From e593ff645b1e30e3779eb0a3a6292184df43d6d2 Mon Sep 17 00:00:00 2001
From: powerfool <yuyi.wsy@oceanbase.com>
Date: Thu, 29 Aug 2024 14:08:37 +0800
Subject: [PATCH] fix(ac): forbid to set new password the same as the old
 (#537)

---
 internal/dashboard/business/ac/account.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/dashboard/business/ac/account.go b/internal/dashboard/business/ac/account.go
index 4213b1771..8f8d829c3 100644
--- a/internal/dashboard/business/ac/account.go
+++ b/internal/dashboard/business/ac/account.go
@@ -126,6 +126,10 @@ func ResetAccountPassword(ctx context.Context, username string, resetParam *para
 	newBts := sha256.Sum256([]byte(resetParam.Password))
 	newEncryptedPwd := hex.EncodeToString(newBts[:])
 
+	if account.password == newEncryptedPwd {
+		return nil, httpErr.NewBadRequest("new password is the same as the old password")
+	}
+
 	up := &acmodel.UpdateAccountCreds{
 		Username: username,
 		AccountCreds: acmodel.AccountCreds{