[incubator-streampark] branch dev updated: [Improve] enhance login password protection (#3006)

benjobs Fri, 01 Sep 2023 08:04:53 -0700

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git



The following commit(s) were added to refs/heads/dev by this push:
     new d017ea301 [Improve] enhance login password protection (#3006)
d017ea301 is described below

commit d017ea30130159ed1ca7e2cd238985481f218035
Author: Leomax_Sun <[email protected]>
AuthorDate: Fri Sep 1 23:03:22 2023 +0800

    [Improve] enhance login password protection (#3006)
---
 .../system/security/impl/AuthenticatorImpl.java    | 30 ++++++----------------
 .../console/system/service/UserService.java        |  2 --
 .../system/service/impl/UserServiceImpl.java       | 15 ++++-------
 3 files changed, 13 insertions(+), 34 deletions(-)

diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
index 73956a6e6..2b81a5dd0 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java
@@ -59,9 +59,11 @@ public class AuthenticatorImpl implements Authenticator {
 
   private User passwordAuthenticate(String username, String password) {
     User user = usersService.findByName(username);
-    if (user == null || user.getLoginType() != LoginType.PASSWORD) {
-      throw new ApiAlertException(
-          String.format("user [%s] does not exist or can not login with 
PASSWORD", username));
+    if (user == null) {
+      throw new ApiAlertException(String.format("user [%s] does not exist", 
username));
+    }
+    if (user.getLoginType() != LoginType.PASSWORD) {
+      throw new ApiAlertException(String.format("user [%s] can not login with 
PASSWORD", username));
     }
     String salt = user.getSalt();
     password = ShaHashUtils.encrypt(salt, password);
@@ -84,21 +86,9 @@ public class AuthenticatorImpl implements Authenticator {
         throw new ApiAlertException(
             String.format("user [%s] can only sign in with %s", username, 
user.getLoginType()));
       }
-      String saltPassword = ShaHashUtils.encrypt(user.getSalt(), password);
-
-      // ldap password changed, we should update user password
-      if (!StringUtils.equals(saltPassword, user.getPassword())) {
-
-        // encrypt password again
-        String salt = ShaHashUtils.getRandomSalt();
-        saltPassword = ShaHashUtils.encrypt(salt, password);
-        user.setSalt(salt);
-        user.setPassword(saltPassword);
-        usersService.updateSaltPassword(user);
-      }
       return user;
     }
-    return this.newUserCreate(LoginType.LDAP, username, password);
+    return this.newUserCreate(LoginType.LDAP, username);
   }
 
   private User ssoAuthenticate(String username) throws Exception {
@@ -111,11 +101,10 @@ public class AuthenticatorImpl implements Authenticator {
       }
       return user;
     }
-    return this.newUserCreate(LoginType.SSO, username, null);
+    return this.newUserCreate(LoginType.SSO, username);
   }
 
-  private User newUserCreate(LoginType loginType, String username, String 
password)
-      throws Exception {
+  private User newUserCreate(LoginType loginType, String username) throws 
Exception {
     User newUser = new User();
     newUser.setCreateTime(new Date());
     newUser.setUsername(username);
@@ -124,9 +113,6 @@ public class AuthenticatorImpl implements Authenticator {
     newUser.setUserType(UserType.USER);
     newUser.setStatus(User.STATUS_VALID);
     newUser.setSex(User.SEX_UNKNOWN);
-    if (password != null) {
-      newUser.setPassword(password);
-    }
     usersService.createUser(newUser);
     return newUser;
   }
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
index af513023e..b1709acda 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/UserService.java
@@ -80,8 +80,6 @@ public interface UserService extends IService<User> {
    */
   void updatePassword(User user) throws Exception;
 
-  void updateSaltPassword(User user) throws Exception;
-
   /**
    * reset password
    *
diff --git 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
index 514dbc946..6622a959f 100644
--- 
a/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
+++ 
b/streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/service/impl/UserServiceImpl.java
@@ -26,6 +26,7 @@ import 
org.apache.streampark.console.base.exception.ApiAlertException;
 import org.apache.streampark.console.base.properties.ShiroProperties;
 import org.apache.streampark.console.base.util.ShaHashUtils;
 import org.apache.streampark.console.base.util.WebUtils;
+import org.apache.streampark.console.core.enums.LoginType;
 import org.apache.streampark.console.core.service.ApplicationService;
 import org.apache.streampark.console.core.service.ResourceService;
 import org.apache.streampark.console.system.authentication.JWTToken;
@@ -125,6 +126,7 @@ public class UserServiceImpl extends 
ServiceImpl<UserMapper, User> implements Us
   @Transactional(rollbackFor = Exception.class)
   public RestResponse updateUser(User user) {
     User existsUser = getById(user.getUserId());
+    user.setLoginType(null);
     user.setPassword(null);
     user.setModifyTime(new Date());
     if (needTransferResource(existsUser, user)) {
@@ -148,6 +150,9 @@ public class UserServiceImpl extends 
ServiceImpl<UserMapper, User> implements Us
   public void updatePassword(User userParam) {
     User user = getById(userParam.getUserId());
     ApiAlertException.throwIfNull(user, "User is null. Update password 
failed.");
+    ApiAlertException.throwIfFalse(
+        user.getLoginType() == LoginType.PASSWORD,
+        "Can only update password for user who sign in with PASSWORD");
 
     String saltPassword = ShaHashUtils.encrypt(user.getSalt(), 
userParam.getOldPassword());
     ApiAlertException.throwIfFalse(
@@ -161,16 +166,6 @@ public class UserServiceImpl extends 
ServiceImpl<UserMapper, User> implements Us
     this.baseMapper.updateById(user);
   }
 
-  @Override
-  @Transactional(rollbackFor = Exception.class)
-  public void updateSaltPassword(User userParam) {
-    User user = getById(userParam.getUserId());
-    ApiAlertException.throwIfNull(user, "User is null. Update password 
failed.");
-    user.setSalt(userParam.getSalt());
-    user.setPassword(userParam.getPassword());
-    this.baseMapper.updateById(user);
-  }
-
   @Override
   @Transactional(rollbackFor = Exception.class)
   public String resetPassword(String username) {

[incubator-streampark] branch dev updated: [Improve] enhance login password protection (#3006)

Reply via email to