yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(authn): support enable authn in config

This commit is contained in:
zhouzb 2021-07-15 16:16:41 +08:00
parent 5ecc992944
commit 07ce636803
5 changed files with 34 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/emqx_authn/etc/emqx_authn.conf
View File

@ -1,4 +1,5 @@
emqx_authn: {
enable: false
authenticators: [
# {
# name: "authenticator1"

11
apps/emqx_authn/src/emqx_authn_app.erl
View File

@ -38,12 +38,15 @@ stop(_State) ->
ok.
initialize() ->
#{authenticators := Authenticators} = emqx_config:get([emqx_authn], #{authenticators => []}),
initialize(Authenticators).
AuthNConfig = emqx_config:get([emqx_authn], #{enable => false,
authenticators => []}),
initialize(AuthNConfig).
initialize(Authenticators) ->
initialize(#{enable := Enable, authenticators := Authenticators}) ->
{ok, _} = emqx_authn:create_chain(#{id => ?CHAIN}),
initialize_authenticators(Authenticators).
initialize_authenticators(Authenticators),
Enable =:= true andalso emqx_authn:enable(),
ok.
initialize_authenticators([]) ->
ok;

8
apps/emqx_authn/src/emqx_authn_schema.erl
View File

@ -31,7 +31,9 @@
structs() -> ["emqx_authn"].
fields("emqx_authn") ->
[ {authenticators, fun authenticators/1} ];
[ {enable, fun enable/1}
, {authenticators, fun authenticators/1}
];
fields('password-based') ->
[ {name, fun authenticator_name/1}
@ -63,6 +65,10 @@ fields(scram) ->
]))}
].
enable(type) -> boolean();
enable(defualt) -> false;
enable(_) -> undefined.
authenticators(type) ->
hoconsc:array({union, [ hoconsc:ref(?MODULE, 'password-based')
, hoconsc:ref(?MODULE, jwt)

9
apps/emqx_authn/test/emqx_authn_SUITE.erl
View File

@ -94,3 +94,12 @@ t_authenticator(_) ->
?assertEqual(ok, ?AUTH:delete_authenticator(?CHAIN, AuthenticatorName2)),
?assertEqual({ok, []}, ?AUTH:list_authenticators(?CHAIN)),
ok.
t_authenticate(_) ->
?assertEqual(false, emqx_zone:get_env(external, bypass_auth_plugins, false)),
ClientInfo = #{zone => external,
username => <<"myuser">>,
password => <<"mypass">>},
?assertEqual(ok, emqx_access_control:authenticate(ClientInfo)),
emqx_authn:enable(),
?assertEqual({error, not_authorized}, emqx_access_control:authenticate(ClientInfo)).

14
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
View File

@ -48,9 +48,6 @@ set_special_configs(_App) ->
ok.
t_mnesia_authenticator(_) ->
ct:pal("11111 ~p~n", [?AUTH:list_authenticators(<<"mqtt">>)]),
AuthenticatorName = <<"myauthenticator">>,
AuthenticatorConfig = #{name => AuthenticatorName,
mechanism => 'password-based',
@ -67,13 +64,22 @@ t_mnesia_authenticator(_) ->
?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(?CHAIN, AuthenticatorName, UserInfo)),
?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:lookup_user(?CHAIN, AuthenticatorName, <<"myuser">>)),
ClientInfo = #{username => <<"myuser">>,
?assertEqual(false, emqx_zone:get_env(external, bypass_auth_plugins, false)),
ClientInfo = #{zone => external,
username => <<"myuser">>,
password => <<"mypass">>},
?assertEqual({stop, ok}, ?AUTH:authenticate(ClientInfo, ok)),
?AUTH:enable(),
?assertEqual(ok, emqx_access_control:authenticate(ClientInfo)),
ClientInfo2 = ClientInfo#{username => <<"baduser">>},
?assertEqual({stop, {error, not_authorized}}, ?AUTH:authenticate(ClientInfo2, ok)),
?assertEqual({error, not_authorized}, emqx_access_control:authenticate(ClientInfo2)),
ClientInfo3 = ClientInfo#{password => <<"badpass">>},
?assertEqual({stop, {error, bad_username_or_password}}, ?AUTH:authenticate(ClientInfo3, ok)),
?assertEqual({error, bad_username_or_password}, emqx_access_control:authenticate(ClientInfo3)),
UserInfo2 = UserInfo#{<<"password">> => <<"mypass2">>},
?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:update_user(?CHAIN, AuthenticatorName, <<"myuser">>, UserInfo2)),