[feat]RBAC帐号password加密算法支持自定义扩展 (#1365)
* extend password
* fix error
Co-authored-by: SphaIris <aaalixiaopei123>
diff --git a/pkg/privacy/password.go b/pkg/privacy/password.go
index b3c1fd5..5c7936d 100644
--- a/pkg/privacy/password.go
+++ b/pkg/privacy/password.go
@@ -21,7 +21,6 @@
"strings"
scrypt "github.com/elithrar/simple-scrypt"
- "github.com/go-chassis/foundation/stringutil"
"golang.org/x/crypto/bcrypt"
"github.com/apache/servicecomb-service-center/pkg/log"
@@ -33,23 +32,26 @@
var ScryptParams = scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32}
-// HashPassword
-// Deprecated: use ScryptPassword, this is only for unit test to test compatible with old version
-func HashPassword(pwd string) (string, error) {
- hash, err := bcrypt.GenerateFromPassword([]byte(pwd), 14)
- if err != nil {
- return "", err
- }
- return stringutil.Bytes2str(hash), nil
+// DefaultManager default manager
+var DefaultManager PasswordManager = &passwordManager{}
+
+type PasswordManager interface {
+ EncryptPassword(pwd string) (string, error)
+ CheckPassword(hashedPwd, pwd string) bool
}
-func ScryptPassword(pwd string) (string, error) {
+
+type passwordManager struct {
+}
+
+func (p *passwordManager) EncryptPassword(pwd string) (string, error) {
hash, err := scrypt.GenerateFromPassword([]byte(pwd), ScryptParams)
if err != nil {
return "", err
}
return string(hash), nil
}
-func SamePassword(hashedPwd, pwd string) bool {
+
+func (p *passwordManager) CheckPassword(hashedPwd, pwd string) bool {
if strings.HasPrefix(hashedPwd, algBcrypt) {
err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(pwd))
if err == bcrypt.ErrMismatchedHashAndPassword {
@@ -62,5 +64,11 @@
log.Warn("incorrect password attempts")
}
return err == nil
+}
+func ScryptPassword(pwd string) (string, error) {
+ return DefaultManager.EncryptPassword(pwd)
+}
+func SamePassword(hashedPwd, pwd string) bool {
+ return DefaultManager.CheckPassword(hashedPwd, pwd)
}
diff --git a/pkg/privacy/password_test.go b/pkg/privacy/password_test.go
index c1e0fa2..e2a3251 100644
--- a/pkg/privacy/password_test.go
+++ b/pkg/privacy/password_test.go
@@ -23,42 +23,21 @@
"github.com/apache/servicecomb-service-center/pkg/privacy"
scrypt "github.com/elithrar/simple-scrypt"
- "github.com/go-chassis/foundation/stringutil"
"github.com/stretchr/testify/assert"
"golang.org/x/crypto/pbkdf2"
)
-func TestHashPassword(t *testing.T) {
- h, _ := privacy.HashPassword("test")
- t.Log(h)
- mac, _ := privacy.ScryptPassword("test")
- t.Log(mac)
-
- t.Run("given old hash result, should be compatible", func(t *testing.T) {
- same := privacy.SamePassword(h, "test")
- assert.True(t, same)
- })
-
- sameMac := privacy.SamePassword(mac, "test")
- assert.True(t, sameMac)
-
- t.Run("use different params for scrypt, should be compatible", func(t *testing.T) {
- h2, _ := scrypt.GenerateFromPassword([]byte("test"), scrypt.Params{N: 1024, R: 8, P: 1, SaltLen: 8, DKLen: 32})
- same := privacy.SamePassword(stringutil.Bytes2str(h2), "test")
- assert.True(t, same)
- })
+type mockPassword struct {
}
-func BenchmarkBcrypt(b *testing.B) {
- h, _ := privacy.HashPassword("test")
- for i := 0; i < b.N; i++ {
- same := privacy.SamePassword(h, "test")
- if !same {
- panic("")
- }
- }
- b.ReportAllocs()
+func (m mockPassword) EncryptPassword(pwd string) (string, error) {
+ return "encrypt password", nil
}
+
+func (m mockPassword) CheckPassword(hashedPwd, pwd string) bool {
+ return true
+}
+
func BenchmarkScrypt(b *testing.B) {
h, _ := privacy.ScryptPassword("test")
for i := 0; i < b.N; i++ {
@@ -117,3 +96,14 @@
})
b.ReportAllocs()
}
+func TestDefaultManager(t *testing.T) {
+ currentManager := privacy.DefaultManager
+ privacy.DefaultManager = &mockPassword{}
+ defer func() {
+ privacy.DefaultManager = currentManager
+ }()
+ password, _ := privacy.DefaultManager.EncryptPassword("")
+ assert.Equal(t, "encrypt password", password)
+ samePassword := privacy.DefaultManager.CheckPassword("", "")
+ assert.True(t, samePassword)
+}
