refactor: remove Lua API pico.change_password

fae4c847 · Artur Sabirov · Yaroslav Dynnikov · db888e6c · fae4c847 · fae4c847
Commit fae4c847 authored 8 months ago by Artur Sabirov Committed by Yaroslav Dynnikov 8 months ago
--- a/src/luamod.lua
+++ b/src/luamod.lua
@@ -191,99 +191,6 @@ local function check_password_min_length(password, auth_type)
    end
 end

-help.change_password = [[
-pico.change_password(user, password, [opts])
-========================================
-
-Change the user's password on each instance of the cluster.
-
-Proposes a raft entry which when applied on an instance changes the user's password on it.
-Waits for opts.timeout seconds for the entry to be applied locally.
-On success returns an index of the corresponding raft entry.
-Skips the request if the password matches the current one.
-
-The function respects `password_min_length` parameter from `_pico_property` table
-(by default set to be at least 8 characters).
-
-NOTE: If this function returns a timeout error the request is NOT cancelled and
-the change may still be applied some time later. For this reason it is always
-safe to call the same function with the same arguments again. And if the change
-is finalized in between calls, the subsequent calls return the corresponding
-result.
-
-Params:
-
-    1. user (string), username
-    2. password (string)
-    3. opts (optional table)
-        - auth_type (optional string), authentication method name,
-            defaults to box.cfg.auth_type value
-        - timeout (optional number), in seconds, default: infinity
-
-Returns:
-
-    (number) raft index
-    or
-    (nil, error) in case of an error
-]]
-function pico.change_password(user, password, opts)
-    local auth_type = box.cfg.auth_type
-
-    local ok, err = pcall(function()
-        check_param_table(opts, {
-            timeout = 'number',
-            auth_type = 'string',
-        })
-        opts = opts or {}
-        if not opts.timeout then
-            opts.timeout = TIMEOUT_INFINITY
-        end
-        if opts.auth_type then
-            auth_type = opts.auth_type
-        end
-
-        check_param(user, 'user', 'string')
-        check_param(password, 'password', 'string')
-
-        check_password_min_length(password, auth_type)
-    end)
-    if not ok then
-        return nil, err
-    end
-
-    local deadline = fiber.clock() + opts.timeout
-
-    -- XXX: we construct this closure every time the function is called,
-    -- which is bad for performance/jit. Refactor if problems are discovered.
-    local auth_data = box.internal.prepare_auth(auth_type, password, user)
-    local function make_op_if_needed()
-        -- TODO: allow `user` to be a user id instead of name
-        local user_def = box.space._pico_user.index._pico_user_name:get(user)
-        if user_def == nil then
-            box.error(box.error.NO_SUCH_USER, user)
-        end
-
-        if table.equals(user_def.auth, { [auth_type] = auth_data }) then
-            -- Password is already the one given, no op needed
-            return nil
-        end
-
-        return {
-            kind = 'acl',
-            op_kind = 'change_auth',
-            user_id = user_def.id,
-            schema_version = next_schema_version(),
-            auth = {
-                method = auth_type,
-                data = auth_data,
-            },
-            initiator = box.session.euid(),
-        }
-    end
-
-    return reenterable_schema_change_request(deadline, make_op_if_needed)
-end
-
 -- A lookup map
 local supported_priveleges = {
    read = true,

--- a/test/int/test_acl.py
+++ b/test/int/test_acl.py
@@ -209,7 +209,8 @@ def test_acl_basic(cluster: Cluster):
    # Change user's password.
    old_password = VALID_PASSWORD
    new_password = "L0ng$3kr3T"
-    index = i1.call("pico.change_password", user, new_password)
+    i1.sql(f"ALTER USER \"{user}\" WITH PASSWORD '{new_password}'")
+    index = i1.call(".proc_get_index")
    cluster.raft_wait_index(index)
    v += 1