diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java index f76e90566a..4b374b98e4 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicy.java @@ -139,6 +139,10 @@ public class PasswordPolicy implements Writable { } } + public ExpirePolicy getExpirePolicy() { + return expirePolicy; + } + @Override public void write(DataOutput out) throws IOException { Text.writeString(out, GsonUtils.GSON.toJson(this)); @@ -209,6 +213,10 @@ public class PasswordPolicy implements Writable { this.passwordCreateTime = System.currentTimeMillis(); } + public void setPasswordCreateTime() { + this.passwordCreateTime = System.currentTimeMillis(); + } + private String expirationSecondsToString() { if (expirationSecond == -1) { return "DEFAULT"; diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicyManager.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicyManager.java index af72072e0c..a8eb45dbd6 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicyManager.java +++ b/fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/PasswordPolicyManager.java @@ -22,6 +22,7 @@ import org.apache.doris.analysis.UserIdentity; import org.apache.doris.common.AuthenticationException; import org.apache.doris.common.io.Text; import org.apache.doris.common.io.Writable; +import org.apache.doris.mysql.privilege.PasswordPolicy.ExpirePolicy; import org.apache.doris.persist.gson.GsonUtils; import com.google.common.collect.Lists; @@ -93,6 +94,12 @@ public class PasswordPolicyManager implements Writable { public void updatePassword(UserIdentity curUser, byte[] password) { PasswordPolicy passwordPolicy = getOrCreatePolicy(curUser); passwordPolicy.updatePassword(password); + + // Compatible with setting the password expiration time and changing the password again + ExpirePolicy expirePolicy = passwordPolicy.getExpirePolicy(); + if (expirePolicy.passwordCreateTime != 0) { + expirePolicy.setPasswordCreateTime(); + } } public List> getPolicyInfo(UserIdentity userIdent) { diff --git a/regression-test/suites/account_p0/test_alter_user.groovy b/regression-test/suites/account_p0/test_alter_user.groovy index d97c1243a0..445e701092 100644 --- a/regression-test/suites/account_p0/test_alter_user.groovy +++ b/regression-test/suites/account_p0/test_alter_user.groovy @@ -139,7 +139,7 @@ suite("test_alter_user", "account") { } sql """set global validate_password_policy=NONE""" - // 5. text expire + // 5. test expire sql """create user test_auth_user4 identified by '12345' PASSWORD_EXPIRE INTERVAL 5 SECOND""" sql """grant all on *.* to test_auth_user4""" result1 = connect(user = 'test_auth_user4', password = '12345', url = context.config.jdbcUrl) { @@ -160,5 +160,37 @@ suite("test_alter_user", "account") { result1 = connect(user = 'test_auth_user4', password = '12345', url = context.config.jdbcUrl) { sql 'select 1' } + + // 7. test after expire, reset password + sql """drop user test_auth_user4""" + sql """create user test_auth_user4 identified by '12345' PASSWORD_EXPIRE INTERVAL 5 SECOND""" + sql """grant all on *.* to test_auth_user4""" + result1 = connect(user = 'test_auth_user4', password = '12345', url = context.config.jdbcUrl) { + sql 'select 1' + } + sleep(6000) + sql """set password for 'test_auth_user4' = password('123')""" + result2 = connect(user = 'test_auth_user4', password = '123', url = context.config.jdbcUrl) { + sql 'select 1' + } + sleep(6000) + try { + connect(user = 'test_auth_user4', password = '123', url = context.config.jdbcUrl) {} + assertTrue(false. "should not be able to login") + } catch (Exception e) { + assertTrue(e.getMessage().contains("Your password has expired. To log in you must change it using a client that supports expired passwords."), e.getMessage()) + } + + // 8. test password not expiration + sql """drop user test_auth_user4""" + sql """create user test_auth_user4 identified by '12345'""" + sql """grant all on *.* to test_auth_user4""" + result1 = connect(user = 'test_auth_user4', password = '12345', url = context.config.jdbcUrl) { + sql 'select 1' + } + sleep(1000) + result2 = connect(user = 'test_auth_user4', password = '12345', url = context.config.jdbcUrl) { + sql 'select 1' + } }