github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[Improvement][security] get-user-info API endpoint should not return the user's password in MD5 format (#14680) 

* [Improvement][security] get-user-info API endpoint should not return the user's password in MD5 format

Signed-off-by: Gallardot <gallardot@apache.org>

* [Improvement][security] list-paging API endpoint should not return the user's password in MD5 format

Signed-off-by: Gallardot <gallardot@apache.org>

---------

Signed-off-by: Gallardot <gallardot@apache.org>
Co-authored-by: Aaron Wang <wangweirao16@gmail.com>
augit-log
Gallardot 9 months ago committed by GitHub
parent
25480ae9e7
commit
a826ed2c1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
  2. 2
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml

3
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
Unescape View File

@ -1086,6 +1086,9 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
user.setTimeZone(TimeZone.getDefault().toZoneId().getId());
}
// remove password
user.setUserPassword(null);
result.put(Constants.DATA_LIST, user);
putMsg(result, Status.SUCCESS);

2
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml
Unescape View File

@ -48,7 +48,7 @@
where user_name=#{userName} and user_password = #{password}
</select>
<select id="queryUserPaging" resultType="org.apache.dolphinscheduler.dao.entity.User">
select u.id,u.user_name,u.user_password,u.user_type,u.email,u.phone,u.tenant_id,u.create_time,
select u.id,u.user_name,u.user_type,u.email,u.phone,u.tenant_id,u.create_time,
u.update_time,t.tenant_code,u.state,
case when u.queue <![CDATA[ <> ]]> '' then u.queue else q.queue_name end as queue, q.queue_name
from t_ds_user u

Write Preview
Loading…
Cancel
Save