fix(ac): forbid to set new password the same as the old (#537)

oceanbase · Aug 29, 2024 · e593ff6 · e593ff6
1 parent 8dd2b2b
commit e593ff6
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/internal/dashboard/business/ac/account.go b/internal/dashboard/business/ac/account.go
@@ -126,6 +126,10 @@ func ResetAccountPassword(ctx context.Context, username string, resetParam *para
 	newBts := sha256.Sum256([]byte(resetParam.Password))
 	newEncryptedPwd := hex.EncodeToString(newBts[:])
 
+	if account.password == newEncryptedPwd {
+		return nil, httpErr.NewBadRequest("new password is the same as the old password")
+	}
+
 	up := &acmodel.UpdateAccountCreds{
 		Username: username,
 		AccountCreds: acmodel.AccountCreds{