get datasource password from db

苏义超 · 苏义超 · commit 5778233bc736 · 2025-12-18T20:12:29.000+08:00
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/DataSourceController.java
@@ -44,6 +44,7 @@
 import org.apache.dolphinscheduler.plugin.datasource.api.datasource.BaseDataSourceParamDTO;
 import org.apache.dolphinscheduler.plugin.datasource.api.utils.CommonUtils;
 import org.apache.dolphinscheduler.plugin.datasource.api.utils.DataSourceUtils;
+import org.apache.dolphinscheduler.plugin.datasource.api.utils.PasswordUtils;
 import org.apache.dolphinscheduler.plugin.task.api.utils.ParameterUtils;
 import org.apache.dolphinscheduler.spi.datasource.ConnectionParam;
 import org.apache.dolphinscheduler.spi.enums.DbType;
@@ -214,6 +215,11 @@ public Result<Object> queryDataSourceListPaging(@Parameter(hidden = true) @Reque
     public Result<Boolean> connectDataSource(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
                                              @io.swagger.v3.oas.annotations.parameters.RequestBody(description = "dataSourceParam") @RequestBody String jsonStr) {
         BaseDataSourceParamDTO dataSourceParam = DataSourceUtils.buildDatasourceParam(jsonStr);
+        if (dataSourceParam.getId() != null
+                && dataSourceParam.getPassword().equals(dataSourceService.getHiddenPassword())) {
+            String passwordInDb = dataSourceService.queryDataSourceRealPassword(dataSourceParam.getId(), loginUser);
+            dataSourceParam.setPassword(PasswordUtils.decodePassword(passwordInDb));
+        }
         DataSourceUtils.checkDatasourceParam(dataSourceParam);
         ConnectionParam connectionParams = DataSourceUtils.buildConnectionParams(dataSourceParam);
         dataSourceService.checkConnection(dataSourceParam.getType(), connectionParams);
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/DataSourceService.java
@@ -51,13 +51,28 @@ public interface DataSourceService {
     DataSource updateDataSource(User loginUser, BaseDataSourceParamDTO dataSourceParam);
 
     /**
-     * updateWorkflowInstance datasource
+     * query datasource with hidden password
      *
      * @param id datasource id
      * @return data source detail
      */
     BaseDataSourceParamDTO queryDataSource(int id, User loginUser);
 
+    /**
+     * get hidden password (resolve the security hotspot)
+     *
+     * @return hidden password
+     */
+    String getHiddenPassword();
+
+    /**
+     * query datasource real password
+     *
+     * @param id datasource id
+     * @return data source detail
+     */
+    String queryDataSourceRealPassword(int id, User loginUser);
+
     /**
      * query datasource list by keyword
      *
diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/DataSourceServiceImpl.java
@@ -189,7 +189,7 @@ private boolean checkName(String name) {
     }
 
     /**
-     * updateWorkflowInstance datasource
+     * query datasource with hidden password
      *
      * @param id datasource id
      * @return data source detail
@@ -218,6 +218,30 @@ public BaseDataSourceParamDTO queryDataSource(int id, User loginUser) {
         return baseDataSourceParamDTO;
     }
 
+    /**
+     * query datasource real password
+     *
+     * @param id datasource id
+     * @return data source detail
+     */
+    @Override
+    public String queryDataSourceRealPassword(int id, User loginUser) {
+        DataSource dataSource = dataSourceMapper.selectById(id);
+        if (dataSource == null) {
+            log.error("Datasource does not exist, id:{}.", id);
+            throw new ServiceException(Status.RESOURCE_NOT_EXIST);
+        }
+
+        if (!canOperatorPermissions(loginUser, new Object[]{dataSource.getId()}, AuthorizationType.DATASOURCE,
+                ApiFuncIdentificationConstant.DATASOURCE)) {
+            throw new ServiceException(Status.USER_NO_OPERATION_PERM);
+        }
+
+        ConnectionParam connectionParam =
+                DataSourceUtils.buildConnectionParams(dataSource.getType(), dataSource.getConnectionParams());
+        return connectionParam.getPassword();
+    }
+
     /**
      * query datasource list by keyword
      *
@@ -268,7 +292,8 @@ private void handlePasswd(List<DataSource> dataSourceList) {
      *
      * @return hidden password
      */
-    private String getHiddenPassword() {
+    @Override
+    public String getHiddenPassword() {
         return Constants.XXXXXX;
     }
 
