Fix superusers' password verification problem (#23729)

Signed-off-by: N SimFG <bang.fu@zilliz.com>

Fix superusers' password verification problem (#23729)
Signed-off-by: N SimFG <bang.fu@zilliz.com>
c24c3017 · SimFG · GitHub · 05d317fe · c24c3017 · c24c3017
隐藏空白更改
内联并排

Showing with 10 addition and 9 deletion

internal/proxy/impl.go internal/proxy/impl.go +10 -1

internal/proxy/util.go internal/proxy/util.go +0 -8

未找到文件。
--- a/internal/proxy/impl.go
+++ b/internal/proxy/impl.go
@@ -4400,7 +4400,16 @@ func (node *Proxy) UpdateCredential(ctx context.Context, req *milvuspb.UpdateCre
 		}, nil
 	}

-	if !passwordVerify(ctx, req.Username, rawOldPassword, globalMetaCache) {
+	skipPasswordVerify := false
+	if currentUser, _ := GetCurUserFromContext(ctx); currentUser != "" {
+		for _, s := range Params.CommonCfg.SuperUsers {
+			if s == currentUser {
+				skipPasswordVerify = true
+			}
+		}
+	}
+
+	if !skipPasswordVerify && !passwordVerify(ctx, req.Username, rawOldPassword, globalMetaCache) {
 		return &commonpb.Status{
 			ErrorCode: commonpb.ErrorCode_UpdateCredentialFailure,
 			Reason:    "old password is not correct:" + req.Username,

--- a/internal/proxy/util.go
+++ b/internal/proxy/util.go
@@ -758,14 +758,6 @@ func passwordVerify(ctx context.Context, username, rawPwd string, globalMetaCach
 		return false
 	}

-	if currentUser, _ := GetCurUserFromContext(ctx); currentUser != "" {
-		for _, s := range Params.CommonCfg.SuperUsers {
-			if s == currentUser {
-				return true
-			}
-		}
-	}
-
 	// hit cache
 	sha256Pwd := crypto.SHA256(rawPwd, credInfo.Username)
 	if credInfo.Sha256Password != "" {