review: introduced test for null values and checkPlainPassword() method

iaorekhov-1980 · iaorekhov-1980 · commit f17892a4318f · 2026-03-26T17:59:57.000+03:00
diff --git a/fe/fe-core/src/test/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorTest.java b/fe/fe-core/src/test/java/org/apache/doris/mysql/authenticate/ldap/LdapAuthenticatorTest.java
@@ -33,6 +33,8 @@
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
 import java.io.IOException;
 import java.util.List;
 
@@ -165,6 +167,53 @@ public void testEmptyPassword() throws IOException {
         Assert.assertFalse(response.isSuccess());
     }
 
+    @Test
+    public void testNullPassword() throws IOException {
+        setCheckPassword(true);
+        setGetUserInDoris(true);
+        AuthenticateRequest request = new AuthenticateRequest(USER_NAME, new ClearPassword(null), IP);
+        //according to LdapManager:106 - login with null password is prohibitted at all
+        //need to validate that with all possible options - login with null password is not allowed
+        //test with default value - ldap_allow_empty_pass is true, password is null => no login
+        AuthenticateResponse response = ldapAuthenticator.authenticate(request);
+        Assert.assertFalse(response.isSuccess());
+        //test with true value - ldap_allow_empty_pass is true, password is null => no login
+        LdapConfig.ldap_allow_empty_pass = true;
+        response = ldapAuthenticator.authenticate(request);
+        Assert.assertFalse(response.isSuccess());
+        //test with false value - ldap_allow_empty_pass is false, password is null => no login
+        LdapConfig.ldap_allow_empty_pass = false;
+        response = ldapAuthenticator.authenticate(request);
+        Assert.assertFalse(response.isSuccess());
+    }
+
+    @Test
+    public void testAuthCheckPlainPasswordWithEmptyPassword() throws Exception {
+            setLdapUserExist(true);
+            setCheckPassword(true);
+        
+            //test default (ldap_allow_empty_pass=true) and empty pass: login is allowed
+            Auth.checkPlainPassword(USER_NAME, IP, "", null);
+
+            //test with true and empty pass: login is allowed
+            LdapConfig.ldap_allow_empty_pass = true;
+            Auth.checkPlainPassword(USER_NAME, IP, "", null);
+
+            //test with true value and non-empty pass: login is allowed            
+            LdapConfig.ldap_allow_empty_pass = true;
+            Auth.checkPlainPassword(USER_NAME, IP, "testPass", null);
+
+            //test with false and empty pass: login is not allowed
+            LdapConfig.ldap_allow_empty_pass = false;
+            assertThrows(AuthenticationException.class, () -> {
+                Auth.checkPlainPassword(USER_NAME, IP, "", null);
+            });
+
+            //test with false value and non-empty pass: login is allowed            
+            LdapConfig.ldap_allow_empty_pass = false;
+            Auth.checkPlainPassword(USER_NAME, IP, "testPass", null);
+        }
+    
     @After
     public void tearDown() {
         LdapConfig.ldap_allow_empty_pass = true; // restoring default value for other tests
