Re: [PR] AMBARI-26061 : Add password validation criteria for ambari local users [ambari]

[via GitHub]

JiaLiangC commented on code in PR #3776:
URL: https://github.com/apache/ambari/pull/3776#discussion_r1637584454


##########
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserAuthenticationEntity.java:
##########
@@ -101,13 +101,35 @@ public void setAuthenticationType(UserAuthenticationType 
authenticationType) {
   }
 
   public String getAuthenticationKey() {
+    int firstCommaIndex = authenticationKey.indexOf(",");
+    if (firstCommaIndex != -1) {
+      return authenticationKey.substring(0, firstCommaIndex);
+    }
+    return authenticationKey;
+  }
+
+  public String getFullAuthenticationKey() {
     return authenticationKey;
   }
 
   public void setAuthenticationKey(String authenticationKey) {
     this.authenticationKey = authenticationKey;
   }
 
+  public void updateAuthenticationKey(String newAuthenticationKey, int 
historyCount) {
+    int currentCount = this.authenticationKey.split(",").length;
+    while(currentCount >= historyCount){
+      int lastCommaIndex = this.authenticationKey.lastIndexOf(",");
+      if(lastCommaIndex == -1){
+        this.authenticationKey = "";
+      } else {
+        this.authenticationKey = this.authenticationKey.substring(0, 
lastCommaIndex);
+      }
+      currentCount--;
+    }
+    this.authenticationKey = newAuthenticationKey + "," + 
this.authenticationKey;
+  }

Review Comment:
   @himanshumaurya09876 An while loop is not very elegant or readable.
   ```suggestion
     public void updateAuthenticationKey(String newAuthenticationKey, int 
historyCount) {
       if (this.authenticationKey == null || this.authenticationKey.isEmpty()) {
           this.authenticationKey = newAuthenticationKey;
       } else {
           String[] keys = this.authenticationKey.split(",");
           List<String> keyList = new ArrayList<>(Arrays.asList(keys));
           if (keyList.size() >= historyCount) {
               keyList = keyList.subList(0, historyCount - 1);
           }
           keyList.add(0, newAuthenticationKey);
           this.authenticationKey = String.join(",", keyList);
       }
   }
   ```



##########
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java:
##########
@@ -4138,6 +4146,13 @@ public String getPasswordPolicyDescription() {
     return getProperty(PASSWORD_POLICY_DESCRIPTION);
   }
 
+  /**
+   * @return Password policy history count
+   */
+  public int getPasswordPolicyHistoryCount() {
+    return Integer.parseInt(getProperty(PASSWORD_POLICY_HISTORY_COUNT));

Review Comment:
   @himanshumaurya09876  Lack of parameter validation logic: 
PASSWORD_POLICY_HISTORY_COUNT must be a number between 1 and 10 (with 10 being 
just an example). You should set a suitable value based on your experience or 
by referring to other components. If the maximum retention length is not set, 
retaining too many historical passwords may adversely affect program 
performance.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org
For additional commands, e-mail: dev-h...@ambari.apache.org