Merge pull request #70243 from ClickHouse/backport/24.8/70148

Backport #70148 to 24.8: Fix bcrypt password being displayed in system.query_log

src/Parsers/Access/ASTAuthenticationData.cpp

@@ -219,7 +219,8 @@ bool ASTAuthenticationData::hasSecretParts() const
     auto auth_type = *type;
     if ((auth_type == AuthenticationType::PLAINTEXT_PASSWORD)
         || (auth_type == AuthenticationType::SHA256_PASSWORD)
-        || (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD))
+        || (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD)
+        || (auth_type == AuthenticationType::BCRYPT_PASSWORD))
         return true;
 
     return childrenHaveSecretParts();

tests/queries/0_stateless/01292_create_user.reference

@@ -117,3 +117,4 @@ u4_01292	local_directory	double_sha1_password	{}	['::/0']	[]	[]	[]	1	[]	['r1_012
 \N	u4_01292	\N	0	\N	\N	\N	\N	\N	default
 \N	u4_01292	\N	1	max_memory_usage	5000000	\N	\N	\N	\N
 \N	u4_01292	\N	2	readonly	1	\N	\N	\N	\N
+-- no passwords or hashes in query_log

tests/queries/0_stateless/01292_create_user.sql

@@ -233,3 +233,14 @@ SELECT * FROM system.settings_profile_elements WHERE user_name LIKE 'u%\_01292'
 DROP USER u1_01292, u2_01292, u3_01292, u4_01292, u5_01292;
 
 DROP ROLE r1_01292, r2_01292;
+
+SELECT '-- no passwords or hashes in query_log';
+SYSTEM FLUSH LOGS;
+SELECT query
+FROM system.query_log
+WHERE
+    query NOT LIKE '%query_log%' AND event_date >= yesterday() AND current_database = currentDatabase() AND
+    (query LIKE '%qwe123%' OR query LIKE '%123qwe%' OR
+    query LIKE '%18138372FAD4B94533CD4881F03DC6C69296DD897234E0CEE83F727E2E6B1F63%' OR
+    query LIKE '%8DCDD69CE7D121DE8013062AEAEB2A148910D50E%' OR
+    query like '%$2a$12$rz5iy2LhuwBezsM88ZzWiemOVUeJ94xHTzwAlLMDhTzwUxOHaY64q%');