yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: sync ee changes back into ce repo

This commit is contained in:
Thales Macedo Garitezi 2023-01-05 13:41:13 -03:00
parent 00412149f3
commit 822a510873
5 changed files with 101 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apps/emqx_management/src/emqx_mgmt_auth.erl
View File

@ -36,7 +36,6 @@
, del_app/1
, list_apps/0
, init_bootstrap_apps/0
, need_bootstrap/0
, clear_bootstrap_apps/0
]).
@ -83,21 +82,8 @@ add_default_app() ->
end.
init_bootstrap_apps() ->
case need_bootstrap() of
true ->
Bootstrap = application:get_env(emqx_management, bootstrap_apps_file, undefined),
init_bootstrap_apps(Bootstrap);
false ->
ok
end.
need_bootstrap() ->
{atomic, Res} = mnesia:transaction(
fun() ->
Spec = [{#mqtt_app{id = '$1', desc = ?BOOTSTRAP_TAG, _ = '_'}, [], ['$1']}],
mnesia:select(mqtt_app, Spec, 1, read) =:= '$end_of_table'
end),
Res.
init_bootstrap_apps(Bootstrap).
clear_bootstrap_apps() ->
{atomic, ok} =
@ -113,13 +99,7 @@ init_bootstrap_apps(File) ->
case file:open(File, [read, binary]) of
{ok, Dev} ->
{ok, MP} = re:compile(<<"(\.+):(\.+$)">>, [ungreedy]),
case init_bootstrap_apps(File, Dev, MP) of
ok -> ok;
Error ->
%% if failed add bootstrap users, we should clear all bootstrap apps
clear_bootstrap_apps(),
Error
end;
init_bootstrap_apps(File, Dev, MP);
{error, Reason} = Error ->
?LOG(error,
"failed to open the mgmt bootstrap apps file(~s) for ~p",
@ -145,8 +125,8 @@ add_bootstrap_app(File, Dev, MP, Line) ->
case re:run(Bin, MP, [global, {capture, all_but_first, binary}]) of
{match, [[AppId, AppSecret]]} ->
Name = <<"bootstraped">>,
case add_app(AppId, Name, AppSecret, ?BOOTSTRAP_TAG, true, undefined) of
{ok, _} ->
case force_add_app(AppId, Name, AppSecret, ?BOOTSTRAP_TAG, true, undefined) of
ok ->
add_bootstrap_app(File, Dev, MP, Line + 1);
{error, Reason} ->
throw(#{file => File, line => Line, content => Bin, reason => Reason})

64
apps/emqx_management/test/emqx_auth_mnesia_data_export_import_SUITE.erl
View File

@ -66,6 +66,70 @@ t_importee430(_) ->
{ok, _} = emqx_mgmt_data_backup:export(),
remove_all_users_and_acl().
t_import_test(_) ->
SimpleAdmin = <<"simpleAdmin">>,
SimplePassword = <<"simplepassword">>,
SimplePasswordHash = emqx_dashboard_admin:hash(SimplePassword),
Admins = [<<"Admin1">>, <<"Admin2">>, <<"Admin3">>, <<"Admin4">>, <<"Admin5">>],
Passwords = [<<"password1">>, <<"PAssword2">>,<<"3&*)dkdKlkd">>,<<"&*qwl4kd>">>,<<"PASSWORD5D">>],
%% add some users
add_admins(Admins, Passwords),
%% Allow force import simple password.
ok = emqx_dashboard_admin:force_add_user(SimpleAdmin, SimplePasswordHash, <<"test">>),
ct:pal("1111~p~n", [ets:info(mqtt_admin)]),
ct:pal("~p~n", [ets:tab2list(mqtt_admin)]),
check_admins_ok(Admins, Passwords),
{ok, #{filename := FileName}} = emqx_mgmt_data_backup:export(),
remove_admins(Admins),
ok = emqx_dashboard_admin:remove_user(SimpleAdmin),
ct:pal("0000~n"),
check_admins_failed(Admins, Passwords),
{error, _} = emqx_dashboard_admin:check(SimpleAdmin, SimplePassword),
ok = emqx_mgmt_data_backup:import(FileName, <<"{}">>),
ct:pal("2222~n"),
check_admins_ok(Admins, Passwords),
ok = emqx_dashboard_admin:check(SimpleAdmin, SimplePassword),
remove_admins(Admins),
ok = emqx_dashboard_admin:remove_user(SimpleAdmin),
remove_all_users_and_acl(),
ok.
add_admins(Admins, Passwords) ->
lists:foreach(
fun({Admin, Password}) ->
ok = emqx_dashboard_admin:add_user(Admin, Password, <<"test">>)
end, lists:zip(Admins, Passwords)),
ok.
check_admins_ok(Admins, Passwords) ->
lists:foreach(
fun({Admin, Password}) ->
?assertMatch(ok, emqx_dashboard_admin:check(Admin, Password), {Admin, Password})
end, lists:zip(Admins, Passwords)),
ok.
check_admins_failed(Admins, Passwords) ->
lists:foreach(
fun({Admin, Password}) ->
?assertMatch({error, _}, emqx_dashboard_admin:check(Admin, Password), {Admin, Password})
end, lists:zip(Admins, Passwords)),
ok.
remove_admins(Admins) ->
lists:foreach(
fun(Admin) ->
ok = emqx_dashboard_admin:remove_user(Admin)
end, Admins),
ok.
remove_all_users_and_acl() ->
mnesia:delete_table(emqx_user),
mnesia:delete_table(emqx_acl).

15
apps/emqx_management/test/emqx_mgmt_bootstrap_app_SUITE.erl
View File

@ -68,10 +68,10 @@ t_load_ok(_) ->
ok = file:write_file(File, Bin1),
application:set_env(emqx_management, bootstrap_apps_file, File),
{ok, _} = application:ensure_all_started(emqx_management),
?assert(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"secret-1">>)),
?assert(emqx_mgmt_auth:is_authorized(<<"test-2">>, <<"secret-2">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"new-secret-1">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test-2">>, <<"new-secret-2">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"secret-1">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test-2">>, <<"secret-2">>)),
?assert(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"new-secret-1">>)),
?assert(emqx_mgmt_auth:is_authorized(<<"test-2">>, <<"new-secret-2">>)),
application:stop(emqx_management).
t_bootstrap_user_file_not_found(_) ->
@ -84,6 +84,8 @@ t_load_invalid_username_failed(_) ->
File = "./bootstrap_apps.txt",
ok = file:write_file(File, Bin),
check_load_failed(File),
?assert(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"password-1">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test&2">>, <<"password-2">>)),
ok.
t_load_invalid_format_failed(_) ->
@ -91,6 +93,8 @@ t_load_invalid_format_failed(_) ->
File = "./bootstrap_apps.txt",
ok = file:write_file(File, Bin),
check_load_failed(File),
?assert(emqx_mgmt_auth:is_authorized(<<"test-1">>, <<"password-1">>)),
?assertNot(emqx_mgmt_auth:is_authorized(<<"test-2">>, <<"password-2">>)),
ok.
check_load_failed(File) ->
@ -98,5 +102,4 @@ check_load_failed(File) ->
application:stop(emqx_management),
application:set_env(emqx_management, bootstrap_apps_file, File),
?assertMatch({error, _}, application:ensure_all_started(emqx_management)),
?assertNot(lists:member(emqx_management, application:which_applications())),
?assert(emqx_mgmt_auth:need_bootstrap()).
?assertNot(lists:member(emqx_management, application:which_applications())).

11
changes/v4.4.14-en.md Normal file
View File

@ -0,0 +1,11 @@
# v4.4.14
## Enhancements
- Add a password complexity requirement when adding or modifying Dashboard users via the API. Now passwords must contain at least 2 of alphabetic, numeric and special characters, and must be 8 to 64 characters long [#1696](https://github.com/emqx/emqx-enterprise/pull/1696).
## Bug fixes
- Fix dashboard password validator is too simple. Now dashboard password must contain at least two different kind of characters from groups of letters, numbers and special characters. [#1696](https://github.com/emqx/emqx-enterprise/pull/1696).
- Fix the problem that adding or importing Dashboard users via the API fails to add complex passwords due to incorrect checksum of the passwords [#1696](https://github.com/emqx/emqx-enterprise/pull/1696).
- Fix load bootstrap_app_file's apps is not sync when reboot. [#1697](https://github.com/emqx/emqx-enterprise/pull/1697).

11
changes/v4.4.14-zh.md Normal file
View File

@ -0,0 +1,11 @@
# v4.4.14
## 增强
- 通过 API 添加、修改 Dashboard 用户时,增加对密码复杂度的要求。现在密码必须包含字母、数字以及特殊字符中的至少 2 种,并且长度范围必须是 8~64 个字符 [#1696](https://github.com/emqx/emqx-enterprise/pull/1696)。
## 修复
- 修复通过 API 添加或者导入 Dashboard 用户时,对密码进行了错误的校验,导致复杂密码添加失败的问题 [#1696](https://github.com/emqx/emqx-enterprise/pull/1696)。
- 修复 boostrap_apps_file 文件更新后没有同步更新至数据库导致文件中新加 apps 未生效 [#1697](https://github.com/emqx/emqx-enterprise/pull/1697)。