thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-19 16:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

do not allow no_pwd to co-exist with other auth methods

Browse Source
This commit is contained in:
Arthur Passos 2024-07-10 09:11:02 -03:00
parent acc2249288
commit 91e8ef6776
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Parsers/Access/ParserCreateUserQuery.cpp
View File

@ -523,6 +523,13 @@ bool ParserCreateUserQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec
if (parsed_add_new_method)
{
if (add_new_auth_method->type == AuthenticationType::NO_PASSWORD)
{
throw Exception(ErrorCodes::BAD_ARGUMENTS, "The authentication method 'no_password' cannot be used with the ADD keyword. "
"Use 'ALTER USER xyz IDENTIFIED WITH no_password' to replace existing authentication methods");
}
auth_data.push_back(add_new_auth_method);
continue;
}

5
tests/queries/0_stateless/03174_add_identified_with.reference
View File

@ -40,7 +40,10 @@ Add identified with
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
Try to provide no_password mixed with other authentication methods, should not be allowed
BAD_ARGUMENTS
Adding no_password, should drop existing auth method
Adding no_password, should fail
BAD_ARGUMENTS
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
Replacing existing authentication methods in favor of no_password, should succeed
CREATE USER u01_03174 IDENTIFIED WITH no_password
Trying to auth with no pwd, should succeed
1

8
tests/queries/0_stateless/03174_add_identified_with.sh
View File

@ -115,8 +115,12 @@ ${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
echo "Try to provide no_password mixed with other authentication methods, should not be allowed"
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password by '8' ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
echo "Adding no_password, should drop existing auth method"
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH no_password"
echo "Adding no_password, should fail"
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
echo "Replacing existing authentication methods in favor of no_password, should succeed"
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH no_password"
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
echo "Trying to auth with no pwd, should succeed"