turn on validate password and set special char count to 0 (pingcap#464)

* serverless version 16 Signed-off-by: AmoebaProtozoa <[email protected]> * fix typo in comments Signed-off-by: AmoebaProtozoa <[email protected]> * set special char to 0 Signed-off-by: AmoebaProtozoa <[email protected]> --------- Signed-off-by: AmoebaProtozoa <[email protected]>
nolouch · Jul 7, 2023 · 847ce98 · 847ce98
1 parent 6d6f948
commit 847ce98
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/session/bootstrap_serverless.go b/session/bootstrap_serverless.go
@@ -60,8 +60,10 @@ const (
 	serverlessVersion13 = 13
 	// serverlessVersion14 reverts the change of serverlessVersion11.
 	serverlessVersion14 = 14
-	// serverlessVersion10 rename user cloud_admin to prefix.cloud_admin`.
+	// serverlessVersion15 rename user cloud_admin to prefix.cloud_admin`.
 	serverlessVersion15 = 15
+	// serverlessVersion16 sets the global variable `validate_password.Enable` to `ON`.
+	serverlessVersion16 = 16
 )
 
 const (
@@ -75,7 +77,7 @@ const (
 
 // currentServerlessVersion is defined as a variable, so we can modify its value for testing.
 // please make sure this is the largest version
-var currentServerlessVersion int64 = serverlessVersion15
+var currentServerlessVersion int64 = serverlessVersion16
 
 var bootstrapServerlessVersion = []func(Session, int64){
 	upgradeToServerlessVer2,
@@ -92,6 +94,7 @@ var bootstrapServerlessVersion = []func(Session, int64){
 	upgradeToServerlessVer13,
 	upgradeToServerlessVer14,
 	upgradeToServerlessVer15,
+	upgradeToServerlessVer16,
 }
 
 // updateServerlessVersion updates serverless version variable in mysql.TiDB table.
@@ -407,6 +410,14 @@ func upgradeToServerlessVer15(s Session, ver int64) {
 	}
 }
 
+func upgradeToServerlessVer16(s Session, ver int64) {
+	if ver >= serverlessVersion16 {
+		return
+	}
+	mustExecute(s, "set @@global.validate_password.special_char_count = 0")
+	mustExecute(s, "set @@global.validate_password.enable = ON")
+}
+
 // Serverless bootstrap procedures.
 // NOTE: The following methods will only be executed once at doDMLWorks during TiDB Bootstrap,
 // therefore any modification of it requires addition to the serverless version upgrade function above
@@ -449,6 +460,12 @@ func bootstrapServerlessVariables(s Session) {
 		defaultMaxExecutionTime,
 		defaultMaxExecutionTime,
 	)
+	mustExecute(s, `INSERT HIGH_PRIORITY INTO %n.%n VALUES(%?, %?) ON DUPLICATE KEY UPDATE VARIABLE_VALUE=%?`,
+		mysql.SystemDB, mysql.GlobalVariablesTable, variable.ValidatePasswordSpecialCharCount, 0, 0,
+	)
+	mustExecute(s, `INSERT HIGH_PRIORITY INTO %n.%n VALUES(%?, %?) ON DUPLICATE KEY UPDATE VARIABLE_VALUE=%?`,
+		mysql.SystemDB, mysql.GlobalVariablesTable, variable.ValidatePasswordEnable, variable.On, variable.On,
+	)
 }
 
 // bootstrapServerlessRoot writes root user's privilege into mysql.user.

diff --git a/util/sem/strict_sem.go b/util/sem/strict_sem.go
@@ -27,7 +27,6 @@ func enableStrictMode() {
 	variable.SetSysVarMin(variable.ValidatePasswordMixedCaseCount, 1)
 	variable.SetSysVarMin(variable.ValidatePasswordNumberCount, 1)
 	variable.SetSysVarPossibleValues(variable.ValidatePasswordPolicy, []string{"MEDIUM", "STRONG"})
-	variable.SetSysVarMin(variable.ValidatePasswordSpecialCharCount, 1)
 }
 
 // disableStrictMode changes variable's default value and restrictions back to normal.
@@ -36,7 +35,6 @@ func disableStrictMode() {
 	variable.SetSysVarMin(variable.ValidatePasswordMixedCaseCount, 0)
 	variable.SetSysVarMin(variable.ValidatePasswordNumberCount, 0)
 	variable.SetSysVarPossibleValues(variable.ValidatePasswordPolicy, []string{"LOW", "MEDIUM", "STRONG"})
-	variable.SetSysVarMin(variable.ValidatePasswordSpecialCharCount, 0)
 }
 
 // IsStrictMode checks if sem is in strict mode.