Skip to content

Commit 53877ce

Browse files
flown4qqqqflown4qqqq
authored
Merge 07fcfb5 into a084e85 
2 parents a084e85 + 07fcfb5 commit 53877ce

File tree

17 files changed

+666
-42
lines changed

17 files changed

+666
-42
lines changed

ydb/core/kqp/gateway/kqp_ic_gateway.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1381,6 +1381,7 @@ class TKikimrIcGateway : public IKqpGateway {
13811381
createUser.SetUser(settings.UserName);
13821382
if (settings.Password) {
13831383
createUser.SetPassword(settings.Password);
1384+
createUser.SetIsHashedPassword(settings.IsHashedPassword);
13841385
}
13851386

13861387
createUser.SetCanLogin(settings.CanLogin);
@@ -1427,6 +1428,7 @@ class TKikimrIcGateway : public IKqpGateway {
14271428

14281429
if (settings.Password.has_value()) {
14291430
alterUser.SetPassword(settings.Password.value());
1431+
alterUser.SetIsHashedPassword(settings.IsHashedPassword);
14301432
}
14311433

14321434
if (settings.CanLogin.has_value()) {

ydb/core/kqp/host/kqp_gateway_proxy.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1508,6 +1508,7 @@ class TKqpGatewayProxy : public IKikimrGateway {
15081508
createUser.SetUser(settings.UserName);
15091509
if (settings.Password) {
15101510
createUser.SetPassword(settings.Password);
1511+
createUser.SetIsHashedPassword(settings.IsHashedPassword);
15111512
}
15121513

15131514
createUser.SetCanLogin(settings.CanLogin);
@@ -1547,6 +1548,7 @@ class TKqpGatewayProxy : public IKikimrGateway {
15471548

15481549
if (settings.Password.has_value()) {
15491550
alterUser.SetPassword(settings.Password.value());
1551+
alterUser.SetIsHashedPassword(settings.IsHashedPassword);
15501552
}
15511553

15521554
if (settings.CanLogin.has_value()) {

ydb/core/kqp/provider/yql_kikimr_exec.cpp

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,10 @@ namespace {
112112
} else if (name == "nullPassword") {
113113
// Default value
114114
} else if (name == "passwordEncrypted") {
115-
createUserSettings.PasswordEncrypted = true;
115+
// PasswordEncrypted is never used
116+
} else if (name == "hash") {
117+
createUserSettings.IsHashedPassword = true;
118+
createUserSettings.Password = setting.Value().Cast<TCoAtom>().StringValue();
116119
} else if (name == "login") {
117120
createUserSettings.CanLogin = true;
118121
} else if (name == "noLogin") {
@@ -133,7 +136,10 @@ namespace {
133136
} else if (name == "nullPassword") {
134137
alterUserSettings.Password = TString();
135138
} else if (name == "passwordEncrypted") {
136-
alterUserSettings.PasswordEncrypted = true;
139+
// PasswordEncrypted is never used
140+
} else if (name == "hash") {
141+
alterUserSettings.IsHashedPassword = true;
142+
alterUserSettings.Password = setting.Value().Cast<TCoAtom>().StringValue();
137143
} else if (name == "login") {
138144
alterUserSettings.CanLogin = true;
139145
} else if (name == "noLogin") {

ydb/core/kqp/provider/yql_kikimr_gateway.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -661,7 +661,7 @@ struct TKikimrTableMetadata : public TThrRefBase {
661661
struct TCreateUserSettings {
662662
TString UserName;
663663
TString Password;
664-
bool PasswordEncrypted = false;
664+
bool IsHashedPassword = false;
665665
bool CanLogin;
666666
};
667667

@@ -681,7 +681,7 @@ struct TModifyPermissionsSettings {
681681
struct TAlterUserSettings {
682682
TString UserName;
683683
std::optional<TString> Password;
684-
bool PasswordEncrypted = false;
684+
bool IsHashedPassword = false;
685685
std::optional<bool> CanLogin;
686686
};
687687

ydb/core/kqp/provider/yql_kikimr_type_ann.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1894,6 +1894,7 @@ virtual TStatus HandleCreateTable(TKiCreateTable create, TExprContext& ctx) over
18941894
virtual TStatus HandleCreateUser(TKiCreateUser node, TExprContext& ctx) override {
18951895
const THashSet<TString> supportedSettings = {
18961896
"password",
1897+
"hash",
18971898
"passwordEncrypted",
18981899
"nullPassword",
18991900
"login",
@@ -1909,7 +1910,7 @@ virtual TStatus HandleCreateTable(TKiCreateTable create, TExprContext& ctx) over
19091910
return TStatus::Error;
19101911
}
19111912

1912-
if (name == "password") {
1913+
if (name == "password" || name == "hash") {
19131914
if (!EnsureAtom(setting.Value().Ref(), ctx)) {
19141915
return TStatus::Error;
19151916
}
@@ -1933,6 +1934,7 @@ virtual TStatus HandleCreateTable(TKiCreateTable create, TExprContext& ctx) over
19331934
virtual TStatus HandleAlterUser(TKiAlterUser node, TExprContext& ctx) override {
19341935
const THashSet<TString> supportedSettings = {
19351936
"password",
1937+
"hash",
19361938
"passwordEncrypted",
19371939
"nullPassword",
19381940
"login",
@@ -1948,7 +1950,7 @@ virtual TStatus HandleCreateTable(TKiCreateTable create, TExprContext& ctx) over
19481950
return TStatus::Error;
19491951
}
19501952

1951-
if (name == "password") {
1953+
if (name == "password" || name == "hash") {
19521954
if (!EnsureAtom(setting.Value().Ref(), ctx)) {
19531955
return TStatus::Error;
19541956
}

ydb/core/kqp/ut/scheme/kqp_scheme_ut.cpp

Lines changed: 229 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3366,6 +3366,235 @@ Y_UNIT_TEST_SUITE(KqpScheme) {
33663366
}
33673367
}
33683368

3369+
Y_UNIT_TEST(CreateAlterUserWithHash) {
3370+
TKikimrRunner kikimr;
3371+
auto db = kikimr.GetTableClient();
3372+
auto session = db.CreateSession().GetValueSync().GetSession();
3373+
3374+
{
3375+
auto query = TStringBuilder() << R"(
3376+
--!syntax_v1
3377+
CREATE USER user1 HASH '{
3378+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3379+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3380+
"type": "argon2id"
3381+
}';
3382+
)";
3383+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3384+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::SUCCESS, result.GetIssues().ToString());
3385+
}
3386+
{
3387+
auto query = TStringBuilder() << R"(
3388+
--!syntax_v1
3389+
CREATE USER user2 HASH '{
3390+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3391+
"salt": "wrongSaltLength",
3392+
"type": "argon2id"
3393+
}';
3394+
)";
3395+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3396+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3397+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Length of field \'salt\' is 15, but it must be equal 24");
3398+
}
3399+
{
3400+
auto query = TStringBuilder() << R"(
3401+
--!syntax_v1
3402+
CREATE USER user3 HASH '{
3403+
"hash": "wrongHashLength",
3404+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3405+
"type": "argon2id"
3406+
}';
3407+
)";
3408+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3409+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3410+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Length of field \'hash\' is 15, but it must be equal 44");
3411+
}
3412+
{
3413+
auto query = TStringBuilder() << R"(
3414+
--!syntax_v1
3415+
CREATE USER user4 HASH '{
3416+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3417+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3418+
"type": "wrongtype"
3419+
}';
3420+
)";
3421+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3422+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3423+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'type\' must be equal \"argon2id\"");
3424+
}
3425+
3426+
{
3427+
auto query = TStringBuilder() << R"(
3428+
--!syntax_v1
3429+
CREATE USER user5 HASH '{{{{}}}
3430+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3431+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3432+
"type": "argon2id"
3433+
';
3434+
)";
3435+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3436+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3437+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Cannot parse hash value; it should be in JSON-format");
3438+
}
3439+
3440+
{
3441+
auto query = TStringBuilder() << R"(
3442+
--!syntax_v1
3443+
CREATE USER user6 HASH '{
3444+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3445+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3446+
"type": "argon2id",
3447+
"some_strange_field": "some_strange_value"
3448+
}';
3449+
)";
3450+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3451+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3452+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "There should be strictly three fields here: salt, hash and type");
3453+
}
3454+
{
3455+
auto query = TStringBuilder() << R"(
3456+
--!syntax_v1
3457+
CREATE USER user7 HASH '{
3458+
"hash": "Field not in base64format but with 44 length",
3459+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3460+
"type": "argon2id"
3461+
}';
3462+
)";
3463+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3464+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3465+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'hash\' must be in base64 format");
3466+
}
3467+
{
3468+
auto query = TStringBuilder() << R"(
3469+
--!syntax_v1
3470+
CREATE USER user8 HASH '{
3471+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3472+
"salt": "Not in base64 format =) ",
3473+
"type": "argon2id"
3474+
}';
3475+
)";
3476+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3477+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3478+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'salt\' must be in base64 format");
3479+
}
3480+
3481+
3482+
{
3483+
auto query = TStringBuilder() << R"(
3484+
--!syntax_v1
3485+
CREATE USER user9;
3486+
ALTER USER user9 HASH '{
3487+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3488+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3489+
"type": "argon2id"
3490+
}';
3491+
)";
3492+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3493+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::SUCCESS, result.GetIssues().ToString());
3494+
}
3495+
{
3496+
auto query = TStringBuilder() << R"(
3497+
--!syntax_v1
3498+
CREATE USER user10;
3499+
ALTER USER user10 HASH '{
3500+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3501+
"salt": "wrongSaltLength",
3502+
"type": "argon2id"
3503+
}';
3504+
)";
3505+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3506+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3507+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Length of field \'salt\' is 15, but it must be equal 24");
3508+
}
3509+
{
3510+
auto query = TStringBuilder() << R"(
3511+
--!syntax_v1
3512+
CREATE USER user11;
3513+
ALTER USER user11 HASH '{
3514+
"hash": "wrongHashLength",
3515+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3516+
"type": "argon2id"
3517+
}';
3518+
)";
3519+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3520+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3521+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Length of field \'hash\' is 15, but it must be equal 44");
3522+
}
3523+
{
3524+
auto query = TStringBuilder() << R"(
3525+
--!syntax_v1
3526+
CREATE USER user12;
3527+
ALTER USER user12 HASH '{
3528+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3529+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3530+
"type": "wrongtype"
3531+
}';
3532+
)";
3533+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3534+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3535+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'type\' must be equal \"argon2id\"");
3536+
}
3537+
3538+
{
3539+
auto query = TStringBuilder() << R"(
3540+
--!syntax_v1
3541+
CREATE USER user13;
3542+
ALTER USER user13 HASH '{{{{}}}
3543+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3544+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3545+
"type": "argon2id"
3546+
';
3547+
)";
3548+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3549+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3550+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Cannot parse hash value; it should be in JSON-format");
3551+
}
3552+
3553+
{
3554+
auto query = TStringBuilder() << R"(
3555+
--!syntax_v1
3556+
CREATE USER user14;
3557+
ALTER USER user14 HASH '{
3558+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3559+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3560+
"type": "argon2id",
3561+
"some_strange_field": "some_strange_value"
3562+
}';
3563+
)";
3564+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3565+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3566+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "There should be strictly three fields here: salt, hash and type");
3567+
}
3568+
{
3569+
auto query = TStringBuilder() << R"(
3570+
--!syntax_v1
3571+
CREATE USER user15;
3572+
ALTER USER user15 HASH '{
3573+
"hash": "Field not in base64format but with 44 length",
3574+
"salt": "U+tzBtgo06EBQCjlARA6Jg==",
3575+
"type": "argon2id"
3576+
}';
3577+
)";
3578+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3579+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3580+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'hash\' must be in base64 format");
3581+
}
3582+
{
3583+
auto query = TStringBuilder() << R"(
3584+
--!syntax_v1
3585+
CREATE USER user16;
3586+
ALTER USER user16 HASH '{
3587+
"hash": "p4ffeMugohqyBwyckYCK1TjJfz3LIHbKiGL+t+oEhzw=",
3588+
"salt": "Not in base64 format =) ",
3589+
"type": "argon2id"
3590+
}';
3591+
)";
3592+
auto result = session.ExecuteSchemeQuery(query).GetValueSync();
3593+
UNIT_ASSERT_VALUES_EQUAL_C(result.GetStatus(), EStatus::PRECONDITION_FAILED, result.GetIssues().ToString());
3594+
UNIT_ASSERT_STRING_CONTAINS(result.GetIssues().ToString(), "Field \'salt\' must be in base64 format");
3595+
}
3596+
}
3597+
33693598
Y_UNIT_TEST(CreateAlterUserLoginNoLogin) {
33703599
TKikimrRunner kikimr;
33713600
auto db = kikimr.GetTableClient();

ydb/core/protos/flat_scheme_op.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -850,12 +850,14 @@ message TLoginCreateUser {
850850
optional string User = 1;
851851
optional string Password = 2;
852852
optional bool CanLogin = 3 [default = true];
853+
optional bool IsHashedPassword = 4 [default = false];
853854
}
854855

855856
message TLoginModifyUser {
856857
optional string User = 1;
857858
optional string Password = 2;
858859
optional bool CanLogin = 3;
860+
optional bool IsHashedPassword = 4 [default = false];
859861
}
860862

861863
message TLoginRemoveUser {

ydb/core/tx/schemeshard/schemeshard__operation_alter_login.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ class TAlterLogin: public TSubOperationBase {
3737
request.User = createUser.GetUser();
3838
request.Password = createUser.GetPassword();
3939
request.CanLogin = createUser.GetCanLogin();
40+
request.IsHashedPassword = createUser.GetIsHashedPassword();
4041

4142
auto response = context.SS->LoginProvider.CreateUser(request);
4243

@@ -73,6 +74,7 @@ class TAlterLogin: public TSubOperationBase {
7374

7475
if (modifyUser.HasPassword()) {
7576
request.Password = modifyUser.GetPassword();
77+
request.IsHashedPassword = modifyUser.GetIsHashedPassword();
7678
}
7779

7880
if (modifyUser.HasCanLogin()) {

0 commit comments

Comments
 (0)