yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(jwt): fix chain interruption

This commit is contained in:
zhouzb 2021-06-09 10:36:06 +08:00
parent 0c237bf797
commit 2bfb7f74df
1 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
apps/emqx_authentication/src/emqx_authentication_jwt.erl
View File

@ -113,17 +113,20 @@ update(_ChainID, _ServiceName, Params, State) ->
end. end.
authenticate(ClientInfo = #{password := JWT}, #{jwk := JWK, authenticate(ClientInfo = #{password := JWT}, #{jwk := JWK,
jwks_connector := Connector,
verify_claims := VerifyClaims0}) -> verify_claims := VerifyClaims0}) ->
JWKs = case Connector of JWKs = case erlang:is_pid(JWK) of
undefined -> false ->
[JWK]; [JWK];
_ -> true ->
{ok, JWKs0} = emqx_authentication_jwks_connector:get_jwks(Connector), {ok, JWKs0} = emqx_authentication_jwks_connector:get_jwks(JWK),
JWKs0 JWKs0
end, end,
VerifyClaims = replace_placeholder(VerifyClaims0, ClientInfo), VerifyClaims = replace_placeholder(VerifyClaims0, ClientInfo),
verify(JWT, JWKs, VerifyClaims). case verify(JWT, JWKs, VerifyClaims) of
ok -> ok;
{error, invalid_signature} -> ignore;
{error, {claims, _}} -> {stop, bad_passowrd}
end.
destroy(#{jwks_connector := undefined}) -> destroy(#{jwks_connector := undefined}) ->
ok; ok;
@ -138,8 +141,7 @@ destroy(#{jwks_connector := Connector}) ->
do_create(#{use_jwks := false, do_create(#{use_jwks := false,
algorithm := 'hmac-based', algorithm := 'hmac-based',
secret := Secret0, secret := Secret0,
secret_base64_encoded := Base64Encoded, secret_base64_encoded := Base64Encoded} = Opts) ->
verify_claims := VerifyClaims}) ->
Secret = case Base64Encoded of Secret = case Base64Encoded of
true -> true ->
base64:decode(Secret0); base64:decode(Secret0);
@ -148,23 +150,20 @@ do_create(#{use_jwks := false,
end, end,
JWK = jose_jwk:from_oct(Secret), JWK = jose_jwk:from_oct(Secret),
{ok, #{jwk => JWK, {ok, #{jwk => JWK,
jwks_connector => undefined, verify_claims => maps:get(verify_claims, Opts)}};
verify_claims => VerifyClaims}};
do_create(#{use_jwks := false, do_create(#{use_jwks := false,
algorithm := 'public-key', algorithm := 'public-key',
jwt_certfile := Certfile, jwt_certfile := Certfile} = Opts) ->
verify_claims := VerifyClaims}) ->
JWK = jose_jwk:from_pem_file(Certfile), JWK = jose_jwk:from_pem_file(Certfile),
{ok, #{jwk => JWK, {ok, #{jwk => JWK,
jwks_connector => undefined, verify_claims => maps:get(verify_claims, Opts)}};
verify_claims => VerifyClaims}};
do_create(#{use_jwks := true, do_create(#{use_jwks := true} = Opts) ->
verify_claims := VerifyClaims} = Opts) ->
case emqx_authentication_jwks_connector:start_link(Opts) of case emqx_authentication_jwks_connector:start_link(Opts) of
{ok, Connector} -> {ok, Connector} ->
{ok, #{jwk => undefined, {ok, #{jwk => Connector,
jwks_connector => Connector, verify_claims => maps:get(verify_claims, Opts)}};
verify_claims => VerifyClaims}};
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end. end.