[FAB-5188] Fix password conversion bug

Passwords are stored in the DB as bytes and declared in the
UserRecord structure as a string.  The UserRecord structure is
passed to the sqlx library to store the user's record in the DB.
The sqlx library interprets the "e" character as an exponent and
converts the string, which means it stores an incorrect password in the DB.

The fix is to change the type of the Pass field from "string" to "[]byte"
to prevent the sqlx library from performing this conversion, and
manually casting between string and []byte as needed.

The TestSpecialPassword test case was added to test this scenario.

Change-Id: I5bb40f2083cf4509f7344fd06f8d9581283a7e74
Signed-off-by: Keith Smith <[email protected]>

lib/dbaccessor.go

@@ -70,7 +70,7 @@ SELECT name, prekey FROM affiliations
 // UserRecord defines the properties of a user
 type UserRecord struct {
 	Name           string `db:"id"`
-	Pass           string `db:"token"`
+	Pass           []byte `db:"token"`
 	Type           string `db:"type"`
 	Affiliation    string `db:"affiliation"`
 	Attributes     string `db:"attributes"`
@@ -116,7 +116,7 @@ func (d *Accessor) InsertUser(user spi.UserInfo) error {
 
 	res, err := d.db.NamedExec(insertUser, &UserRecord{
 		Name:           user.Name,
-		Pass:           user.Pass,
+		Pass:           []byte(user.Pass),
 		Type:           user.Type,
 		Affiliation:    user.Affiliation,
 		Attributes:     string(attrBytes),
@@ -142,7 +142,7 @@ func (d *Accessor) InsertUser(user spi.UserInfo) error {
 		return fmt.Errorf("Expected to add one record to the database, but %d records were added", numRowsAffected)
 	}
 
-	log.Debugf("Successfully added Identity %s to the database", user.Name)
+	log.Debugf("Successfully added identity %s to the database", user.Name)
 
 	return nil
 
@@ -179,7 +179,7 @@ func (d *Accessor) UpdateUser(user spi.UserInfo) error {
 
 	res, err := d.db.NamedExec(updateUser, &UserRecord{
 		Name:           user.Name,
-		Pass:           user.Pass,
+		Pass:           []byte(user.Pass),
 		Type:           user.Type,
 		Affiliation:    user.Affiliation,
 		Attributes:     string(attributes),
@@ -245,7 +245,7 @@ func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error) {
 	json.Unmarshal([]byte(userRec.Attributes), &attributes)
 
 	userInfo.Name = userRec.Name
-	userInfo.Pass = userRec.Pass
+	userInfo.Pass = string(userRec.Pass)
 	userInfo.Type = userRec.Type
 	userInfo.Affiliation = userRec.Affiliation
 	userInfo.State = userRec.State
@@ -308,7 +308,7 @@ func (d *Accessor) GetAffiliation(name string) (spi.Affiliation, error) {
 func (d *Accessor) newDBUser(userRec *UserRecord) *DBUser {
 	var user = new(DBUser)
 	user.Name = userRec.Name
-	user.Pass = userRec.Pass
+	user.Pass = string(userRec.Pass)
 	user.State = userRec.State
 	user.MaxEnrollments = userRec.MaxEnrollments
 	user.Affiliation = userRec.Affiliation

lib/server_test.go

@@ -191,6 +191,41 @@ func TestRootServer(t *testing.T) {
 	}
 }
 
+// Test passwords with lowercase "e" to make sure it is stored
+// correctly in the database with no conversion problems.
+// See https://jira.hyperledger.org/projects/FAB/issues/FAB-5188
+func TestSpecialPassword(t *testing.T) {
+
+	user := "admin2"
+	pwd := "034e220796"
+
+	// Start the server
+	server := TestGetRootServer(t)
+	if server == nil {
+		return
+	}
+	err := server.RegisterBootstrapUser(user, pwd, "")
+	if err != nil {
+		t.Fatalf("Failed to register %s: %s", user, err)
+	}
+	err = server.Start()
+	if err != nil {
+		t.Fatalf("Server start failed: %s", err)
+	}
+	defer server.Stop()
+	// Enroll request
+	client := getRootClient()
+	_, err = client.Enroll(&api.EnrollmentRequest{Name: user, Secret: pwd})
+	if err != nil {
+		t.Fatalf("Failed to enroll %s: %s", user, err)
+	}
+	// Stop the server
+	err = server.Stop()
+	if err != nil {
+		t.Errorf("Server stop failed: %s", err)
+	}
+}
+
 // TestProfiling tests if profiling endpoint can be accessed when profiling is
 // enabled and not accessible when disabled (default)
 func TestProfiling(t *testing.T) {