refactor: 用户密码字段脱敏

backend/src/main/java/io/metersphere/config/MybatisConfig.java

@@ -7,6 +7,7 @@ import io.metersphere.base.domain.TestResource;
 import io.metersphere.commons.utils.CompressUtils;
 import io.metersphere.commons.utils.MybatisInterceptorConfig;
 import io.metersphere.interceptor.MybatisInterceptor;
+import io.metersphere.interceptor.UserDesensitizationInterceptor;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
@@ -47,4 +48,9 @@ public class MybatisConfig {
         interceptor.setInterceptorConfigList(configList);
         return interceptor;
     }
+
+    @Bean
+    public UserDesensitizationInterceptor userDesensitizationInterceptor() {
+        return new UserDesensitizationInterceptor();
+    }
 }

backend/src/main/java/io/metersphere/interceptor/UserDesensitizationInterceptor.java

@@ -0,0 +1,59 @@
+package io.metersphere.interceptor;
+
+import io.metersphere.base.domain.User;
+import org.apache.ibatis.cache.CacheKey;
+import org.apache.ibatis.executor.Executor;
+import org.apache.ibatis.mapping.BoundSql;
+import org.apache.ibatis.mapping.MappedStatement;
+import org.apache.ibatis.plugin.*;
+import org.apache.ibatis.session.ResultHandler;
+import org.apache.ibatis.session.RowBounds;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+/**
+ * 用户 password 字段脱敏
+ */
+@Intercepts({
+        @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class}),
+        @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class}),
+})
+public class UserDesensitizationInterceptor implements Interceptor {
+
+    @Override
+    public Object intercept(Invocation invocation) throws Throwable {
+        Object returnValue = invocation.proceed();
+        Object result = returnValue;
+        if (returnValue instanceof ArrayList<?>) {
+            List<Object> list = new ArrayList<>();
+            boolean isDecrypted = false;
+            for (Object val : (ArrayList<?>) returnValue) {
+                if (val instanceof User) {
+                    isDecrypted = true;
+                    ((User) val).setPassword(null);
+                    list.add(val);
+                }
+            }
+            if (isDecrypted) {
+                result = list;
+            }
+        } else {
+            if (result instanceof User) {
+                ((User) result).setPassword(null);
+            }
+        }
+        return result;
+    }
+
+
+    @Override
+    public Object plugin(Object target) {
+        return Plugin.wrap(target, this);
+    }
+
+    @Override
+    public void setProperties(Properties properties) {
+    }
+}