From 7954f32858a7d009bc4f187088ac8a00c86bc58f Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 12 Apr 2022 16:13:55 +0800 Subject: [PATCH] chore: remove scram authenticator for all gateway --- apps/emqx_authn/src/emqx_authn_schema.erl | 17 +++++++++++++++++ apps/emqx_exhook/src/emqx_exhook_handler.erl | 12 ++++++++---- .../emqx_gateway/src/emqx_gateway_api_authn.erl | 2 +- apps/emqx_gateway/src/emqx_gateway_http.erl | 4 ++-- .../emqx_gateway/src/mqttsn/emqx_sn_channel.erl | 6 ++++-- .../test/emqx_gateway_authn_SUITE.erl | 4 ++-- 6 files changed, 34 insertions(+), 11 deletions(-) diff --git a/apps/emqx_authn/src/emqx_authn_schema.erl b/apps/emqx_authn/src/emqx_authn_schema.erl index 0c227973b..32994cbbe 100644 --- a/apps/emqx_authn/src/emqx_authn_schema.erl +++ b/apps/emqx_authn/src/emqx_authn_schema.erl @@ -25,6 +25,7 @@ roots/0, fields/1, authenticator_type/0, + authenticator_type_without_scram/0, root_type/0, mechanism/1, backend/1 @@ -43,6 +44,22 @@ enable(_) -> undefined. authenticator_type() -> hoconsc:union(config_refs([Module || {_AuthnType, Module} <- emqx_authn:providers()])). +authenticator_type_without_scram() -> + Providers = lists:filter( + fun + ({{password_based, _Backend}, _Mod}) -> + true; + ({jwt, _Mod}) -> + true; + ({{scram, _Backend}, _Mod}) -> + false + end, + emqx_authn:providers() + ), + hoconsc:union( + config_refs([Module || {_AuthnType, Module} <- Providers]) + ). + config_refs(Modules) -> lists:append([Module:refs() || Module <- Modules]). diff --git a/apps/emqx_exhook/src/emqx_exhook_handler.erl b/apps/emqx_exhook/src/emqx_exhook_handler.erl index 0d1495587..e93c965f2 100644 --- a/apps/emqx_exhook/src/emqx_exhook_handler.erl +++ b/apps/emqx_exhook/src/emqx_exhook_handler.erl @@ -231,10 +231,14 @@ properties(M) when is_map(M) -> value => stringfy(V)} | Acc] end, [], M). -conninfo(_ConnInfo = - #{clientid := ClientId, username := Username, peername := {Peerhost, _}, - sockname := {_, SockPort}, proto_name := ProtoName, proto_ver := ProtoVer, - keepalive := Keepalive}) -> +conninfo(ConnInfo = + #{clientid := ClientId, + peername := {Peerhost, _}, + sockname := {_, SockPort}}) -> + Username = maps:get(username, ConnInfo, undefined), + ProtoName = maps:get(proto_name, ConnInfo, undefined), + ProtoVer = maps:get(proto_ver, ConnInfo, undefined), + Keepalive = maps:get(keepalive, ConnInfo, 0), #{node => stringfy(node()), clientid => ClientId, username => maybe(Username), diff --git a/apps/emqx_gateway/src/emqx_gateway_api_authn.erl b/apps/emqx_gateway/src/emqx_gateway_api_authn.erl index a552e3d86..644b44574 100644 --- a/apps/emqx_gateway/src/emqx_gateway_api_authn.erl +++ b/apps/emqx_gateway/src/emqx_gateway_api_authn.erl @@ -433,6 +433,6 @@ params_fuzzy_in_qs() -> schema_authn() -> emqx_dashboard_swagger:schema_with_examples( - emqx_authn_schema:authenticator_type(), + emqx_authn_schema:authenticator_type_without_scram(), emqx_authn_api:authenticator_examples() ). diff --git a/apps/emqx_gateway/src/emqx_gateway_http.erl b/apps/emqx_gateway/src/emqx_gateway_http.erl index 4cf0783a7..f438466b5 100644 --- a/apps/emqx_gateway/src/emqx_gateway_http.erl +++ b/apps/emqx_gateway/src/emqx_gateway_http.erl @@ -211,7 +211,7 @@ authn(GwName) -> ChainName = emqx_gateway_utils:global_chain(GwName), wrap_chain_name( ChainName, - emqx_map_lib:jsonable_map(emqx:get_config(Path)) + emqx_map_lib:jsonable_map(emqx:get_raw_config(Path)) ). -spec authn(gateway_name(), binary()) -> map(). @@ -221,7 +221,7 @@ authn(GwName, ListenerId) -> ChainName = emqx_gateway_utils:listener_chain(GwName, Type, Name), wrap_chain_name( ChainName, - emqx_map_lib:jsonable_map(emqx:get_config(Path)) + emqx_map_lib:jsonable_map(emqx:get_raw_config(Path)) ). wrap_chain_name(ChainName, Conf) -> diff --git a/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl b/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl index 804b5c265..cf0681c25 100644 --- a/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl +++ b/apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl @@ -363,8 +363,7 @@ auth_connect( username => Username, reason => Reason }), - %% FIXME: ReasonCode? - {error, Reason} + {error, name_to_returncode(Reason)} end. ensure_connected( @@ -2331,3 +2330,6 @@ returncode_name(?SN_RC2_KEEPALIVE_TIMEOUT) -> rejected_keepalive_timeout; returncode_name(?SN_RC2_EXCEED_LIMITATION) -> rejected_exceed_limitation; returncode_name(?SN_RC2_REACHED_MAX_RETRY) -> reached_max_retry_times; returncode_name(_) -> accepted. + +name_to_returncode(not_authorized) -> ?SN_RC2_NOT_AUTHORIZE; +name_to_returncode(_) -> ?SN_RC2_NOT_AUTHORIZE. diff --git a/apps/emqx_gateway/test/emqx_gateway_authn_SUITE.erl b/apps/emqx_gateway/test/emqx_gateway_authn_SUITE.erl index 33c0a2eea..dece25ea9 100644 --- a/apps/emqx_gateway/test/emqx_gateway_authn_SUITE.erl +++ b/apps/emqx_gateway/test/emqx_gateway_authn_SUITE.erl @@ -159,7 +159,7 @@ t_case_lwm2m(_) -> -define(SN_CONNACK, 16#05). -t_case_emqx_sn(_) -> +t_case_mqttsn(_) -> Mod = emqx_sn_protocol_SUITE, Login = fun(Username, Password, Expect) -> RawCfg = emqx_conf:get_raw([gateway, mqttsn], #{}), @@ -180,7 +180,7 @@ t_case_emqx_sn(_) -> end ) end, - Login(<<"badadmin">>, <<"badpassowrd">>, <<>>), + Login(<<"badadmin">>, <<"badpassowrd">>, <<3, ?SN_CONNACK, 16#80>>), Login(<<"admin">>, <<"public">>, <<3, ?SN_CONNACK, 0>>), ok.