils() {
- }
+ private BcryptUtils() {
+ }
- public static String encrypt(String password) {
- return encrypt(password, DEFALUT_LOG_ROUNDS);
- }
+ public static String encrypt(String password) {
+ return encrypt(password, DEFALUT_LOG_ROUNDS);
+ }
+
+ public static String encrypt(String password, int saltLogRrounds) {
+ _bcryptPassword = BCrypt.hashpw(password, BCrypt.gensalt(saltLogRrounds));
+ return _bcryptPassword;
+ }
- public static String encrypt(String password, int saltLogRrounds) {
- _bcryptPassword = BCrypt.hashpw(password,
BCrypt.gensalt(saltLogRrounds));
- return _bcryptPassword;
+ public static boolean checkpw(String pasword, String encrypedPassword) {
+ boolean isMatch = false;
+ try {
+ isMatch = BCrypt.checkpw(pasword, encrypedPassword);
+ } catch (Exception e) {
+ System.out.println(e.getMessage());
+ } finally {
+ return isMatch;
}
+ }
- public static boolean checkpw(String pasword, String encrypedPassword) {
- boolean isMatch = false;
- try {
- isMatch = BCrypt.checkpw(pasword, encrypedPassword);
- } catch (Exception e) {
- System.out.println(e.getMessage());
- } finally {
- return isMatch;
- }
+ public static boolean checkpwWithCache(String password, String
encryptedPassword,
+ Cache<String, String> userPasswordAuthCache) {
+ boolean isMatch = true;
+ String cachedPassword =
userPasswordAuthCache.getIfPresent(encryptedPassword);
+ if (cachedPassword == null || !cachedPassword.equals(password)) {
+ isMatch = checkpw(password, encryptedPassword);
Review Comment:
Hi @xiangfu0 , You are right, each wrong credential will force the checkpw
every time. In my opnion, If we have n users, the time complexity for executing
checkpw is almost O(n) in one day. And I think this should be tolerable for
pinot users.
I think it is necessary to check to password. I will give an example. Such
we have a user: admin, password: admin. The path
/PinotCluster/PROPERTYSTORE/CONFIGS/USER/admin_CONTROLLER in zookeeper will
store below details which save password as encrypted password:
"$2a$10$DoCs2UyjBeBk9H7pvZw8kehCa9ot7ofdcF8uKx30PNHdyTyvG4Tiq" other than plain
text password "admin".
```json
{
"id" : "admin",
"simpleFields" : {
"password" :
"$2a$10$DoCs2UyjBeBk9H7pvZw8kehCa9ot7ofdcF8uKx30PNHdyTyvG4Tiq",
"component" : "CONTROLLER",
"role" : "ADMIN",
"username" : "admin"
},
"mapFields" : { },
"listFields" : { }
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
