fix password caching issue

influxdata · Jan 16, 2014 · 028f9b1 · 028f9b1
1 parent 44840ed
commit 028f9b1
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 7 deletions.
diff --git a/src/coordinator/coordinator.go b/src/coordinator/coordinator.go
@@ -1043,7 +1043,7 @@ func (self *CoordinatorImpl) CreateClusterAdminUser(requester common.User, usern
 		return fmt.Errorf("User %s already exists", username)
 	}
 
-	return self.raftServer.SaveClusterAdminUser(&clusterAdmin{CommonUser{Name: username}})
+	return self.raftServer.SaveClusterAdminUser(&clusterAdmin{CommonUser{Name: username, CacheKey: username}})
 }
 
 func (self *CoordinatorImpl) DeleteClusterAdminUser(requester common.User, username string) error {
@@ -1098,7 +1098,7 @@ func (self *CoordinatorImpl) CreateDbUser(requester common.User, db, username st
 	}
 	matchers := []*Matcher{&Matcher{true, ".*"}}
 	log.Debug("(raft:%s) Creating uesr %s:%s", self.raftServer.(*RaftServer).raftServer.Name(), db, username)
-	return self.raftServer.SaveDbUser(&dbUser{CommonUser{Name: username}, db, matchers, matchers, false})
+	return self.raftServer.SaveDbUser(&dbUser{CommonUser{Name: username, CacheKey: db + "%" + username}, db, matchers, matchers, false})
 }
 
 func (self *CoordinatorImpl) DeleteDbUser(requester common.User, db, username string) error {

diff --git a/src/coordinator/raft_server.go b/src/coordinator/raft_server.go
@@ -180,7 +180,7 @@ func (s *RaftServer) SaveClusterAdminUser(u *clusterAdmin) error {
 }
 
 func (s *RaftServer) CreateRootUser() error {
-	u := &clusterAdmin{CommonUser{"root", "", false}}
+	u := &clusterAdmin{CommonUser{"root", "", false, "root"}}
 	hash, _ := hashPassword(DEFAULT_ROOT_PWD)
 	u.changePassword(string(hash))
 	return s.SaveClusterAdminUser(u)

diff --git a/src/coordinator/user.go b/src/coordinator/user.go
@@ -29,6 +29,7 @@ type CommonUser struct {
 	Name          string `json:"name"`
 	Hash          string `json:"hash"`
 	IsUserDeleted bool   `json:"is_deleted"`
+	CacheKey      string `json:"cache_key"`
 }
 
 func (self *CommonUser) GetName() string {
@@ -41,18 +42,18 @@ func (self *CommonUser) IsDeleted() bool {
 
 func (self *CommonUser) changePassword(hash string) error {
 	self.Hash = hash
-	userCache.Delete(self.Name)
+	userCache.Delete(self.CacheKey)
 	return nil
 }
 
 func (self *CommonUser) isValidPwd(password string) bool {
-	if pwd, ok := userCache.Get(self.Name); ok {
+	if pwd, ok := userCache.Get(self.CacheKey); ok {
 		return password == pwd.(string)
 	}
 
 	isValid := bcrypt.CompareHashAndPassword([]byte(self.Hash), []byte(password)) == nil
 	if isValid {
-		userCache.Set(self.Name, password, 0)
+		userCache.Set(self.CacheKey, password, 0)
 	}
 	return isValid
 }

diff --git a/src/coordinator/user_test.go b/src/coordinator/user_test.go
@@ -12,7 +12,7 @@ var _ = Suite(&UserSuite{})
 var root common.User
 
 func (self *UserSuite) SetUpSuite(c *C) {
-	user := &clusterAdmin{CommonUser{"root", "", false}}
+	user := &clusterAdmin{CommonUser{"root", "", false, "root"}}
 	c.Assert(user.changePassword("password"), IsNil)
 	root = user
 }

diff --git a/src/integration/server_test.go b/src/integration/server_test.go
@@ -253,6 +253,15 @@ func (self *ServerSuite) TestInvalidUserNameAndDbName(c *C) {
 	c.Assert(resp.StatusCode, Not(Equals), http.StatusOK)
 }
 
+func (self *ServerSuite) TestShouldNotResetRootsPassword(c *C) {
+	resp := self.serverProcesses[0].Post("/db/dummy_db/users?u=root&p=root", "{\"name\":\"root\", \"password\":\"pass\"}", c)
+	c.Assert(resp.StatusCode, Equals, http.StatusOK)
+	resp = self.serverProcesses[0].Request("GET", "/db/dummy_db/authenticate?u=root&p=pass", "", c)
+	c.Assert(resp.StatusCode, Equals, http.StatusOK)
+	resp = self.serverProcesses[0].Request("GET", "/cluster_admins/authenticate?u=root&p=root", "", c)
+	c.Assert(resp.StatusCode, Equals, http.StatusOK)
+}
+
 func (self *ServerSuite) TestDeleteReplication(c *C) {
 	data := `
   [{