Browse Source

[Improvement][security] get-user-info API endpoint should not return the user's password in MD5 format (#14680)

* [Improvement][security] get-user-info API endpoint should not return the user's password in MD5 format

Signed-off-by: Gallardot <gallardot@apache.org>

* [Improvement][security] list-paging API endpoint should not return the user's password in MD5 format

Signed-off-by: Gallardot <gallardot@apache.org>

---------

Signed-off-by: Gallardot <gallardot@apache.org>
Co-authored-by: Aaron Wang <wangweirao16@gmail.com>
3.2.1-prepare
Gallardot 1 year ago committed by GitHub
parent
commit
a826ed2c1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
  2. 2
      dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml

3
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java

@ -1086,6 +1086,9 @@ public class UsersServiceImpl extends BaseServiceImpl implements UsersService {
user.setTimeZone(TimeZone.getDefault().toZoneId().getId()); user.setTimeZone(TimeZone.getDefault().toZoneId().getId());
} }
// remove password
user.setUserPassword(null);
result.put(Constants.DATA_LIST, user); result.put(Constants.DATA_LIST, user);
putMsg(result, Status.SUCCESS); putMsg(result, Status.SUCCESS);

2
dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/UserMapper.xml

@ -48,7 +48,7 @@
where user_name=#{userName} and user_password = #{password} where user_name=#{userName} and user_password = #{password}
</select> </select>
<select id="queryUserPaging" resultType="org.apache.dolphinscheduler.dao.entity.User"> <select id="queryUserPaging" resultType="org.apache.dolphinscheduler.dao.entity.User">
select u.id,u.user_name,u.user_password,u.user_type,u.email,u.phone,u.tenant_id,u.create_time, select u.id,u.user_name,u.user_type,u.email,u.phone,u.tenant_id,u.create_time,
u.update_time,t.tenant_code,u.state, u.update_time,t.tenant_code,u.state,
case when u.queue <![CDATA[ <> ]]> '' then u.queue else q.queue_name end as queue, q.queue_name case when u.queue <![CDATA[ <> ]]> '' then u.queue else q.queue_name end as queue, q.queue_name
from t_ds_user u from t_ds_user u

Loading…
Cancel
Save