Merge pull request #7591 from HJianBo/fix-gw-authn
chore: remove scram authenticator for all gateway
This commit is contained in:
JianBo He
GitHub
commit
5589e6e51a
|
|
@ -25,6 +25,7 @@
|
||||||
roots/0,
|
roots/0,
|
||||||
fields/1,
|
fields/1,
|
||||||
authenticator_type/0,
|
authenticator_type/0,
|
||||||
|
authenticator_type_without_scram/0,
|
||||||
root_type/0,
|
root_type/0,
|
||||||
mechanism/1,
|
mechanism/1,
|
||||||
backend/1
|
backend/1
|
||||||
|
|
@ -43,6 +44,22 @@ enable(_) -> undefined.
|
||||||
authenticator_type() ->
|
authenticator_type() ->
|
||||||
hoconsc:union(config_refs([Module || {_AuthnType, Module} <- emqx_authn:providers()])).
|
hoconsc:union(config_refs([Module || {_AuthnType, Module} <- emqx_authn:providers()])).
|
||||||
|
|
||||||
|
authenticator_type_without_scram() ->
|
||||||
|
Providers = lists:filter(
|
||||||
|
fun
|
||||||
|
({{password_based, _Backend}, _Mod}) ->
|
||||||
|
true;
|
||||||
|
({jwt, _Mod}) ->
|
||||||
|
true;
|
||||||
|
({{scram, _Backend}, _Mod}) ->
|
||||||
|
false
|
||||||
|
end,
|
||||||
|
emqx_authn:providers()
|
||||||
|
),
|
||||||
|
hoconsc:union(
|
||||||
|
config_refs([Module || {_AuthnType, Module} <- Providers])
|
||||||
|
).
|
||||||
|
|
||||||
config_refs(Modules) ->
|
config_refs(Modules) ->
|
||||||
lists:append([Module:refs() || Module <- Modules]).
|
lists:append([Module:refs() || Module <- Modules]).
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -231,10 +231,14 @@ properties(M) when is_map(M) ->
|
||||||
value => stringfy(V)} | Acc]
|
value => stringfy(V)} | Acc]
|
||||||
end, [], M).
|
end, [], M).
|
||||||
|
|
||||||
conninfo(_ConnInfo =
|
conninfo(ConnInfo =
|
||||||
#{clientid := ClientId, username := Username, peername := {Peerhost, _},
|
#{clientid := ClientId,
|
||||||
sockname := {_, SockPort}, proto_name := ProtoName, proto_ver := ProtoVer,
|
peername := {Peerhost, _},
|
||||||
keepalive := Keepalive}) ->
|
sockname := {_, SockPort}}) ->
|
||||||
|
Username = maps:get(username, ConnInfo, undefined),
|
||||||
|
ProtoName = maps:get(proto_name, ConnInfo, undefined),
|
||||||
|
ProtoVer = maps:get(proto_ver, ConnInfo, undefined),
|
||||||
|
Keepalive = maps:get(keepalive, ConnInfo, 0),
|
||||||
#{node => stringfy(node()),
|
#{node => stringfy(node()),
|
||||||
clientid => ClientId,
|
clientid => ClientId,
|
||||||
username => maybe(Username),
|
username => maybe(Username),
|
||||||
|
|
|
||||||
|
|
@ -433,6 +433,6 @@ params_fuzzy_in_qs() ->
|
||||||
|
|
||||||
schema_authn() ->
|
schema_authn() ->
|
||||||
emqx_dashboard_swagger:schema_with_examples(
|
emqx_dashboard_swagger:schema_with_examples(
|
||||||
emqx_authn_schema:authenticator_type(),
|
emqx_authn_schema:authenticator_type_without_scram(),
|
||||||
emqx_authn_api:authenticator_examples()
|
emqx_authn_api:authenticator_examples()
|
||||||
).
|
).
|
||||||
|
|
|
||||||
|
|
@ -211,7 +211,7 @@ authn(GwName) ->
|
||||||
ChainName = emqx_gateway_utils:global_chain(GwName),
|
ChainName = emqx_gateway_utils:global_chain(GwName),
|
||||||
wrap_chain_name(
|
wrap_chain_name(
|
||||||
ChainName,
|
ChainName,
|
||||||
emqx_map_lib:jsonable_map(emqx:get_config(Path))
|
emqx_map_lib:jsonable_map(emqx:get_raw_config(Path))
|
||||||
).
|
).
|
||||||
|
|
||||||
-spec authn(gateway_name(), binary()) -> map().
|
-spec authn(gateway_name(), binary()) -> map().
|
||||||
|
|
@ -221,7 +221,7 @@ authn(GwName, ListenerId) ->
|
||||||
ChainName = emqx_gateway_utils:listener_chain(GwName, Type, Name),
|
ChainName = emqx_gateway_utils:listener_chain(GwName, Type, Name),
|
||||||
wrap_chain_name(
|
wrap_chain_name(
|
||||||
ChainName,
|
ChainName,
|
||||||
emqx_map_lib:jsonable_map(emqx:get_config(Path))
|
emqx_map_lib:jsonable_map(emqx:get_raw_config(Path))
|
||||||
).
|
).
|
||||||
|
|
||||||
wrap_chain_name(ChainName, Conf) ->
|
wrap_chain_name(ChainName, Conf) ->
|
||||||
|
|
|
||||||
|
|
@ -363,8 +363,7 @@ auth_connect(
|
||||||
username => Username,
|
username => Username,
|
||||||
reason => Reason
|
reason => Reason
|
||||||
}),
|
}),
|
||||||
%% FIXME: ReasonCode?
|
{error, name_to_returncode(Reason)}
|
||||||
{error, Reason}
|
|
||||||
end.
|
end.
|
||||||
|
|
||||||
ensure_connected(
|
ensure_connected(
|
||||||
|
|
@ -2331,3 +2330,6 @@ returncode_name(?SN_RC2_KEEPALIVE_TIMEOUT) -> rejected_keepalive_timeout;
|
||||||
returncode_name(?SN_RC2_EXCEED_LIMITATION) -> rejected_exceed_limitation;
|
returncode_name(?SN_RC2_EXCEED_LIMITATION) -> rejected_exceed_limitation;
|
||||||
returncode_name(?SN_RC2_REACHED_MAX_RETRY) -> reached_max_retry_times;
|
returncode_name(?SN_RC2_REACHED_MAX_RETRY) -> reached_max_retry_times;
|
||||||
returncode_name(_) -> accepted.
|
returncode_name(_) -> accepted.
|
||||||
|
|
||||||
|
name_to_returncode(not_authorized) -> ?SN_RC2_NOT_AUTHORIZE;
|
||||||
|
name_to_returncode(_) -> ?SN_RC2_NOT_AUTHORIZE.
|
||||||
|
|
|
||||||
|
|
@ -159,7 +159,7 @@ t_case_lwm2m(_) ->
|
||||||
|
|
||||||
-define(SN_CONNACK, 16#05).
|
-define(SN_CONNACK, 16#05).
|
||||||
|
|
||||||
t_case_emqx_sn(_) ->
|
t_case_mqttsn(_) ->
|
||||||
Mod = emqx_sn_protocol_SUITE,
|
Mod = emqx_sn_protocol_SUITE,
|
||||||
Login = fun(Username, Password, Expect) ->
|
Login = fun(Username, Password, Expect) ->
|
||||||
RawCfg = emqx_conf:get_raw([gateway, mqttsn], #{}),
|
RawCfg = emqx_conf:get_raw([gateway, mqttsn], #{}),
|
||||||
|
|
@ -180,7 +180,7 @@ t_case_emqx_sn(_) ->
|
||||||
end
|
end
|
||||||
)
|
)
|
||||||
end,
|
end,
|
||||||
Login(<<"badadmin">>, <<"badpassowrd">>, <<>>),
|
Login(<<"badadmin">>, <<"badpassowrd">>, <<3, ?SN_CONNACK, 16#80>>),
|
||||||
Login(<<"admin">>, <<"public">>, <<3, ?SN_CONNACK, 0>>),
|
Login(<<"admin">>, <<"public">>, <<3, ?SN_CONNACK, 0>>),
|
||||||
ok.
|
ok.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue