fix: Improve the security of datasource management (#2844)

Closes 2638 Co-authored-by: N dailidong <dailidong66@gmail.com>

fix: Improve the security of datasource management (#2844)
Closes 2638 Co-authored-by: N dailidong <dailidong66@gmail.com>
1c153454 · 如梦技术 · GitHub · fbb8ff43 · 1c153454
隐藏空白更改
内联并排

Showing with 13 addition and 3 deletion

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java ...pache/dolphinscheduler/api/service/DataSourceService.java +13 -3

未找到文件。
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
@@ -21,6 +21,7 @@ import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.TypeReference;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import org.apache.commons.lang.StringUtils;
 import org.apache.dolphinscheduler.api.enums.Status;
 import org.apache.dolphinscheduler.api.utils.PageInfo;
 import org.apache.dolphinscheduler.api.utils.Result;
@@ -159,8 +160,18 @@ public class DataSourceService extends BaseService{
            putMsg(result, Status.DATASOURCE_EXIST);
            return result;
        }
+        //check password，if the password is not updated, set to the old password.
+        JSONObject paramObject = JSON.parseObject(parameter);
+        String password = paramObject.getString(Constants.PASSWORD);
+        if (StringUtils.isBlank(password)) {
+            String oldConnectionParams = dataSource.getConnectionParams();
+            JSONObject oldParams = JSON.parseObject(oldConnectionParams);
+            paramObject.put(Constants.PASSWORD, oldParams.getString(Constants.PASSWORD));
+        }
+        // connectionParams json
+        String connectionParams = paramObject.toJSONString();

-        Boolean isConnection = checkConnection(type, parameter);
+        Boolean isConnection = checkConnection(type, connectionParams);
        if (!isConnection) {
            logger.info("connect failed, type:{}, parameter:{}", type, parameter);
            putMsg(result, Status.DATASOURCE_CONNECT_FAILED);
@@ -172,7 +183,7 @@ public class DataSourceService extends BaseService{
        dataSource.setNote(desc);
        dataSource.setUserName(loginUser.getUserName());
        dataSource.setType(type);
-        dataSource.setConnectionParams(parameter);
+        dataSource.setConnectionParams(connectionParams);
        dataSource.setUpdateTime(now);
        dataSourceMapper.updateById(dataSource);
        putMsg(result, Status.SUCCESS);
@@ -257,7 +268,6 @@ public class DataSourceService extends BaseService{
        map.put(PRINCIPAL, datasourceForm.getPrincipal());
        map.put(DATABASE, database);
        map.put(USER_NAME, datasourceForm.getUser());
-        map.put(PASSWORD, datasourceForm.getPassword());
        map.put(OTHER, otherMap);
        result.put(Constants.DATA_LIST, map);
        putMsg(result, Status.SUCCESS);