[servicecomb-service-center] branch master updated: the algorithm used for changing the account password is different from that for creating the account (#1388)

Tue, 07 Feb 2023 23:48:36 -0800 

This is an automated email from the ASF dual-hosted git repository.

tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git


The following commit(s) were added to refs/heads/master by this push:
     new 2a92f4e2 the algorithm used for changing the account password is 
different from that for creating the account (#1388)
2a92f4e2 is described below

commit 2a92f4e2804d915002a98c44e8663652fb8a5ed2
Author: Sphairis <[email protected]>
AuthorDate: Wed Feb 8 15:48:25 2023 +0800

    the algorithm used for changing the account password is different from that 
for creating the account (#1388)
    
    Co-authored-by: SphaIris <aaalixiaopei123>
---
 server/service/rbac/password.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/server/service/rbac/password.go b/server/service/rbac/password.go
index 74c13127..9631bab9 100644
--- a/server/service/rbac/password.go
+++ b/server/service/rbac/password.go
@@ -21,15 +21,12 @@ import (
        "context"
        "fmt"
 
-       "github.com/go-chassis/cari/discovery"
-       "github.com/go-chassis/cari/rbac"
-       "github.com/go-chassis/foundation/stringutil"
-       "golang.org/x/crypto/bcrypt"
-
        "github.com/apache/servicecomb-service-center/pkg/log"
        "github.com/apache/servicecomb-service-center/pkg/privacy"
        "github.com/apache/servicecomb-service-center/pkg/util"
        "github.com/apache/servicecomb-service-center/server/service/validator"
+       "github.com/go-chassis/cari/discovery"
+       "github.com/go-chassis/cari/rbac"
 )
 
 func ChangePassword(ctx context.Context, a *rbac.Account) error {
@@ -96,12 +93,12 @@ func changePassword(ctx context.Context, name, 
currentPassword, pwd string) erro
 }
 
 func doChangePassword(ctx context.Context, old *rbac.Account, pwd string) 
error {
-       hash, err := bcrypt.GenerateFromPassword([]byte(pwd), 14)
+       var err error
+       old.Password, err = privacy.ScryptPassword(pwd)
        if err != nil {
-               log.Error("pwd hash failed", err)
+               log.Error("encrypt password failed", err)
                return err
        }
-       old.Password = stringutil.Bytes2str(hash)
        err = EditAccount(ctx, old)
        if err != nil {
                log.Error("can not change pwd", err)

Reply via email to