修复: 重命名用户后不能通过原来的密码登录

lealone · Mar 26, 2017 · 94082a1 · 94082a1
1 parent 2d35811
commit 94082a1
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 5 deletions.
diff --git a/lealone-common/src/main/java/org/lealone/db/ConnectionInfo.java b/lealone-common/src/main/java/org/lealone/db/ConnectionInfo.java
@@ -387,6 +387,9 @@ private static byte[] hashPassword(boolean passwordHash, String userName, char[]
         if (passwordHash) {
             return StringUtils.convertHexToBytes(new String(password));
         }
+        // 不能用用户名和密码组成hash，否则重命名用户后将不能通过原来的密码登录
+        // TODO 如果不用固定的名称是否还有更好办法？
+        userName = Constants.PROJECT_NAME;
         if (userName.length() == 0 && password.length == 0) {
             return new byte[0];
         }

diff --git a/lealone-sql/src/main/java/org/lealone/sql/ddl/CreateUser.java b/lealone-sql/src/main/java/org/lealone/sql/ddl/CreateUser.java
@@ -10,6 +10,7 @@
 import org.lealone.common.exceptions.DbException;
 import org.lealone.common.security.SHA256;
 import org.lealone.common.util.StringUtils;
+import org.lealone.db.Constants;
 import org.lealone.db.Database;
 import org.lealone.db.ServerSession;
 import org.lealone.db.auth.User;
@@ -129,6 +130,9 @@ static void setPassword(User user, ServerSession session, Expression password) {
         char[] passwordChars = pwd == null ? new char[0] : pwd.toCharArray();
         byte[] userPasswordHash;
         String userName = user.getName();
+        // 不能用用户名和密码组成hash，否则重命名用户后将不能通过原来的密码登录
+        // TODO 如果不用固定的名称是否还有更好办法？
+        userName = Constants.PROJECT_NAME;
         if (userName.isEmpty() && passwordChars.length == 0) {
             userPasswordHash = new byte[0];
         } else {

diff --git a/lealone-test/src/test/java/org/lealone/test/TestBase.java b/lealone-test/src/test/java/org/lealone/test/TestBase.java
@@ -77,6 +77,10 @@ public static synchronized void initTransactionEngine() {
         }
     }
 
+    protected String dbName = DB_NAME;
+    protected String user = USER;
+    protected String password = PASSWORD;
+
     private final Map<String, String> connectionParameters = new HashMap<>();
     private String storageEngineName = getDefaultStorageEngineName();
     private boolean embedded = false;
@@ -166,7 +170,7 @@ public void printURL() {
     }
 
     public synchronized String getURL() {
-        return getURL(DB_NAME);
+        return getURL(dbName);
     }
 
     public synchronized String getURL(String user, String password) {

diff --git a/lealone-test/src/test/java/org/lealone/test/sql/SqlTestBase.java b/lealone-test/src/test/java/org/lealone/test/sql/SqlTestBase.java
@@ -32,10 +32,6 @@
 
 public class SqlTestBase extends TestBase {
 
-    protected String dbName;
-    protected String user;
-    protected String password;
-
     protected Connection conn;
     protected Statement stmt;
     protected ResultSet rs;

diff --git a/lealone-test/src/test/java/org/lealone/test/sql/ddl/AlterUserTest.java b/lealone-test/src/test/java/org/lealone/test/sql/ddl/AlterUserTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.lealone.test.sql.ddl;
+
+import java.sql.Connection;
+
+import org.junit.Test;
+import org.lealone.db.LealoneDatabase;
+import org.lealone.test.sql.SqlTestBase;
+
+//之前存在bug: 内部实现用用户名和密码组成hash，重命名用户后不能通过原来的密码登录
+//这个测试用例就是用来测试这个bug
+public class AlterUserTest extends SqlTestBase {
+
+    public AlterUserTest() {
+        super(LealoneDatabase.NAME);
+    }
+
+    @Test
+    public void run() throws Exception {
+        stmt.executeUpdate("DROP USER IF EXISTS test1");
+        stmt.executeUpdate("DROP USER IF EXISTS test2");
+        stmt.executeUpdate("CREATE USER IF NOT EXISTS test1 PASSWORD 'test'");
+        try (Connection conn = getConnection("test1", "test")) {
+        } catch (Exception e) {
+            fail();
+        }
+        stmt.executeUpdate("ALTER USER test1 RENAME TO test2");
+        try (Connection conn = getConnection("test2", "test")) {
+        } catch (Exception e) {
+            fail();
+        }
+    }
+
+}