Skip to content

Commit

Permalink
[Bug] Disabled users are able to login
Browse files Browse the repository at this point in the history
  • Loading branch information
@arshadmohammad
arshadmohammad committed Jan 14, 2025
1 parent f07fe97 commit 4429dec
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 4 deletions.
2 changes: 1 addition & 1 deletion ...erver/seatunnel-app/src/main/resources/org/apache/seatunnel/app/dal/mapper/UserMapper.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
select
<include refid="Base_Column_List"/>
from `user`
where username = #{username,jdbcType=VARCHAR} and password = #{password,jdbcType=VARCHAR}
where status = 0 and username = #{username,jdbcType=VARCHAR} and password = #{password,jdbcType=VARCHAR}
</select>
<select id="queryEnabledUsers" resultType="org.apache.seatunnel.app.dal.entity.User">
select
Expand Down
4 changes: 2 additions & 2 deletions ...el-server-common/src/main/java/org/apache/seatunnel/server/common/SeatunnelErrorEnum.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ public enum SeatunnelErrorEnum {

USERNAME_PASSWORD_NO_MATCHED(
10007,
"username and password no matched",
"The user name and password do not match, please check your input"),
"username and password no matched or user is disabled.",
"The user name and password do not match or user is disabled, please check your input"),

TOKEN_ILLEGAL(10008, "token illegal", "The token is expired or invalid, please login again."),
NO_SUCH_JOB(10009, "no such job", "No such job. Maybe deleted by others."),
Expand Down
2 changes: 1 addition & 1 deletion seatunnel-web-it/src/test/java/org/apache/seatunnel/app/common/SeatunnelWebTestingBase.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
public class SeatunnelWebTestingBase {
protected final String baseUrl = "http://localhost:8802/seatunnel/api/v1";

protected Result<UserSimpleInfoRes> login(UserLoginReq userLoginReq) {
public Result<UserSimpleInfoRes> login(UserLoginReq userLoginReq) {
String requestBody = JsonUtils.toJsonString(userLoginReq);
String response = sendRequest(url("user/login"), requestBody, "POST");
return JSONTestUtils.parseObject(
Expand Down
35 changes: 35 additions & 0 deletions seatunnel-web-it/src/test/java/org/apache/seatunnel/app/test/UserControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,17 @@
import org.apache.seatunnel.app.controller.UserControllerWrapper;
import org.apache.seatunnel.app.domain.request.user.AddUserReq;
import org.apache.seatunnel.app.domain.request.user.UpdateUserReq;
import org.apache.seatunnel.app.domain.request.user.UserLoginReq;
import org.apache.seatunnel.app.domain.response.user.AddUserRes;
import org.apache.seatunnel.app.domain.response.user.UserSimpleInfoRes;
import org.apache.seatunnel.server.common.SeatunnelErrorEnum;

import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

Expand Down Expand Up @@ -95,6 +100,36 @@ public void listUsers_shouldReturnUsers_whenUsersExist() {
assertNotNull(result.getData());
}

@Test
public void disabledUser_shouldNotBeAbleToLogin() {
String user = "disabledUser" + uniqueId;
String pass = "pass4";
AddUserReq addUserReq = getAddUserReq(user, pass);
Result<AddUserRes> result = userControllerWrapper.addUser(addUserReq);
assertTrue(result.isSuccess());

// Disable the user
UpdateUserReq updateUserReq = new UpdateUserReq();
updateUserReq.setUsername(user);
updateUserReq.setUserId(result.getData().getId());
updateUserReq.setPassword(pass);
updateUserReq.setStatus((byte) 1);
updateUserReq.setType((byte) 0);
Result<Void> disableUserResult =
userControllerWrapper.updateUser(
Long.toString(result.getData().getId()), updateUserReq);
assertTrue(disableUserResult.isSuccess());

// Attempt to login with the disabled user
UserLoginReq loginReq = new UserLoginReq();
loginReq.setUsername(user);
loginReq.setPassword(pass);
Result<UserSimpleInfoRes> loginResult = userControllerWrapper.login(loginReq);
assertFalse(loginResult.isSuccess());
assertEquals(
SeatunnelErrorEnum.USERNAME_PASSWORD_NO_MATCHED.getCode(), loginResult.getCode());
}

@AfterAll
public static void tearDown() {
Result<Void> logout = userControllerWrapper.logout();
Expand Down

0 comments on commit 4429dec

Please sign in to comment.