diff --git a/src/Parsers/Access/ParserCreateUserQuery.cpp b/src/Parsers/Access/ParserCreateUserQuery.cpp index c36dc48e7a3..466fd544c63 100644 --- a/src/Parsers/Access/ParserCreateUserQuery.cpp +++ b/src/Parsers/Access/ParserCreateUserQuery.cpp @@ -561,6 +561,11 @@ bool ParserCreateUserQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec if (!reset_authentication_methods_to_new.has_value()) { reset_authentication_methods_to_new = parseResetAuthenticationMethods(pos, expected); + + if (reset_authentication_methods_to_new.value() && !alter) + { + throw Exception(ErrorCodes::BAD_ARGUMENTS, "RESET AUTHENTICATION METHODS TO NEW can only be used on ALTER statement"); + } } if (!valid_until) diff --git a/tests/queries/0_stateless/03174_multiple_authentication_methods.reference b/tests/queries/0_stateless/03174_multiple_authentication_methods.reference index f30a9566c68..8cdc1f9d613 100644 --- a/tests/queries/0_stateless/03174_multiple_authentication_methods.reference +++ b/tests/queries/0_stateless/03174_multiple_authentication_methods.reference @@ -51,3 +51,5 @@ Trailing comma should result in syntax error SYNTAX_ERROR First auth method can't specify type if WITH keyword is not present SYNTAX_ERROR +RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement +BAD_ARGUMENTS diff --git a/tests/queries/0_stateless/03174_multiple_authentication_methods.sh b/tests/queries/0_stateless/03174_multiple_authentication_methods.sh index 2945d072583..5e4c5048d55 100755 --- a/tests/queries/0_stateless/03174_multiple_authentication_methods.sh +++ b/tests/queries/0_stateless/03174_multiple_authentication_methods.sh @@ -144,4 +144,7 @@ ${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_p echo "First auth method can't specify type if WITH keyword is not present" ${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED plaintext_password by '1'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" +echo "RESET AUTHENTICATION METHODS TO NEW can only be used on alter statement" +${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} RESET AUTHENTICATION METHODS TO NEW" 2>&1 | grep -m1 -o "BAD_ARGUMENTS" + ${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"