From 141d8144e415ae1fe0d49033eb74b1a1a9356bae Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 25 Jul 2024 10:52:26 +0800 Subject: [PATCH] fix(scram): change the name from `scram_http` to `scram_restapi` --- apps/emqx_auth_http/src/emqx_auth_http_app.erl | 2 +- ...ram_http.erl => emqx_authn_scram_restapi.erl} | 12 +++++++++--- ...a.erl => emqx_authn_scram_restapi_schema.erl} | 16 ++++++++-------- ...TE.erl => emqx_authn_scram_restapi_SUITE.erl} | 16 +++++++++------- ... => emqx_authn_scram_restapi_test_server.erl} | 2 +- apps/emqx_conf/src/emqx_conf_schema_inject.erl | 2 +- apps/emqx_gateway/src/emqx_gateway_api_authn.erl | 2 +- changes/ee/feat-13504.en.md | 4 ++++ 8 files changed, 34 insertions(+), 22 deletions(-) rename apps/emqx_auth_http/src/{emqx_authn_scram_http.erl => emqx_authn_scram_restapi.erl} (93%) rename apps/emqx_auth_http/src/{emqx_authn_scram_http_schema.erl => emqx_authn_scram_restapi_schema.erl} (88%) rename apps/emqx_auth_http/test/{emqx_authn_scram_http_SUITE.erl => emqx_authn_scram_restapi_SUITE.erl} (96%) rename apps/emqx_auth_http/test/{emqx_authn_scram_http_test_server.erl => emqx_authn_scram_restapi_test_server.erl} (98%) diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl index 3d8ae0dad..8b7d08c4e 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl +++ b/apps/emqx_auth_http/src/emqx_auth_http_app.erl @@ -25,7 +25,7 @@ start(_StartType, _StartArgs) -> ok = emqx_authz:register_source(?AUTHZ_TYPE, emqx_authz_http), ok = emqx_authn:register_provider(?AUTHN_TYPE, emqx_authn_http), - ok = emqx_authn:register_provider(?AUTHN_TYPE_SCRAM, emqx_authn_scram_http), + ok = emqx_authn:register_provider(?AUTHN_TYPE_SCRAM, emqx_authn_scram_restapi), {ok, Sup} = emqx_auth_http_sup:start_link(), {ok, Sup}. diff --git a/apps/emqx_auth_http/src/emqx_authn_scram_http.erl b/apps/emqx_auth_http/src/emqx_authn_scram_restapi.erl similarity index 93% rename from apps/emqx_auth_http/src/emqx_authn_scram_http.erl rename to apps/emqx_auth_http/src/emqx_authn_scram_restapi.erl index 0e6190b4b..f1cca5da2 100644 --- a/apps/emqx_auth_http/src/emqx_authn_scram_http.erl +++ b/apps/emqx_auth_http/src/emqx_authn_scram_restapi.erl @@ -2,7 +2,13 @@ %% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- --module(emqx_authn_scram_http). +%% Note: +%% This is not an implementation of the RFC 7804: +%% Salted Challenge Response HTTP Authentication Mechanism. +%% This backend is an implementation of scram, +%% which uses an external web resource as a source of user information. + +-module(emqx_authn_scram_restapi). -include_lib("emqx_auth/include/emqx_authn.hrl"). -include_lib("emqx/include/logger.hrl"). @@ -95,7 +101,7 @@ retrieve( ) -> Request = emqx_authn_http:generate_request(Credential#{username := Username}, State), Response = emqx_resource:simple_sync_query(ResourceId, {Method, Request, RequestTimeout}), - ?TRACE_AUTHN_PROVIDER("scram_http_response", #{ + ?TRACE_AUTHN_PROVIDER("scram_restapi_response", #{ request => emqx_authn_http:request_for_log(Credential, State), response => emqx_authn_http:response_for_log(Response), resource => ResourceId @@ -119,7 +125,7 @@ handle_response(Headers, Body) -> {error, Reason} = Error -> ?TRACE_AUTHN_PROVIDER( error, - "parse_scram_http_response_failed", + "parse_scram_restapi_response_failed", #{content_type => ContentType, body => Body, reason => Reason} ), Error diff --git a/apps/emqx_auth_http/src/emqx_authn_scram_http_schema.erl b/apps/emqx_auth_http/src/emqx_authn_scram_restapi_schema.erl similarity index 88% rename from apps/emqx_auth_http/src/emqx_authn_scram_http_schema.erl rename to apps/emqx_auth_http/src/emqx_authn_scram_restapi_schema.erl index ca43fe3a6..bf3398abb 100644 --- a/apps/emqx_auth_http/src/emqx_authn_scram_http_schema.erl +++ b/apps/emqx_auth_http/src/emqx_authn_scram_restapi_schema.erl @@ -2,7 +2,7 @@ %% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- --module(emqx_authn_scram_http_schema). +-module(emqx_authn_scram_restapi_schema). -behaviour(emqx_authn_schema). @@ -22,16 +22,16 @@ namespace() -> "authn". refs() -> - [?R_REF(scram_http_get), ?R_REF(scram_http_post)]. + [?R_REF(scram_restapi_get), ?R_REF(scram_restapi_post)]. select_union_member( #{<<"mechanism">> := ?AUTHN_MECHANISM_SCRAM_BIN, <<"backend">> := ?AUTHN_BACKEND_BIN} = Value ) -> case maps:get(<<"method">>, Value, undefined) of <<"get">> -> - [?R_REF(scram_http_get)]; + [?R_REF(scram_restapi_get)]; <<"post">> -> - [?R_REF(scramm_http_post)]; + [?R_REF(scram_restapi_post)]; Else -> throw(#{ reason => "unknown_http_method", @@ -43,20 +43,20 @@ select_union_member( select_union_member(_Value) -> undefined. -fields(scram_http_get) -> +fields(scram_restapi_get) -> [ {method, #{type => get, required => true, desc => ?DESC(emqx_authn_http_schema, method)}}, {headers, fun emqx_authn_http_schema:headers_no_content_type/1} ] ++ common_fields(); -fields(scram_http_post) -> +fields(scram_restapi_post) -> [ {method, #{type => post, required => true, desc => ?DESC(emqx_authn_http_schema, method)}}, {headers, fun emqx_authn_http_schema:headers/1} ] ++ common_fields(). -desc(scram_http_get) -> +desc(scram_restapi_get) -> ?DESC(emqx_authn_http_schema, get); -desc(scram_http_post) -> +desc(scram_restapi_post) -> ?DESC(emqx_authn_http_schema, post); desc(_) -> undefined. diff --git a/apps/emqx_auth_http/test/emqx_authn_scram_http_SUITE.erl b/apps/emqx_auth_http/test/emqx_authn_scram_restapi_SUITE.erl similarity index 96% rename from apps/emqx_auth_http/test/emqx_authn_scram_http_SUITE.erl rename to apps/emqx_auth_http/test/emqx_authn_scram_restapi_SUITE.erl index b00212cb1..8cd83f973 100644 --- a/apps/emqx_auth_http/test/emqx_authn_scram_http_SUITE.erl +++ b/apps/emqx_auth_http/test/emqx_authn_scram_restapi_SUITE.erl @@ -2,7 +2,7 @@ %% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- --module(emqx_authn_scram_http_SUITE). +-module(emqx_authn_scram_restapi_SUITE). -compile(export_all). -compile(nowarn_export_all). @@ -54,11 +54,11 @@ init_per_testcase(_Case, Config) -> [authentication], ?GLOBAL ), - {ok, _} = emqx_authn_scram_http_test_server:start_link(?HTTP_PORT, ?HTTP_PATH), + {ok, _} = emqx_authn_scram_restapi_test_server:start_link(?HTTP_PORT, ?HTTP_PATH), Config. end_per_testcase(_Case, _Config) -> - ok = emqx_authn_scram_http_test_server:stop(). + ok = emqx_authn_scram_restapi_test_server:stop(). %%------------------------------------------------------------------------------ %% Tests @@ -72,7 +72,9 @@ t_create(_Config) -> {create_authenticator, ?GLOBAL, AuthConfig} ), - {ok, [#{provider := emqx_authn_scram_http}]} = emqx_authn_chains:list_authenticators(?GLOBAL). + {ok, [#{provider := emqx_authn_scram_restapi}]} = emqx_authn_chains:list_authenticators( + ?GLOBAL + ). t_create_invalid(_Config) -> AuthConfig = raw_config(), @@ -329,7 +331,7 @@ test_is_superuser(State, ExpectedIsSuperuser) -> ClientFirstMessage = esasl_scram:client_first_message(Username), {continue, ServerFirstMessage, ServerCache} = - emqx_authn_scram_http:authenticate( + emqx_authn_scram_restapi:authenticate( #{ auth_method => <<"SCRAM-SHA-512">>, auth_data => ClientFirstMessage, @@ -349,7 +351,7 @@ test_is_superuser(State, ExpectedIsSuperuser) -> ), {ok, UserInfo1, ServerFinalMessage} = - emqx_authn_scram_http:authenticate( + emqx_authn_scram_restapi:authenticate( #{ auth_method => <<"SCRAM-SHA-512">>, auth_data => ClientFinalMessage, @@ -399,7 +401,7 @@ set_user_handler(Username, Password, IsSuperuser) -> ), {ok, Req, State} end, - ok = emqx_authn_scram_http_test_server:set_handler(Handler). + ok = emqx_authn_scram_restapi_test_server:set_handler(Handler). init_auth() -> init_auth(raw_config()). diff --git a/apps/emqx_auth_http/test/emqx_authn_scram_http_test_server.erl b/apps/emqx_auth_http/test/emqx_authn_scram_restapi_test_server.erl similarity index 98% rename from apps/emqx_auth_http/test/emqx_authn_scram_http_test_server.erl rename to apps/emqx_auth_http/test/emqx_authn_scram_restapi_test_server.erl index 5467df621..1e1432e0b 100644 --- a/apps/emqx_auth_http/test/emqx_authn_scram_http_test_server.erl +++ b/apps/emqx_auth_http/test/emqx_authn_scram_restapi_test_server.erl @@ -2,7 +2,7 @@ %% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved. %%-------------------------------------------------------------------- --module(emqx_authn_scram_http_test_server). +-module(emqx_authn_scram_restapi_test_server). -behaviour(supervisor). -behaviour(cowboy_handler). diff --git a/apps/emqx_conf/src/emqx_conf_schema_inject.erl b/apps/emqx_conf/src/emqx_conf_schema_inject.erl index 5c155bbf5..d94657325 100644 --- a/apps/emqx_conf/src/emqx_conf_schema_inject.erl +++ b/apps/emqx_conf/src/emqx_conf_schema_inject.erl @@ -51,7 +51,7 @@ authn_mods(ee) -> authn_mods(ce) ++ [ emqx_gcp_device_authn_schema, - emqx_authn_scram_http_schema + emqx_authn_scram_restapi_schema ]. authz() -> diff --git a/apps/emqx_gateway/src/emqx_gateway_api_authn.erl b/apps/emqx_gateway/src/emqx_gateway_api_authn.erl index 0707c12aa..c79bc8e61 100644 --- a/apps/emqx_gateway/src/emqx_gateway_api_authn.erl +++ b/apps/emqx_gateway/src/emqx_gateway_api_authn.erl @@ -383,7 +383,7 @@ schema_authn() -> emqx_dashboard_swagger:schema_with_examples( emqx_authn_schema:authenticator_type_without([ emqx_authn_scram_mnesia_schema, - emqx_authn_scram_http_schema + emqx_authn_scram_restapi_schema ]), emqx_authn_api:authenticator_examples() ). diff --git a/changes/ee/feat-13504.en.md b/changes/ee/feat-13504.en.md index c9b22f403..20b3aa1e2 100644 --- a/changes/ee/feat-13504.en.md +++ b/changes/ee/feat-13504.en.md @@ -1 +1,5 @@ Added a HTTP backend for the authentication mechanism `scram`. + +Note: This is not an implementation of the RFC 7804: Salted Challenge Response HTTP Authentication Mechanism. + +This backend is an implementation of scram that uses an external web resource as a source of user information.