From 6e03a7c68641858077ec269711469907b74fa89c Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@gmail.com>
Date: Thu, 5 May 2022 10:43:35 +0800
Subject: [PATCH] fix(authn): use a random group id to void data overlap

---
 apps/emqx/src/emqx_authentication.erl         | 19 ++++++++++++++++---
 .../src/simple_authn/emqx_authn_mnesia.erl    | 13 ++++++++-----
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/apps/emqx/src/emqx_authentication.erl b/apps/emqx/src/emqx_authentication.erl
index 5a219d043..35f4139c4 100644
--- a/apps/emqx/src/emqx_authentication.erl
+++ b/apps/emqx/src/emqx_authentication.erl
@@ -550,11 +550,12 @@ handle_update_authenticator(Chain, AuthenticatorID, Config) ->
         #authenticator{provider = Provider, state = ST} = Authenticator ->
             case AuthenticatorID =:= authenticator_id(Config) of
                 true ->
-                    case Provider:update(Config, ST) of
+                    NConfig = insert_user_group(Chain, Config),
+                    case Provider:update(NConfig, ST) of
                         {ok, NewST} ->
                             NewAuthenticator = Authenticator#authenticator{
                                 state = NewST,
-                                enable = maps:get(enable, Config)
+                                enable = maps:get(enable, NConfig)
                             },
                             NewAuthenticators = replace_authenticator(
                                 AuthenticatorID,
@@ -603,7 +604,8 @@ handle_create_authenticator(Chain, Config, Providers) ->
         true ->
             {error, {already_exists, {authenticator, AuthenticatorID}}};
         false ->
-            case do_create_authenticator(AuthenticatorID, Config, Providers) of
+            NConfig = insert_user_group(Chain, Config),
+            case do_create_authenticator(AuthenticatorID, NConfig, Providers) of
                 {ok, Authenticator} ->
                     NAuthenticators =
                         Authenticators ++
@@ -861,6 +863,17 @@ authn_type(#{mechanism := Mechanism, backend := Backend}) ->
 authn_type(#{mechanism := Mechanism}) ->
     Mechanism.
 
+insert_user_group(
+    Chain,
+    Config = #{
+        mechanism := password_based,
+        backend := built_in_database
+    }
+) ->
+    Config#{user_group => Chain#chain.name};
+insert_user_group(_Chain, Config) ->
+    Config.
+
 to_list(undefined) -> [];
 to_list(M) when M =:= #{} -> [];
 to_list(M) when is_map(M) -> [M];
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
index ef9d154d1..88a7aca77 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
@@ -128,23 +128,26 @@ user_id_type(_) -> undefined.
 refs() ->
     [hoconsc:ref(?MODULE, ?CONF_NS)].
 
+create(_AuthenticatorID, Config) ->
+    create(Config).
+
 create(
-    AuthenticatorID,
     #{
         user_id_type := Type,
-        password_hash_algorithm := Algorithm
+        password_hash_algorithm := Algorithm,
+        user_group := UserGroup
     }
 ) ->
     ok = emqx_authn_password_hashing:init(Algorithm),
     State = #{
-        user_group => AuthenticatorID,
+        user_group => UserGroup,
         user_id_type => Type,
         password_hash_algorithm => Algorithm
     },
     {ok, State}.
 
-update(Config, #{user_group := ID}) ->
-    create(ID, Config).
+update(Config, _State) ->
+    create(Config).
 
 authenticate(#{auth_method := _}, _) ->
     ignore;