Skip to content

*: support password validation options and variables#38953

Merged
ti-chi-bot merged 33 commits intopingcap:masterfrom
CbcWestwolf:validate_password
Nov 24, 2022
Merged

*: support password validation options and variables#38953
ti-chi-bot merged 33 commits intopingcap:masterfrom
CbcWestwolf:validate_password

Conversation

@CbcWestwolf
Copy link
Member

@CbcWestwolf CbcWestwolf commented Nov 7, 2022
edited
Loading

What problem does this PR solve?

Issue Number: close #38928 #38924

Problem Summary:

We need to improve the compatibility with MySQL in password validation.

What is changed and how it works?

Most of the feature is the same as MySQL's, except that:

  1. Since TiDB does not have a mechanism like components in MySQL, we add a new global variable validate_password.enable to turn on/off the validation.
  2. We introduce validate_password.dictionary instead of validate_password.dictionary_file, since it is hard to upload the dictionary file to the tidb-servers's local file systems.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

1. support password validation when `create user`, `alter user` and `set password`
3. introduce system variables about password validation
4. support system function `validate_password_strength`

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Nov 7, 2022
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • bb7133
  • wjhuang2016

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Details

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/invalid-title do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 7, 2022
@CbcWestwolf CbcWestwolf changed the title Add system variables *: support password validation options and variables Nov 7, 2022
@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 8, 2022
@ti-chi-bot ti-chi-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 8, 2022
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Nov 9, 2022
@CbcWestwolf CbcWestwolf marked this pull request as ready for review November 9, 2022 08:39
@CbcWestwolf CbcWestwolf requested a review from a team as a code owner November 9, 2022 08:39
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 9, 2022
@CbcWestwolf
Copy link
Member Author

CbcWestwolf commented Nov 9, 2022

/cc wjhuang2016 xhebox

@CbcWestwolf
Copy link
Member Author

CbcWestwolf commented Nov 9, 2022

/cc xiongjiwei

@ti-chi-bot ti-chi-bot requested a review from xiongjiwei November 9, 2022 08:43
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Nov 18, 2022
xiongjiwei
xiongjiwei reviewed Nov 24, 2022
View reviewed changes
executor/simple.go Outdated
return false
}

func (e *SimpleExec) enableValidatePassword() bool {
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func (e *SimpleExec) enableValidatePassword() bool {
func (e *SimpleExec) isValidatePasswordenabled() bool {

util/password-validation/password_validation.go Outdated
Comment on lines +36 to +39
pwdLength := len(pwd)
if err != nil {
return false, err
}
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pwdLength := len(pwd)
if err != nil {
return false, err
}
if err != nil {
return false, err
}
pwdLength := len(pwd)

util/password-validation/password_validation.go Outdated
if len(words) == 0 {
return true, nil
}
cache := make(map[string]interface{}, len(words))
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cache := make(map[string]interface{}, len(words))
cache := make(map[string]struct{}, len(words))

util/password-validation/password_validation.go Outdated
for _, word := range words {
word = strings.ToLower(word)
if len(word) >= minPwdValidationLength && len(word) <= maxPwdValidationLength {
cache[word] = nil
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cache[word] = nil
cache[word] = struct{}{}

CbcWestwolf and others added 3 commits November 24, 2022 10:44
@CbcWestwolf @xiongjiwei
Update executor/simple.go
df65a25 
Co-authored-by: xiongjiwei <xiongjiwei1996@outlook.com>
@CbcWestwolf
Update
106f7c2
@CbcWestwolf
Merge branch 'validate_password' of github.com:CbcWestwolf/tidb into …
c0f2564 
…validate_password
xiongjiwei
xiongjiwei reviewed Nov 24, 2022
View reviewed changes
bb7133
bb7133 approved these changes Nov 24, 2022
View reviewed changes
Copy link
Member

@bb7133 bb7133 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Nov 24, 2022
xiongjiwei
xiongjiwei reviewed Nov 24, 2022
View reviewed changes
sessionctx/variable/noop.go
{Scope: ScopeNone, Name: "innodb_log_group_home_dir", Value: "./"},
{Scope: ScopeNone, Name: "performance_schema_events_statements_history_size", Value: "10"},
{Scope: ScopeGlobal, Name: GeneralLog, Value: Off, Type: TypeBool},
{Scope: ScopeGlobal, Name: "validate_password_dictionary_file", Value: ""},
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this variable is still noop in tidb

xiongjiwei
xiongjiwei reviewed Nov 24, 2022
View reviewed changes
sessionctx/variable/sysvar.go Outdated
PasswordValidtaionNumberCount.Store(int32(TidbOptInt64(val, 1)))
return nil
}, GetGlobal: func(_ context.Context, s *SessionVars) (string, error) {
return fmt.Sprintf("%d", PasswordValidtaionNumberCount.Load()), nil
Copy link
Contributor

@xiongjiwei xiongjiwei Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strconv.FormatInt(PasswordValidtaionNumberCount.Load(), 10) has better performance

Copy link
Member Author

@CbcWestwolf CbcWestwolf Nov 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Modified :-)

@xiongjiwei
Copy link
Contributor

xiongjiwei commented Nov 24, 2022

/merge

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Nov 24, 2022

This pull request has been accepted and is ready to merge.

DetailsCommit hash: 9b7e323

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Nov 24, 2022
@CbcWestwolf
Copy link
Member Author

CbcWestwolf commented Nov 24, 2022

/run-unit-test

@ti-chi-bot ti-chi-bot merged commit e205f93 into pingcap:master Nov 24, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Nov 24, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [2] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci-tidb/mybatis-test 🔴 failed 1, success 0, total 1 11 min Existing failure
idc-jenkins-ci-tidb/integration-ddl-test 🔴 failed 1, success 5, total 6 4 min 59 sec Existing failure
idc-jenkins-ci/integration-cdc-test ✅ all 39 tests passed 19 min Fixed
idc-jenkins-ci-tidb/common-test ✅ all 11 tests passed 13 min Fixed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 32 min Existing passed
idc-jenkins-ci-tidb/integration-common-test 🟢 all 17 tests passed 14 min Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 5 min 39 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 5 min 9 sec Existing passed
idc-jenkins-ci-tidb/integration-compatibility-test 🟢 all 1 tests passed 2 min 40 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

@CbcWestwolf CbcWestwolf deleted the validate_password branch November 24, 2022 13:37
@YangKeao YangKeao mentioned this pull request Sep 12, 2024
Closed
@CbcWestwolf CbcWestwolf mentioned this pull request Sep 13, 2024
Closed
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bb7133 bb7133 bb7133 approved these changes

@wjhuang2016 wjhuang2016 wjhuang2016 approved these changes

@xhebox xhebox Awaiting requested review from xhebox

+1 more reviewer

@xiongjiwei xiongjiwei xiongjiwei approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support Password Validation Options and Variables

6 participants

@CbcWestwolf @ti-chi-bot @xiongjiwei @sre-bot @bb7133 @wjhuang2016