Apply comment

Author: YongGoose

.github/workflows/build.yml

@@ -66,19 +66,13 @@ jobs:
       # step 5.1
       - name: "Test, Check style, Check PMD, Check license with Maven and Java8"
         if: matrix.java == '8'
-        env:
-          SEATA_CONSOLE_USERNAME: seata
-          SEATA_CONSOLE_PASSWORD: seata
         run: |
           ./mvnw -T 4C clean test \
                  -Dcheckstyle.skip=false -Dpmd.skip=false -Dlicense.skip=false -DredisCaseEnabled=true \
                  -e -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn;
       # step 5.2
       - name: "Test with Maven and Java${{ matrix.java }}"
         if: matrix.java != '8'
-        env:
-          SEATA_CONSOLE_USERNAME: seata
-          SEATA_CONSOLE_PASSWORD: seata
         run: |
           ./mvnw -T 4C clean test \
                  -e -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn;

console/src/main/java/org/apache/seata/console/security/CustomUserDetailsServiceImpl.java

@@ -16,12 +16,11 @@
  */
 package org.apache.seata.console.security;
 
-import java.io.BufferedReader;
-import java.io.Console;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.util.Arrays;
+import java.util.UUID;
 import javax.annotation.PostConstruct;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -34,47 +33,38 @@
 @Service
 public class CustomUserDetailsServiceImpl implements UserDetailsService {
 
-    private Console console;
+    private static final Logger LOGGER = LoggerFactory.getLogger(CustomUserDetailsServiceImpl.class);
+
+    @Value("${console.user.username:seata}")
+    private String username;
+
+    @Value("${console.user.password:}")
+    private String password;
+
     private User user;
 
     /**
      * Init.
      */
     @PostConstruct
-    public void init() throws IOException {
-        String envUsername = System.getenv("SEATA_CONSOLE_USERNAME");
-        String envPassword = System.getenv("SEATA_CONSOLE_PASSWORD");
-
-        if (envUsername != null && envPassword != null) {
-            user = new User(envUsername, envPassword);
-            return;
-        }
-
-        console = System.console();
-        if (console == null) {
-            // In an IDE, 'System.console()' returns 'null', so 'BufferedReader' is used instead.
-            BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
-            String username = promptInput(reader, "Username: ");
-            String password = promptInput(reader, "Password: ");
-            user = new User(username, password);
-        } else {
-            String username = getUsername();
-            String password = getUserPassword();
+    public void init() {
+        if (!password.isEmpty()) {
             user = new User(username, password);
+            return;
         }
-    }
 
-    private String promptInput(BufferedReader reader, String message) throws IOException {
-        System.out.print(message);
-        return reader.readLine();
-    }
+        password = generateRandomPassword();
+        LOGGER.info(
+                "No password was configured. A random password has been generated for security purposes. You may either:\n"
+                        + "1. Use the auto-generated password: [{}]\n"
+                        + "2. Set a custom password in the configuration.",
+                password);
 
-    private String getUserPassword() {
-        return Arrays.toString(console.readPassword("Password: "));
+        user = new User(username, password);
     }
 
-    private String getUsername() {
-        return console.readLine("Username: ");
+    private String generateRandomPassword() {
+        return UUID.randomUUID().toString().replace("-", "").substring(0, 8);
     }
 
     @Override

namingserver/src/test/java/org/apache/seata/namingserver/NamingControllerSmokeTest.java

@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.seata.namingserver;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.test.system.CapturedOutput;
+import org.springframework.boot.test.system.OutputCaptureExtension;
+
+@ExtendWith(OutputCaptureExtension.class)
+class NamingControllerSmokeTest {
+
+    @Test
+    void processShouldPrintLogAndGeneratePasswordWhenDefaultPasswordIsNotDefined(CapturedOutput output) {
+        SpringApplication.run(NamingserverApplication.class, "--server.port=0");
+
+        String logs = output.getOut();
+        assertTrue(logs.contains("No password was configured."));
+    }
+
+    @Test
+    void processShouldNotPrintLogWhenDefaultPasswordIsDefined(CapturedOutput output) {
+        SpringApplication.run(NamingserverApplication.class,
+            "--console.user.password=test123", "--server.port=0");
+
+        String logs = output.getOut();
+        assertFalse(logs.contains("No password was configured."));
+    }
+}