fix(authn): use a random group id to void data overlap

2022-05-05 10:43:35 +08:00 · 2022-05-05 10:43:35 +08:00 · 6e03a7c686
parent 62d448fb28
commit 6e03a7c686
2 changed files with 24 additions and 8 deletions
--- a/apps/emqx/src/emqx_authentication.erl
+++ b/apps/emqx/src/emqx_authentication.erl
@ -550,11 +550,12 @@ handle_update_authenticator(Chain, AuthenticatorID, Config) ->
        #authenticator{provider = Provider, state = ST} = Authenticator ->
            case AuthenticatorID =:= authenticator_id(Config) of
                true ->
-                    case Provider:update(Config, ST) of
+                    NConfig = insert_user_group(Chain, Config),
+                    case Provider:update(NConfig, ST) of
                        {ok, NewST} ->
                            NewAuthenticator = Authenticator#authenticator{
                                state = NewST,
-                                enable = maps:get(enable, Config)
+                                enable = maps:get(enable, NConfig)
                            },
                            NewAuthenticators = replace_authenticator(
                                AuthenticatorID,
@ -603,7 +604,8 @@ handle_create_authenticator(Chain, Config, Providers) ->
        true ->
            {error, {already_exists, {authenticator, AuthenticatorID}}};
        false ->
-            case do_create_authenticator(AuthenticatorID, Config, Providers) of
+            NConfig = insert_user_group(Chain, Config),
+            case do_create_authenticator(AuthenticatorID, NConfig, Providers) of
                {ok, Authenticator} ->
                    NAuthenticators =
                        Authenticators ++
@ -861,6 +863,17 @@ authn_type(#{mechanism := Mechanism, backend := Backend}) ->
 authn_type(#{mechanism := Mechanism}) ->
    Mechanism.

+insert_user_group(
+    Chain,
+    Config = #{
+        mechanism := password_based,
+        backend := built_in_database
+    }
+) ->
+    Config#{user_group => Chain#chain.name};
+insert_user_group(_Chain, Config) ->
+    Config.
+
 to_list(undefined) -> [];
 to_list(M) when M =:= #{} -> [];
 to_list(M) when is_map(M) -> [M];
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
@ -128,23 +128,26 @@ user_id_type(_) -> undefined.
 refs() ->
    [hoconsc:ref(?MODULE, ?CONF_NS)].

+create(_AuthenticatorID, Config) ->
+    create(Config).
+
 create(
-    AuthenticatorID,
    #{
        user_id_type := Type,
-        password_hash_algorithm := Algorithm
+        password_hash_algorithm := Algorithm,
+        user_group := UserGroup
    }
 ) ->
    ok = emqx_authn_password_hashing:init(Algorithm),
    State = #{
-        user_group => AuthenticatorID,
+        user_group => UserGroup,
        user_id_type => Type,
        password_hash_algorithm => Algorithm
    },
    {ok, State}.

-update(Config, #{user_group := ID}) ->
-    create(ID, Config).
+update(Config, _State) ->
+    create(Config).

 authenticate(#{auth_method := _}, _) ->
    ignore;