From 1ea3ad33c655e9852fe77d7ed04bf007dafa876d Mon Sep 17 00:00:00 2001
From: baurine <2008.hbl@gmail.com>
Date: Thu, 2 Nov 2023 16:23:15 +0800
Subject: [PATCH] Revert "test(login): fix login integration test (#1587)"

This reverts commit f1e012a758e8208a4dc9c967db307660c5db5e40.
---
 pkg/apiserver/user/auth.go            | 16 ++--------
 pkg/apiserver/user/rsa_utils.go       | 12 -------
 pkg/apiserver/user/sqlauth/sqlauth.go | 10 +++---
 tests/integration/info/info_test.go   |  3 +-
 tests/integration/user/user_test.go   | 45 ++++-----------------------
 5 files changed, 16 insertions(+), 70 deletions(-)

diff --git a/pkg/apiserver/user/auth.go b/pkg/apiserver/user/auth.go
index 002c6d68e0..12248a24c8 100644
--- a/pkg/apiserver/user/auth.go
+++ b/pkg/apiserver/user/auth.go
@@ -37,7 +37,7 @@ type AuthService struct {
 	middleware     *jwt.GinJWTMiddleware
 	authenticators map[utils.AuthType]Authenticator
 
-	RsaPublicKey  *rsa.PublicKey
+	rsaPublicKey  *rsa.PublicKey
 	RsaPrivateKey *rsa.PrivateKey
 }
 
@@ -104,7 +104,7 @@ func NewAuthService(featureFlags *featureflag.Registry) *AuthService {
 		middleware:              nil,
 		authenticators:          map[utils.AuthType]Authenticator{},
 		RsaPrivateKey:           privateKey,
-		RsaPublicKey:            publicKey,
+		rsaPublicKey:            publicKey,
 	}
 
 	middleware, err := jwt.New(&jwt.GinJWTMiddleware{
@@ -122,16 +122,6 @@ func NewAuthService(featureFlags *featureflag.Registry) *AuthService {
 			if err != nil {
 				return nil, errorx.Decorate(err, "authenticate failed")
 			}
-			// TODO: uncomment it after thinking clearly
-			// if form.Type == 0 {
-			// 	// generate new rsa key pair for each sql auth login
-			// 	privateKey, publicKey, err := GenerateKey()
-			// 	// if generate successfully, replace the old key pair
-			// 	if err == nil {
-			// 		service.RsaPrivateKey = privateKey
-			// 		service.RsaPublicKey = publicKey
-			// 	}
-			// }
 			return u, nil
 		},
 		PayloadFunc: func(data interface{}) jwt.MapClaims {
@@ -322,7 +312,7 @@ func (s *AuthService) GetLoginInfoHandler(c *gin.Context) {
 	sort.Ints(supportedAuth)
 	// both work
 	// publicKeyStr, err := ExportPublicKeyAsString(s.rsaPublicKey)
-	publicKeyStr, err := DumpPublicKeyBase64(s.RsaPublicKey)
+	publicKeyStr, err := DumpPublicKeyBase64(s.rsaPublicKey)
 	if err != nil {
 		rest.Error(c, err)
 		return
diff --git a/pkg/apiserver/user/rsa_utils.go b/pkg/apiserver/user/rsa_utils.go
index a1bc65791f..eb79b43387 100644
--- a/pkg/apiserver/user/rsa_utils.go
+++ b/pkg/apiserver/user/rsa_utils.go
@@ -79,18 +79,6 @@ func DumpPrivateKeyBase64(privatekey *rsa.PrivateKey) (string, error) {
 	return keyBase64, nil
 }
 
-// Encrypt by public key.
-func Encrypt(plainText string, publicKey *rsa.PublicKey) (string, error) {
-	encryptedText, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, []byte(plainText))
-	if err != nil {
-		return "", err
-	}
-
-	// the encryptedText is encoded by base64 in the frontend by jsEncrypt
-	encodedText := base64.StdEncoding.EncodeToString(encryptedText)
-	return encodedText, nil
-}
-
 // Decrypt by private key.
 func Decrypt(cipherText string, privateKey *rsa.PrivateKey) (string, error) {
 	// the cipherText is encoded by base64 in the frontend by jsEncrypt
diff --git a/pkg/apiserver/user/sqlauth/sqlauth.go b/pkg/apiserver/user/sqlauth/sqlauth.go
index a93394f4c6..b37b1f7d64 100644
--- a/pkg/apiserver/user/sqlauth/sqlauth.go
+++ b/pkg/apiserver/user/sqlauth/sqlauth.go
@@ -3,6 +3,8 @@
 package sqlauth
 
 import (
+	"crypto/rsa"
+
 	"github.com/joomcode/errorx"
 	"go.uber.org/fx"
 
@@ -15,8 +17,8 @@ const typeID utils.AuthType = 0
 
 type Authenticator struct {
 	user.BaseAuthenticator
-	tidbClient  *tidb.Client
-	authService *user.AuthService
+	tidbClient    *tidb.Client
+	rsaPrivateKey *rsa.PrivateKey
 }
 
 func NewAuthenticator(tidbClient *tidb.Client) *Authenticator {
@@ -27,7 +29,7 @@ func NewAuthenticator(tidbClient *tidb.Client) *Authenticator {
 
 func registerAuthenticator(a *Authenticator, authService *user.AuthService) {
 	authService.RegisterAuthenticator(typeID, a)
-	a.authService = authService
+	a.rsaPrivateKey = authService.RsaPrivateKey
 }
 
 var Module = fx.Options(
@@ -36,7 +38,7 @@ var Module = fx.Options(
 )
 
 func (a *Authenticator) Authenticate(f user.AuthenticateForm) (*utils.SessionUser, error) {
-	plainPwd, err := user.Decrypt(f.Password, a.authService.RsaPrivateKey)
+	plainPwd, err := user.Decrypt(f.Password, a.rsaPrivateKey)
 	if err != nil {
 		return nil, user.ErrSignInOther.WrapWithNoMessage(err)
 	}
diff --git a/tests/integration/info/info_test.go b/tests/integration/info/info_test.go
index 6f9bc1a6dc..6c7c8941bd 100644
--- a/tests/integration/info/info_test.go
+++ b/tests/integration/info/info_test.go
@@ -96,8 +96,7 @@ func (s *testInfoSuite) getTokenBySQLRoot() string {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "root"
-	pwd, _ := user.Encrypt("", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = ""
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
diff --git a/tests/integration/user/user_test.go b/tests/integration/user/user_test.go
index 2b3734b673..89da258767 100644
--- a/tests/integration/user/user_test.go
+++ b/tests/integration/user/user_test.go
@@ -93,8 +93,7 @@ func (s *testUserSuite) TestLoginWithNotExistUser() {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "not_exist"
-	pwd, _ := user.Encrypt("aaa", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = "aaa"
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -110,8 +109,7 @@ func (s *testUserSuite) TestLoginWithWrongPassword() {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "dashboardAdmin"
-	pwd, _ := user.Encrypt("123456789", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = "123456789"
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -127,8 +125,7 @@ func (s *testUserSuite) TestLoginWithInsufficientPrivs() {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "dashboardAdmin-2"
-	pwd, _ := user.Encrypt("12345678", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = "12345678"
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -145,8 +142,7 @@ func (s *testUserSuite) TestLoginWithSufficientPrivs() {
 		param := make(map[string]interface{})
 		param["type"] = 0
 		param["username"] = "dashboardAdmin"
-		pwd, _ := user.Encrypt("12345678", s.authService.RsaPublicKey)
-		param["password"] = pwd
+		param["password"] = "12345678"
 
 		jsonByte, _ := json.Marshal(param)
 		req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -181,8 +177,7 @@ func (s *testUserSuite) TestLoginWithWrongPasswordForRoot() {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "root"
-	pwd, _ := user.Encrypt("aaa", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = "aaa"
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -198,8 +193,7 @@ func (s *testUserSuite) TestLoginWithCorrectPasswordForRoot() {
 	param := make(map[string]interface{})
 	param["type"] = 0
 	param["username"] = "root"
-	pwd, _ := user.Encrypt("", s.authService.RsaPublicKey)
-	param["password"] = pwd
+	param["password"] = ""
 
 	jsonByte, _ := json.Marshal(param)
 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
@@ -216,33 +210,6 @@ func (s *testUserSuite) TestLoginWithCorrectPasswordForRoot() {
 	s.Require().Nil(err)
 }
 
-// TODO: uncomment it after thinking clearly
-// func (s *testUserSuite) TestLoginWithSamePayloadTwice() {
-// 	param := make(map[string]interface{})
-// 	param["type"] = 0
-// 	param["username"] = "root"
-// 	pwd, _ := user.Encrypt("", s.authService.RsaPublicKey)
-// 	param["password"] = pwd
-
-// 	// success at the first time
-// 	jsonByte, _ := json.Marshal(param)
-// 	req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
-// 	c, w := util.TestReqWithHandlers(req, s.authService.LoginHandler)
-
-// 	s.Require().Len(c.Errors, 0)
-// 	s.Require().Equal(200, c.Writer.Status())
-// 	s.Require().Equal(200, w.Code)
-
-// 	// fail at the second time
-// 	req, _ = http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
-// 	c, w = util.TestReqWithHandlers(req, s.authService.LoginHandler)
-
-// 	s.Require().Contains(c.Errors.Last().Err.Error(), "authenticate failed")
-// 	s.Require().Contains(c.Errors.Last().Err.Error(), "crypto/rsa: decryption error")
-// 	s.Require().Equal(401, c.Writer.Status())
-// 	s.Require().Equal(401, w.Code)
-// }
-
 func (s *testUserSuite) TestLoginInfo() {
 	req, _ := http.NewRequest(http.MethodGet, "/user/login_info", nil)
 	c, w := util.TestReqWithHandlers(req, s.authService.GetLoginInfoHandler)