yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(authn): fix raw authn configs

This commit is contained in:
Ilya Averyanov 2022-06-15 19:51:39 +03:00
parent e381e3698f
commit 2c5450e7f6
12 changed files with 230 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apps/emqx_authn/test/emqx_authn_http_SUITE.erl
View File

@ -84,8 +84,8 @@ t_create_invalid(_Config) ->
InvalidConfigs =
[
AuthConfig#{headers => []},
AuthConfig#{method => delete}
AuthConfig#{<<"headers">> => []},
AuthConfig#{<<"method">> => <<"delete">>}
],
lists:foreach(
@ -181,7 +181,7 @@ t_destroy(_Config) ->
t_update(_Config) ->
CorrectConfig = raw_http_auth_config(),
IncorrectConfig =
CorrectConfig#{url => <<"http://127.0.0.1:32333/invalid">>},
CorrectConfig#{<<"url">> => <<"http://127.0.0.1:32333/invalid">>},
{ok, _} = emqx:update_config(
?PATH,
@ -265,14 +265,14 @@ test_is_superuser({Kind, Value, ExpectedValue}) ->
raw_http_auth_config() ->
#{
mechanism => <<"password_based">>,
enable => <<"true">>,
<<"mechanism">> => <<"password_based">>,
<<"enable">> => <<"true">>,
backend => <<"http">>,
method => <<"get">>,
url => <<"http://127.0.0.1:32333/auth">>,
body => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
headers => #{<<"X-Test-Header">> => <<"Test Value">>}
<<"backend">> => <<"http">>,
<<"method">> => <<"get">>,
<<"url">> => <<"http://127.0.0.1:32333/auth">>,
<<"body">> => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
<<"headers">> => #{<<"X-Test-Header">> => <<"Test Value">>}
}.
samples() ->
@ -355,8 +355,8 @@ samples() ->
{ok, Req, State}
end,
config_params => #{
method => post,
headers => #{<<"content-type">> => <<"application/json">>}
<<"method">> => <<"post">>,
<<"headers">> => #{<<"content-type">> => <<"application/json">>}
},
result => {ok, #{is_superuser => false}}
},
@ -373,8 +373,8 @@ samples() ->
{ok, Req, State}
end,
config_params => #{
method => post,
headers => #{
<<"method">> => <<"post">>,
<<"headers">> => #{
<<"content-type">> =>
<<"application/x-www-form-urlencoded">>
}

18
apps/emqx_authn/test/emqx_authn_https_SUITE.erl
View File

@ -140,18 +140,18 @@ create_https_auth_with_ssl_opts(SpecificSSLOpts) ->
raw_https_auth_config(SpecificSSLOpts) ->
SSLOpts = maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}
#{<<"enable">> => <<"true">>}
),
#{
mechanism => <<"password_based">>,
enable => <<"true">>,
<<"mechanism">> => <<"password_based">>,
<<"enable">> => <<"true">>,
backend => <<"http">>,
method => <<"get">>,
url => <<"https://127.0.0.1:32334/auth">>,
body => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
headers => #{<<"X-Test-Header">> => <<"Test Value">>},
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
<<"backend">> => <<"http">>,
<<"method">> => <<"get">>,
<<"url">> => <<"https://127.0.0.1:32334/auth">>,
<<"body">> => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD},
<<"headers">> => #{<<"X-Test-Header">> => <<"Test Value">>},
<<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
}.
start_apps(Apps) ->

16
apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
View File

@ -492,14 +492,14 @@ generate_jws('public-key', Payload, PrivateKey) ->
JWS.
client_ssl_opts() ->
maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{
enable => true,
verify => verify_peer,
server_name_indication => "authn-server"
}
).
#{
keyfile => cert_file("client.key"),
certfile => cert_file("client.crt"),
cacertfile => cert_file("ca.crt"),
enable => true,
verify => verify_peer,
server_name_indication => "authn-server"
}.
server_ssl_opts() ->
[

64
apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl
View File

@ -83,9 +83,9 @@ t_create_invalid(_Config) ->
InvalidConfigs =
[
AuthConfig#{mongo_type => <<"unknown">>},
AuthConfig#{filter => <<"{ \"username\": \"${username}\" }">>},
AuthConfig#{w_mode => <<"unknown">>}
AuthConfig#{<<"mongo_type">> => <<"unknown">>},
AuthConfig#{<<"filter">> => <<"{ \"username\": \"${username}\" }">>},
AuthConfig#{<<"w_mode">> => <<"unknown">>}
],
lists:foreach(
@ -180,7 +180,7 @@ t_update(_Config) ->
ok = init_seeds(),
CorrectConfig = raw_mongo_auth_config(),
IncorrectConfig =
CorrectConfig#{filter => #{<<"wrongfield">> => <<"wrongvalue">>}},
CorrectConfig#{<<"filter">> => #{<<"wrongfield">> => <<"wrongvalue">>}},
{ok, _} = emqx:update_config(
?PATH,
@ -265,24 +265,24 @@ test_is_superuser({Value, ExpectedValue}) ->
raw_mongo_auth_config() ->
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"mongodb">>,
mongo_type => <<"single">>,
database => <<"mqtt">>,
collection => <<"users">>,
server => mongo_server(),
w_mode => <<"unsafe">>,
<<"backend">> => <<"mongodb">>,
<<"mongo_type">> => <<"single">>,
<<"database">> => <<"mqtt">>,
<<"collection">> => <<"users">>,
<<"server">> => mongo_server(),
<<"w_mode">> => <<"unsafe">>,
filter => #{<<"username">> => <<"${username}">>},
password_hash_field => <<"password_hash">>,
salt_field => <<"salt">>,
is_superuser_field => <<"is_superuser">>
<<"filter">> => #{<<"username">> => <<"${username}">>},
<<"password_hash_field">> => <<"password_hash">>,
<<"salt_field">> => <<"salt">>,
<<"is_superuser_field">> => <<"is_superuser">>
}.
user_seeds() ->
@ -314,9 +314,9 @@ user_seeds() ->
password => <<"md5">>
},
config_params => #{
password_hash_algorithm => #{
name => <<"md5">>,
salt_position => <<"suffix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"md5">>,
<<"salt_position">> => <<"suffix">>
}
},
result => {ok, #{is_superuser => false}}
@ -335,10 +335,10 @@ user_seeds() ->
password => <<"sha256">>
},
config_params => #{
filter => #{<<"username">> => <<"${clientid}">>},
password_hash_algorithm => #{
name => <<"sha256">>,
salt_position => <<"prefix">>
<<"filter">> => #{<<"username">> => <<"${clientid}">>},
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"prefix">>
}
},
result => {ok, #{is_superuser => true}}
@ -357,7 +357,7 @@ user_seeds() ->
password => <<"bcrypt">>
},
config_params => #{
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {ok, #{is_superuser => false}}
},
@ -376,8 +376,8 @@ user_seeds() ->
},
config_params => #{
% clientid variable & username credentials
filter => #{<<"username">> => <<"${clientid}">>},
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"filter">> => #{<<"username">> => <<"${clientid}">>},
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -395,8 +395,8 @@ user_seeds() ->
password => <<"bcrypt">>
},
config_params => #{
filter => #{<<"userid">> => <<"${clientid}">>},
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"filter">> => #{<<"userid">> => <<"${clientid}">>},
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -415,7 +415,7 @@ user_seeds() ->
password => <<"wrongpass">>
},
config_params => #{
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, bad_username_or_password}
}

40
apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl
View File

@ -171,33 +171,33 @@ create_mongo_auth_with_ssl_opts(SpecificSSLOpts) ->
raw_mongo_auth_config(SpecificSSLOpts) ->
SSLOpts = maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}
#{<<"enable">> => <<"true">>}
),
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"mongodb">>,
pool_size => 2,
mongo_type => <<"single">>,
database => <<"mqtt">>,
collection => <<"users">>,
server => mongo_server(),
w_mode => <<"unsafe">>,
<<"backend">> => <<"mongodb">>,
<<"pool_size">> => 2,
<<"mongo_type">> => <<"single">>,
<<"database">> => <<"mqtt">>,
<<"collection">> => <<"users">>,
<<"server">> => mongo_server(),
<<"w_mode">> => <<"unsafe">>,
filter => #{<<"username">> => <<"${username}">>},
password_hash_field => <<"password_hash">>,
salt_field => <<"salt">>,
is_superuser_field => <<"is_superuser">>,
topology => #{
server_selection_timeout_ms => <<"10000ms">>
<<"filter">> => #{<<"username">> => <<"${username}">>},
<<"password_hash_field">> => <<"password_hash">>,
<<"salt_field">> => <<"salt">>,
<<"is_superuser_field">> => <<"is_superuser">>,
<<"topology">> => #{
<<"server_selection_timeout_ms">> => <<"10000ms">>
},
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
<<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
}.
mongo_server() ->

64
apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl
View File

@ -100,10 +100,10 @@ t_create_invalid(_Config) ->
InvalidConfigs =
[
maps:without([server], AuthConfig),
AuthConfig#{server => <<"unknownhost:3333">>},
AuthConfig#{password => <<"wrongpass">>},
AuthConfig#{database => <<"wrongdatabase">>}
maps:without([<<"server">>], AuthConfig),
AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
AuthConfig#{<<"password">> => <<"wrongpass">>},
AuthConfig#{<<"database">> => <<"wrongdatabase">>}
],
lists:foreach(
@ -194,7 +194,7 @@ t_update(_Config) ->
CorrectConfig = raw_mysql_auth_config(),
IncorrectConfig =
CorrectConfig#{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_str as is_superuser\n"
" FROM wrong_table where username = ${username} LIMIT 1"
@ -236,24 +236,24 @@ t_update(_Config) ->
raw_mysql_auth_config() ->
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"mysql">>,
database => <<"mqtt">>,
username => <<"root">>,
password => <<"public">>,
<<"backend">> => <<"mysql">>,
<<"database">> => <<"mqtt">>,
<<"username">> => <<"root">>,
<<"password">> => <<"public">>,
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_str as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
server => mysql_server()
<<"server">> => mysql_server()
}.
user_seeds() ->
@ -285,9 +285,9 @@ user_seeds() ->
password => <<"md5">>
},
config_params => #{
password_hash_algorithm => #{
name => <<"md5">>,
salt_position => <<"suffix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"md5">>,
<<"salt_position">> => <<"suffix">>
}
},
result => {ok, #{is_superuser => false}}
@ -305,14 +305,14 @@ user_seeds() ->
password => <<"sha256">>
},
config_params => #{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${clientid} LIMIT 1"
>>,
password_hash_algorithm => #{
name => <<"sha256">>,
salt_position => <<"prefix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"prefix">>
}
},
result => {ok, #{is_superuser => true}}
@ -330,12 +330,12 @@ user_seeds() ->
password => <<"bcrypt">>
},
config_params => #{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {ok, #{is_superuser => false}}
},
@ -351,12 +351,12 @@ user_seeds() ->
password => <<"bcrypt">>
},
config_params => #{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {ok, #{is_superuser => false}}
},
@ -374,12 +374,12 @@ user_seeds() ->
},
config_params => #{
% clientid variable & username credentials
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${clientid} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -397,12 +397,12 @@ user_seeds() ->
},
config_params => #{
% Bad keys in query
query =>
<<"query">> =>
<<
"SELECT 1 AS unknown_field\n"
" FROM users where username = ${username} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -420,7 +420,7 @@ user_seeds() ->
password => <<"wrongpass">>
},
config_params => #{
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, bad_username_or_password}
}

26
apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl
View File

@ -131,28 +131,28 @@ create_mysql_auth_with_ssl_opts(SpecificSSLOpts) ->
raw_mysql_auth_config(SpecificSSLOpts) ->
SSLOpts = maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}
#{<<"enable">> => <<"true">>}
),
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"mysql">>,
database => <<"mqtt">>,
username => <<"root">>,
password => <<"public">>,
<<"backend">> => <<"mysql">>,
<<"database">> => <<"mqtt">>,
<<"username">> => <<"root">>,
<<"password">> => <<"public">>,
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_str as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
server => mysql_server(),
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
<<"server">> => mysql_server(),
<<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
}.
mysql_server() ->

62
apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl
View File

@ -101,10 +101,10 @@ t_create_invalid(_Config) ->
InvalidConfigs =
[
maps:without([server], AuthConfig),
AuthConfig#{server => <<"unknownhost:3333">>},
AuthConfig#{password => <<"wrongpass">>},
AuthConfig#{database => <<"wrongdatabase">>}
maps:without([<<"server">>], AuthConfig),
AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
AuthConfig#{<<"password">> => <<"wrongpass">>},
AuthConfig#{<<"database">> => <<"wrongdatabase">>}
],
lists:foreach(
@ -195,7 +195,7 @@ t_update(_Config) ->
CorrectConfig = raw_pgsql_auth_config(),
IncorrectConfig =
CorrectConfig#{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_str as is_superuser\n"
" FROM users where username = ${username} LIMIT 0"
@ -274,7 +274,7 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
" as is_superuser "
"FROM users where username = ${username} LIMIT 1",
Config = maps:put(query, Query, raw_pgsql_auth_config()),
Config = maps:put(<<"query">>, Query, raw_pgsql_auth_config()),
{ok, _} = emqx:update_config(
?PATH,
{update_authenticator, ?GLOBAL, <<"password_based:postgresql">>, Config}
@ -298,24 +298,24 @@ test_is_superuser({Field, Value, ExpectedValue}) ->
raw_pgsql_auth_config() ->
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"postgresql">>,
database => <<"mqtt">>,
username => <<"root">>,
password => <<"public">>,
<<"backend">> => <<"postgresql">>,
<<"database">> => <<"mqtt">>,
<<"username">> => <<"root">>,
<<"password">> => <<"public">>,
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_str as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
server => pgsql_server()
<<"server">> => pgsql_server()
}.
user_seeds() ->
@ -347,9 +347,9 @@ user_seeds() ->
password => <<"md5">>
},
config_params => #{
password_hash_algorithm => #{
name => <<"md5">>,
salt_position => <<"suffix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"md5">>,
<<"salt_position">> => <<"suffix">>
}
},
result => {ok, #{is_superuser => false}}
@ -367,14 +367,14 @@ user_seeds() ->
password => <<"sha256">>
},
config_params => #{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${clientid} LIMIT 1"
>>,
password_hash_algorithm => #{
name => <<"sha256">>,
salt_position => <<"prefix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"prefix">>
}
},
result => {ok, #{is_superuser => true}}
@ -392,12 +392,12 @@ user_seeds() ->
password => <<"bcrypt">>
},
config_params => #{
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${username} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {ok, #{is_superuser => false}}
},
@ -415,12 +415,12 @@ user_seeds() ->
},
config_params => #{
% clientid variable & username credentials
query =>
<<"query">> =>
<<
"SELECT password_hash, salt, is_superuser_int as is_superuser\n"
" FROM users where username = ${clientid} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -438,12 +438,12 @@ user_seeds() ->
},
config_params => #{
% Bad keys in query
query =>
<<"query">> =>
<<
"SELECT 1 AS unknown_field\n"
" FROM users where username = ${username} LIMIT 1"
>>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -461,7 +461,7 @@ user_seeds() ->
password => <<"wrongpass">>
},
config_params => #{
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, bad_username_or_password}
}

26
apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl
View File

@ -131,24 +131,24 @@ create_pgsql_auth_with_ssl_opts(SpecificSSLOpts) ->
raw_pgsql_auth_config(SpecificSSLOpts) ->
SSLOpts = maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}
#{<<"enable">> => <<"true">>}
),
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"postgresql">>,
database => <<"mqtt">>,
username => <<"root">>,
password => <<"public">>,
<<"backend">> => <<"postgresql">>,
<<"database">> => <<"mqtt">>,
<<"username">> => <<"root">>,
<<"password">> => <<"public">>,
query => <<"SELECT 1">>,
server => pgsql_server(),
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
<<"query">> => <<"SELECT 1">>,
<<"server">> => pgsql_server(),
<<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
}.
pgsql_server() ->

84
apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
View File

@ -102,16 +102,16 @@ t_create_invalid(_Config) ->
InvalidConfigs =
[
AuthConfig#{
cmd => <<"MGET password_hash:${username} salt:${username}">>
<<"cmd">> => <<"MGET password_hash:${username} salt:${username}">>
},
AuthConfig#{
cmd => <<"HMGET mqtt_user:${username} password_hash invalid_field">>
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash invalid_field">>
},
AuthConfig#{
cmd => <<"HMGET mqtt_user:${username} salt is_superuser">>
<<"cmd">> => <<"HMGET mqtt_user:${username} salt is_superuser">>
},
AuthConfig#{
cmd => <<"HGETALL mqtt_user:${username} salt is_superuser">>
<<"cmd">> => <<"HGETALL mqtt_user:${username} salt is_superuser">>
}
],
lists:foreach(
@ -131,10 +131,10 @@ t_create_invalid(_Config) ->
InvalidConfigs1 =
[
maps:without([server], AuthConfig),
AuthConfig#{server => <<"unknownhost:3333">>},
AuthConfig#{password => <<"wrongpass">>},
AuthConfig#{database => <<"5678">>}
maps:without([<<"server">>], AuthConfig),
AuthConfig#{<<"server">> => <<"unknownhost:3333">>},
AuthConfig#{<<"password">> => <<"wrongpass">>},
AuthConfig#{<<"database">> => <<"5678">>}
],
lists:foreach(
@ -225,7 +225,7 @@ t_update(_Config) ->
CorrectConfig = raw_redis_auth_config(),
IncorrectConfig =
CorrectConfig#{
cmd => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>
<<"cmd">> => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>
},
{ok, _} = emqx:update_config(
@ -263,19 +263,19 @@ t_update(_Config) ->
raw_redis_auth_config() ->
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"redis">>,
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
database => <<"1">>,
password => <<"public">>,
redis_type => <<"single">>,
server => redis_server()
<<"backend">> => <<"redis">>,
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
<<"database">> => <<"1">>,
<<"password">> => <<"public">>,
<<"redis_type">> => <<"single">>,
<<"server">> => redis_server()
}.
user_seeds() ->
@ -307,9 +307,9 @@ user_seeds() ->
},
key => <<"mqtt_user:md5">>,
config_params => #{
password_hash_algorithm => #{
name => <<"md5">>,
salt_position => <<"suffix">>
<<"password_hash_algorithm">> => #{
<<"name">> => <<"md5">>,
<<"salt_position">> => <<"suffix">>
}
},
result => {ok, #{is_superuser => false}}
@ -328,10 +328,10 @@ user_seeds() ->
},
key => <<"mqtt_user:sha256">>,
config_params => #{
cmd => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
password_hash_algorithm => #{
name => <<"sha256">>,
salt_position => <<"prefix">>
<<"cmd">> => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"prefix">>
}
},
result => {ok, #{is_superuser => true}}
@ -349,10 +349,10 @@ user_seeds() ->
},
key => <<"mqtt_user:sha256_no_salt">>,
config_params => #{
cmd => <<"HMGET mqtt_user:${clientid} password_hash is_superuser">>,
password_hash_algorithm => #{
name => <<"sha256">>,
salt_position => <<"disable">>
<<"cmd">> => <<"HMGET mqtt_user:${clientid} password_hash is_superuser">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"disable">>
}
},
result => {ok, #{is_superuser => true}}
@ -371,7 +371,7 @@ user_seeds() ->
},
key => <<"mqtt_user:bcrypt">>,
config_params => #{
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {ok, #{is_superuser => false}}
},
@ -387,10 +387,10 @@ user_seeds() ->
},
key => <<"mqtt_user:pbkdf2">>,
config_params => #{
password_hash_algorithm => #{
name => <<"pbkdf2">>,
iterations => 2,
mac_fun => sha
<<"password_hash_algorithm">> => #{
<<"name">> => <<"pbkdf2">>,
<<"iterations">> => <<"2">>,
<<"mac_fun">> => <<"sha">>
}
},
result => {ok, #{is_superuser => false}}
@ -409,8 +409,8 @@ user_seeds() ->
key => <<"mqtt_user:bcrypt0">>,
config_params => #{
% clientid variable & username credentials
cmd => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"cmd">> => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -429,8 +429,8 @@ user_seeds() ->
key => <<"mqtt_user:bcrypt1">>,
config_params => #{
% Bad key in cmd
cmd => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"cmd">> => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, not_authorized}
},
@ -449,8 +449,8 @@ user_seeds() ->
},
key => <<"mqtt_user:bcrypt2">>,
config_params => #{
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
password_hash_algorithm => #{name => <<"bcrypt">>}
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
},
result => {error, bad_username_or_password}
}

26
apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl
View File

@ -130,23 +130,23 @@ create_redis_auth_with_ssl_opts(SpecificSSLOpts) ->
raw_redis_auth_config(SpecificSSLOpts) ->
SSLOpts = maps:merge(
emqx_authn_test_lib:client_ssl_cert_opts(),
#{enable => <<"true">>}
#{<<"enable">> => <<"true">>}
),
#{
mechanism => <<"password_based">>,
password_hash_algorithm => #{
name => <<"plain">>,
salt_position => <<"suffix">>
<<"mechanism">> => <<"password_based">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"plain">>,
<<"salt_position">> => <<"suffix">>
},
enable => <<"true">>,
<<"enable">> => <<"true">>,
backend => <<"redis">>,
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
database => <<"1">>,
password => <<"public">>,
server => redis_server(),
redis_type => <<"single">>,
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
<<"backend">> => <<"redis">>,
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
<<"database">> => <<"1">>,
<<"password">> => <<"public">>,
<<"server">> => redis_server(),
<<"redis_type">> => <<"single">>,
<<"ssl">> => maps:merge(SSLOpts, SpecificSSLOpts)
}.
redis_server() ->

6
apps/emqx_authn/test/emqx_authn_test_lib.erl
View File

@ -62,7 +62,7 @@ delete_config(ID) ->
client_ssl_cert_opts() ->
Dir = code:lib_dir(emqx_authn, test),
#{
keyfile => filename:join([Dir, "data/certs", "client.key"]),
certfile => filename:join([Dir, "data/certs", "client.crt"]),
cacertfile => filename:join([Dir, "data/certs", "ca.crt"])
<<"keyfile">> => filename:join([Dir, <<"data/certs">>, <<"client.key">>]),
<<"certfile">> => filename:join([Dir, <<"data/certs">>, <<"client.crt">>]),
<<"cacertfile">> => filename:join([Dir, <<"data/certs">>, <<"ca.crt">>])
}.