-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE #11957] Remove default password #11991
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KomachiSion
requested changes
Apr 22, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- 好像测试有大规模的失败,建议排查一下原因
- 关于如果没有GLOBAL_ADMIN_ROLE用户的时候, 应该在更前面的地方判断,并且直接弹出,权限校验部分应该维持现状,就是没有user或没有权限的报错。
测试用例已修复, 请同步develop分支后重新提交 |
done |
KomachiSion
requested changes
Apr 24, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
整体的方案我觉得可以重新考虑一下。
我觉得只需要判断一下是否数据库中有admin用户即可, 并且记录这个状态,然后暴露状态;
此时应该有以下几个行为:
- 控制台通过读取这个状态,当没有初始化admin用户时, 转跳到一个单独的页面,来创建admin用户(具体可以讨论,是用户密码都自定义,还是用户名是nacos,密码让用户自定义)。
- 提供一个新API,对于不方便使用控制台的用户,通过调用这个API来设置nacos用户的密码;该接口只能不带任何身份信息调用一次,如果已经存在admin级别的用户,这个接口应该拒绝访问。
- 其他的正常接口访问,不需要额外判断逻辑, 走正常鉴权的时候因为没有用户信息,正常报错即可。
KomachiSion
approved these changes
Apr 29, 2024
KomachiSion
approved these changes
Apr 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please do not create a Pull Request without creating an issue first.
What is the purpose of the change
#11957
Brief changelog
XX
Verifying this change
XXXX
Follow this checklist to help us incorporate your contribution quickly and easily:
[ISSUE #123] Fix UnknownException when host config not exist
. Each commit in the pull request should have a meaningful subject line and body.mvn -B clean package apache-rat:check findbugs:findbugs -Dmaven.test.skip=true
to make sure basic checks pass. Runmvn clean install -DskipITs
to make sure unit-test pass. Runmvn clean test-compile failsafe:integration-test
to make sure integration-test pass.