mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-19 16:20:50 +00:00
do not allow no_pwd to co-exist with other auth methods
This commit is contained in:
parent
acc2249288
commit
91e8ef6776
@ -523,6 +523,13 @@ bool ParserCreateUserQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expec
|
||||
|
||||
if (parsed_add_new_method)
|
||||
{
|
||||
if (add_new_auth_method->type == AuthenticationType::NO_PASSWORD)
|
||||
{
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS, "The authentication method 'no_password' cannot be used with the ADD keyword. "
|
||||
"Use 'ALTER USER xyz IDENTIFIED WITH no_password' to replace existing authentication methods");
|
||||
|
||||
}
|
||||
|
||||
auth_data.push_back(add_new_auth_method);
|
||||
continue;
|
||||
}
|
||||
|
@ -40,7 +40,10 @@ Add identified with
|
||||
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
|
||||
Try to provide no_password mixed with other authentication methods, should not be allowed
|
||||
BAD_ARGUMENTS
|
||||
Adding no_password, should drop existing auth method
|
||||
Adding no_password, should fail
|
||||
BAD_ARGUMENTS
|
||||
CREATE USER u01_03174 IDENTIFIED WITH plaintext_password
|
||||
Replacing existing authentication methods in favor of no_password, should succeed
|
||||
CREATE USER u01_03174 IDENTIFIED WITH no_password
|
||||
Trying to auth with no pwd, should succeed
|
||||
1
|
||||
|
@ -115,8 +115,12 @@ ${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
echo "Try to provide no_password mixed with other authentication methods, should not be allowed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password by '8' ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
|
||||
echo "Adding no_password, should drop existing auth method"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH no_password"
|
||||
echo "Adding no_password, should fail"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH no_password" 2>&1 | grep -m1 -o "BAD_ARGUMENTS"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
echo "Replacing existing authentication methods in favor of no_password, should succeed"
|
||||
${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH no_password"
|
||||
${CLICKHOUSE_CLIENT} --query "SHOW CREATE USER ${user}"
|
||||
|
||||
echo "Trying to auth with no pwd, should succeed"
|
||||
|
Loading…
Reference in New Issue
Block a user