From 41c95e65ff00164c4aefd0fd46cf31fbd2ed3556 Mon Sep 17 00:00:00 2001
From: robot-clickhouse <robot-clickhouse@users.noreply.github.com>
Date: Tue, 1 Oct 2024 20:07:16 +0000
Subject: [PATCH] Backport #70148 to 24.8: Fix bcrypt password being displayed
 in system.query_log

---
 src/Parsers/Access/ASTAuthenticationData.cpp          |  3 ++-
 tests/queries/0_stateless/01292_create_user.reference |  1 +
 tests/queries/0_stateless/01292_create_user.sql       | 11 +++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Parsers/Access/ASTAuthenticationData.cpp b/src/Parsers/Access/ASTAuthenticationData.cpp
index 386ed900960..52923df8f17 100644
--- a/src/Parsers/Access/ASTAuthenticationData.cpp
+++ b/src/Parsers/Access/ASTAuthenticationData.cpp
@@ -219,7 +219,8 @@ bool ASTAuthenticationData::hasSecretParts() const
     auto auth_type = *type;
     if ((auth_type == AuthenticationType::PLAINTEXT_PASSWORD)
         || (auth_type == AuthenticationType::SHA256_PASSWORD)
-        || (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD))
+        || (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD)
+        || (auth_type == AuthenticationType::BCRYPT_PASSWORD))
         return true;
 
     return childrenHaveSecretParts();
diff --git a/tests/queries/0_stateless/01292_create_user.reference b/tests/queries/0_stateless/01292_create_user.reference
index d5841a74a2c..b249df438e1 100644
--- a/tests/queries/0_stateless/01292_create_user.reference
+++ b/tests/queries/0_stateless/01292_create_user.reference
@@ -117,3 +117,4 @@ u4_01292	local_directory	double_sha1_password	{}	['::/0']	[]	[]	[]	1	[]	['r1_012
 \N	u4_01292	\N	0	\N	\N	\N	\N	\N	default
 \N	u4_01292	\N	1	max_memory_usage	5000000	\N	\N	\N	\N
 \N	u4_01292	\N	2	readonly	1	\N	\N	\N	\N
+-- no passwords or hashes in query_log
diff --git a/tests/queries/0_stateless/01292_create_user.sql b/tests/queries/0_stateless/01292_create_user.sql
index 46808aec1ef..974885219ff 100644
--- a/tests/queries/0_stateless/01292_create_user.sql
+++ b/tests/queries/0_stateless/01292_create_user.sql
@@ -233,3 +233,14 @@ SELECT * FROM system.settings_profile_elements WHERE user_name LIKE 'u%\_01292'
 DROP USER u1_01292, u2_01292, u3_01292, u4_01292, u5_01292;
 
 DROP ROLE r1_01292, r2_01292;
+
+SELECT '-- no passwords or hashes in query_log';
+SYSTEM FLUSH LOGS;
+SELECT query
+FROM system.query_log
+WHERE
+    query NOT LIKE '%query_log%' AND event_date >= yesterday() AND current_database = currentDatabase() AND
+    (query LIKE '%qwe123%' OR query LIKE '%123qwe%' OR
+    query LIKE '%18138372FAD4B94533CD4881F03DC6C69296DD897234E0CEE83F727E2E6B1F63%' OR
+    query LIKE '%8DCDD69CE7D121DE8013062AEAEB2A148910D50E%' OR
+    query like '%$2a$12$rz5iy2LhuwBezsM88ZzWiemOVUeJ94xHTzwAlLMDhTzwUxOHaY64q%');