fix: dashboard users api, cannot delete self
This commit is contained in:
DDDHuang
parent
88746c7c11
commit
0b32bf72f7
|
|
@ -1,7 +1,13 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"5.0.0",[{load_module,emqx_dashboard_api,brutal_purge,soft_purge,[]}]},
|
[{"5.0.0", [
|
||||||
|
{load_module,emqx_dashboard_api,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_dashboard_token,brutal_purge,soft_purge,[]}
|
||||||
|
]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"5.0.0",[{load_module,emqx_dashboard_api,brutal_purge,soft_purge,[]}]},
|
[{"5.0.0", [
|
||||||
|
{load_module,emqx_dashboard_api,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_dashboard_token,brutal_purge,soft_purge,[]}
|
||||||
|
]},
|
||||||
{<<".*">>,[]}]}.
|
{<<".*">>,[]}]}.
|
||||||
|
|
|
||||||
|
|
@ -272,22 +272,59 @@ user(put, #{bindings := #{username := Username}, body := Params}) ->
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
{404, ?USER_NOT_FOUND, Reason}
|
{404, ?USER_NOT_FOUND, Reason}
|
||||||
end;
|
end;
|
||||||
user(delete, #{bindings := #{username := Username}}) ->
|
user(delete, #{bindings := #{username := Username}, headers := Headers}) ->
|
||||||
case Username == emqx_dashboard_admin:default_username() of
|
case Username == emqx_dashboard_admin:default_username() of
|
||||||
true ->
|
true ->
|
||||||
?SLOG(info, #{msg => "Dashboard delete admin user failed", username => Username}),
|
?SLOG(info, #{msg => "Dashboard delete admin user failed", username => Username}),
|
||||||
Message = list_to_binary(io_lib:format("Cannot delete user ~p", [Username])),
|
Message = list_to_binary(io_lib:format("Cannot delete user ~p", [Username])),
|
||||||
{400, ?NOT_ALLOWED, Message};
|
{400, ?NOT_ALLOWED, Message};
|
||||||
false ->
|
false ->
|
||||||
case emqx_dashboard_admin:remove_user(Username) of
|
case is_self_auth(Username, Headers) of
|
||||||
{error, Reason} ->
|
true ->
|
||||||
{404, ?USER_NOT_FOUND, Reason};
|
{400, ?NOT_ALLOWED, <<"Cannot delete self">>};
|
||||||
{ok, _} ->
|
false ->
|
||||||
?SLOG(info, #{msg => "Dashboard delete admin user", username => Username}),
|
case emqx_dashboard_admin:remove_user(Username) of
|
||||||
{204}
|
{error, Reason} ->
|
||||||
|
{404, ?USER_NOT_FOUND, Reason};
|
||||||
|
{ok, _} ->
|
||||||
|
?SLOG(info, #{
|
||||||
|
msg => "Dashboard delete admin user", username => Username
|
||||||
|
}),
|
||||||
|
{204}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
is_self_auth(Username, #{<<"authorization">> := Token}) ->
|
||||||
|
is_self_auth(Username, Token);
|
||||||
|
is_self_auth(Username, #{<<"Authorization">> := Token}) ->
|
||||||
|
is_self_auth(Username, Token);
|
||||||
|
is_self_auth(Username, <<"basic ", Token/binary>>) ->
|
||||||
|
is_self_auth_basic(Username, Token);
|
||||||
|
is_self_auth(Username, <<"Basic ", Token/binary>>) ->
|
||||||
|
is_self_auth_basic(Username, Token);
|
||||||
|
is_self_auth(Username, <<"bearer ", Token/binary>>) ->
|
||||||
|
is_self_auth_token(Username, Token);
|
||||||
|
is_self_auth(Username, <<"Bearer ", Token/binary>>) ->
|
||||||
|
is_self_auth_token(Username, Token).
|
||||||
|
|
||||||
|
is_self_auth_basic(Username, Token) ->
|
||||||
|
UP = base64:decode(Token),
|
||||||
|
case binary:match(UP, Username) of
|
||||||
|
{0, N} ->
|
||||||
|
binary:part(UP, {N, 1}) == <<":">>;
|
||||||
|
_ ->
|
||||||
|
false
|
||||||
|
end.
|
||||||
|
|
||||||
|
is_self_auth_token(Username, Token) ->
|
||||||
|
case emqx_dashboard_token:owner(Token) of
|
||||||
|
{ok, Owner} ->
|
||||||
|
Owner == Username;
|
||||||
|
{error, _NotFound} ->
|
||||||
|
false
|
||||||
|
end.
|
||||||
|
|
||||||
change_pwd(put, #{bindings := #{username := Username}, body := Params}) ->
|
change_pwd(put, #{bindings := #{username := Username}, body := Params}) ->
|
||||||
LogMeta = #{msg => "Dashboard change password", username => Username},
|
LogMeta = #{msg => "Dashboard change password", username => Username},
|
||||||
OldPwd = maps:get(<<"old_pwd">>, Params),
|
OldPwd = maps:get(<<"old_pwd">>, Params),
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@
|
||||||
sign/2,
|
sign/2,
|
||||||
verify/1,
|
verify/1,
|
||||||
lookup/1,
|
lookup/1,
|
||||||
|
owner/1,
|
||||||
destroy/1,
|
destroy/1,
|
||||||
destroy_by_username/1
|
destroy_by_username/1
|
||||||
]).
|
]).
|
||||||
|
|
@ -161,6 +162,14 @@ lookup_by_username(Username) ->
|
||||||
{atomic, List} = mria:ro_transaction(?DASHBOARD_SHARD, Fun),
|
{atomic, List} = mria:ro_transaction(?DASHBOARD_SHARD, Fun),
|
||||||
List.
|
List.
|
||||||
|
|
||||||
|
-spec owner(Token :: binary()) -> {ok, Username :: binary} | {error, not_found}.
|
||||||
|
owner(Token) ->
|
||||||
|
Fun = fun() -> mnesia:read(?TAB, Token) end,
|
||||||
|
case mria:ro_transaction(?DASHBOARD_SHARD, Fun) of
|
||||||
|
{atomic, [#?ADMIN_JWT{username = Username}]} -> {ok, Username};
|
||||||
|
{atomic, []} -> {error, not_found}
|
||||||
|
end.
|
||||||
|
|
||||||
jwk(Username, Password, Salt) ->
|
jwk(Username, Password, Salt) ->
|
||||||
Key = crypto:hash(md5, <<Salt/binary, Username/binary, Password/binary>>),
|
Key = crypto:hash(md5, <<Salt/binary, Username/binary, Password/binary>>),
|
||||||
#{
|
#{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue