This is an automated email from the ASF dual-hosted git repository.
xxyu pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 8138fe481edcfe44a9a31c0c4a43016c3b2e6173
Author: KmCherry0 <86766775+kmcher...@users.noreply.github.com>
AuthorDate: Thu Oct 13 15:18:27 2022 +0800
KYLIN-5338 Add verification to the parameters about update password
---
.../main/java/org/apache/kylin/rest/controller/NUserController.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git
a/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
b/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
index ac0b6e18ce..37b64a1917 100644
---
a/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
+++
b/src/metadata-server/src/main/java/org/apache/kylin/rest/controller/NUserController.java
@@ -427,8 +427,6 @@ public class NUserController extends NBasicController
implements ApplicationList
throw new KylinException(PERMISSION_DENIED,
msg.getPermissionDenied());
}
accessService.checkDefaultAdmin(username, true);
- val oldPassword =
pwdBase64Decode(StringUtils.isEmpty(user.getPassword()) ? StringUtils.EMPTY :
user.getPassword());
- val newPassword = pwdBase64Decode(user.getNewPassword());
checkUsername(username);
@@ -447,6 +445,9 @@ public class NUserController extends NBasicController
implements ApplicationList
}
checkRequiredArg("new_password", user.getNewPassword());
+ val newPassword =
pwdBase64Decode(StringUtils.isEmpty(user.getNewPassword()) ? StringUtils.EMPTY
: user.getNewPassword());
+ checkPasswordLength(newPassword);
+ checkPasswordCharacter(newPassword);
if (newPassword.equals(oldPassword)) {
throw new KylinException(FAILED_UPDATE_PASSWORD,
msg.getNewPasswordSameAsOld());
