yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: remove scram authenticator for all gateway

This commit is contained in:
JianBo He 2022-04-12 16:13:55 +08:00
parent 2305d90775
commit 7954f32858
6 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/emqx_authn/src/emqx_authn_schema.erl
View File

@ -25,6 +25,7 @@
roots/0,
fields/1,
authenticator_type/0,
authenticator_type_without_scram/0,
root_type/0,
mechanism/1,
backend/1
@ -43,6 +44,22 @@ enable(_) -> undefined.
authenticator_type() ->
hoconsc:union(config_refs([Module || {_AuthnType, Module} <- emqx_authn:providers()])).
authenticator_type_without_scram() ->
Providers = lists:filter(
fun
({{password_based, _Backend}, _Mod}) ->
true;
({jwt, _Mod}) ->
true;
({{scram, _Backend}, _Mod}) ->
false
end,
emqx_authn:providers()
),
hoconsc:union(
config_refs([Module || {_AuthnType, Module} <- Providers])
).
config_refs(Modules) ->
lists:append([Module:refs() || Module <- Modules]).

12
apps/emqx_exhook/src/emqx_exhook_handler.erl
View File

@ -231,10 +231,14 @@ properties(M) when is_map(M) ->
value => stringfy(V)} | Acc]
end, [], M).
conninfo(_ConnInfo =
#{clientid := ClientId, username := Username, peername := {Peerhost, _},
sockname := {_, SockPort}, proto_name := ProtoName, proto_ver := ProtoVer,
keepalive := Keepalive}) ->
conninfo(ConnInfo =
#{clientid := ClientId,
peername := {Peerhost, _},
sockname := {_, SockPort}}) ->
Username = maps:get(username, ConnInfo, undefined),
ProtoName = maps:get(proto_name, ConnInfo, undefined),
ProtoVer = maps:get(proto_ver, ConnInfo, undefined),
Keepalive = maps:get(keepalive, ConnInfo, 0),
#{node => stringfy(node()),
clientid => ClientId,
username => maybe(Username),

2
apps/emqx_gateway/src/emqx_gateway_api_authn.erl
View File

@ -433,6 +433,6 @@ params_fuzzy_in_qs() ->
schema_authn() ->
emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(),
emqx_authn_schema:authenticator_type_without_scram(),
emqx_authn_api:authenticator_examples()
).

4
apps/emqx_gateway/src/emqx_gateway_http.erl
View File

@ -211,7 +211,7 @@ authn(GwName) ->
ChainName = emqx_gateway_utils:global_chain(GwName),
wrap_chain_name(
ChainName,
emqx_map_lib:jsonable_map(emqx:get_config(Path))
emqx_map_lib:jsonable_map(emqx:get_raw_config(Path))
).
-spec authn(gateway_name(), binary()) -> map().
@ -221,7 +221,7 @@ authn(GwName, ListenerId) ->
ChainName = emqx_gateway_utils:listener_chain(GwName, Type, Name),
wrap_chain_name(
ChainName,
emqx_map_lib:jsonable_map(emqx:get_config(Path))
emqx_map_lib:jsonable_map(emqx:get_raw_config(Path))
).
wrap_chain_name(ChainName, Conf) ->

6
apps/emqx_gateway/src/mqttsn/emqx_sn_channel.erl
View File

@ -363,8 +363,7 @@ auth_connect(
username => Username,
reason => Reason
}),
%% FIXME: ReasonCode?
{error, Reason}
{error, name_to_returncode(Reason)}
end.
ensure_connected(
@ -2331,3 +2330,6 @@ returncode_name(?SN_RC2_KEEPALIVE_TIMEOUT) -> rejected_keepalive_timeout;
returncode_name(?SN_RC2_EXCEED_LIMITATION) -> rejected_exceed_limitation;
returncode_name(?SN_RC2_REACHED_MAX_RETRY) -> reached_max_retry_times;
returncode_name(_) -> accepted.
name_to_returncode(not_authorized) -> ?SN_RC2_NOT_AUTHORIZE;
name_to_returncode(_) -> ?SN_RC2_NOT_AUTHORIZE.

4
apps/emqx_gateway/test/emqx_gateway_authn_SUITE.erl
View File

@ -159,7 +159,7 @@ t_case_lwm2m(_) ->
-define(SN_CONNACK, 16#05).
t_case_emqx_sn(_) ->
t_case_mqttsn(_) ->
Mod = emqx_sn_protocol_SUITE,
Login = fun(Username, Password, Expect) ->
RawCfg = emqx_conf:get_raw([gateway, mqttsn], #{}),
@ -180,7 +180,7 @@ t_case_emqx_sn(_) ->
end
)
end,
Login(<<"badadmin">>, <<"badpassowrd">>, <<>>),
Login(<<"badadmin">>, <<"badpassowrd">>, <<3, ?SN_CONNACK, 16#80>>),
Login(<<"admin">>, <<"public">>, <<3, ?SN_CONNACK, 0>>),
ok.