the algorithm used for changing the account password is different from that for creating the account (#1388)
Co-authored-by: SphaIris <aaalixiaopei123>
diff --git a/server/service/rbac/password.go b/server/service/rbac/password.go
index 74c1312..9631bab 100644
--- a/server/service/rbac/password.go
+++ b/server/service/rbac/password.go
@@ -21,15 +21,12 @@
"context"
"fmt"
- "github.com/go-chassis/cari/discovery"
- "github.com/go-chassis/cari/rbac"
- "github.com/go-chassis/foundation/stringutil"
- "golang.org/x/crypto/bcrypt"
-
"github.com/apache/servicecomb-service-center/pkg/log"
"github.com/apache/servicecomb-service-center/pkg/privacy"
"github.com/apache/servicecomb-service-center/pkg/util"
"github.com/apache/servicecomb-service-center/server/service/validator"
+ "github.com/go-chassis/cari/discovery"
+ "github.com/go-chassis/cari/rbac"
)
func ChangePassword(ctx context.Context, a *rbac.Account) error {
@@ -96,12 +93,12 @@
}
func doChangePassword(ctx context.Context, old *rbac.Account, pwd string) error {
- hash, err := bcrypt.GenerateFromPassword([]byte(pwd), 14)
+ var err error
+ old.Password, err = privacy.ScryptPassword(pwd)
if err != nil {
- log.Error("pwd hash failed", err)
+ log.Error("encrypt password failed", err)
return err
}
- old.Password = stringutil.Bytes2str(hash)
err = EditAccount(ctx, old)
if err != nil {
log.Error("can not change pwd", err)