From 04c0caefac55a27051fe462d204be3bb331f98b0 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 09:31:45 +0800 Subject: [PATCH 1/7] feat: bootstrap dashboard users from dashboard.bootstrap_users_file --- changes/v4.3.22-en.md | 3 + changes/v4.3.22-zh.md | 3 + lib-ce/emqx_dashboard/etc/emqx_dashboard.conf | 9 ++ .../emqx_dashboard/priv/emqx_dashboard.schema | 5 + .../emqx_dashboard/src/emqx_dashboard.app.src | 2 +- .../src/emqx_dashboard_admin.erl | 95 +++++++++++++++++-- 6 files changed, 106 insertions(+), 11 deletions(-) diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index bac959ca9..7bb224925 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -17,6 +17,9 @@ - Enhanced log security in ACL modules, sensitive data will be obscured. [#9242](https://github.com/emqx/emqx/pull/9242). +- Add `dashboard.bootstrap_users_file` configuration to bulk import default user&password when EMQX first starts. + + ## Bug fixes - Fix that after uploading a backup file with an UTF8 filename, HTTP API `GET /data/export` fails with status code 500 [#9224](https://github.com/emqx/emqx/pull/9224). diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index 286b2a2f0..bc5ea5607 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -17,6 +17,9 @@ - 增强 ACL 模块中的日志安全性,敏感数据将被模糊化。[#9242](https://github.com/emqx/emqx/pull/9242)。 +- 增加 `dashboard.bootstrap_users_file` 配置,可以在EMQX第一次启动时批量导入默认的用户/密码。 + + ## 修复 - 修复若上传的备份文件名中包含 UTF8 字符,`GET /data/export` HTTP 接口返回 500 错误 [#9224](https://github.com/emqx/emqx/pull/9224)。 diff --git a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf index f59f27a47..7de3dbbf4 100644 --- a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf +++ b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf @@ -17,6 +17,15 @@ dashboard.default_user.login = admin ## Value: String dashboard.default_user.password = public +## Initialize users file +## Is used to add an administrative user to Dashboard when emqx is first launched, +## the format is: +## ``` +##username1:password1 +##username2:password2 +## ``` +dashboard.bootstrap_users_file = {{ platform_etc_dir }}/bootstrap_users.txt + ##-------------------------------------------------------------------- ## HTTP Listener diff --git a/lib-ce/emqx_dashboard/priv/emqx_dashboard.schema b/lib-ce/emqx_dashboard/priv/emqx_dashboard.schema index 7ef39ac8d..93607b61b 100644 --- a/lib-ce/emqx_dashboard/priv/emqx_dashboard.schema +++ b/lib-ce/emqx_dashboard/priv/emqx_dashboard.schema @@ -10,6 +10,11 @@ {override_env, "ADMIN_PASSWORD"} ]}. +{mapping, "dashboard.bootstrap_users_file", "emqx_dashboard.bootstrap_users_file", [ + {datatype, string}, + hidden +]}. + {mapping, "dashboard.listener.http", "emqx_dashboard.listeners", [ {datatype, [integer, ip]} ]}. diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src index 07c67545b..cb36b99a8 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src @@ -1,6 +1,6 @@ {application, emqx_dashboard, [{description, "EMQ X Web Dashboard"}, - {vsn, "4.3.18"}, % strict semver, bump manually! + {vsn, "4.3.19"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_dashboard_sup]}, {applications, [kernel,stdlib,mnesia,minirest]}, diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl index a76ed9cff..5ebe18221 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl @@ -23,6 +23,7 @@ -include("emqx_dashboard.hrl"). -include_lib("emqx/include/logger.hrl"). -define(DEFAULT_PASSWORD, <<"public">>). +-define(BOOTSTRAP_USER_TAG, <<"bootstrap user">>). -boot_mnesia({mnesia, [boot]}). -copy_mnesia({mnesia, [copy]}). @@ -43,6 +44,7 @@ , change_password/3 , all_users/0 , check/2 + , add_bootstrap_users/0 ]). %% gen_server Function Exports @@ -195,6 +197,75 @@ check(Username, Password) -> {error, <<"Username/Password error">>} end. +add_bootstrap_users() -> + Bootstrap = application:get_env(emqx_dashboard, bootstrap_users_file, undefined), + Size = mnesia:table_info(mqtt_admin, size), + add_bootstrap_users(Bootstrap, Size). + +add_bootstrap_users(undefined, _) -> ok; +add_bootstrap_users(_File, Size)when Size > 0 -> ok; +add_bootstrap_users(File, 0) -> + case file:open(File, [read, binary]) of + {ok, Dev} -> + {ok, MP} = re:compile(<<"(\.+):(\.+$)">>, [ungreedy]), + case add_bootstrap_users(File, Dev, MP) of + ok -> ok; + Error -> + %% if failed add bootstrap users, we should clear all bootstrap users + mnesia:transaction(fun clear_bootstrap_users/0, []), + Error + end; + {error, Reason} = Error -> + ?LOG(error, + "failed to open the dashboard bootstrap users file(~s) for ~p", + [File, Reason] + ), + Error + end. + +add_bootstrap_users(File, Dev, MP) -> + try + add_bootstrap_user(File, Dev, MP, 1) + catch + throw:Error -> {error, Error}; + Type:Reason:Stacktrace -> + {error, {Type, Reason, Stacktrace}} + after + file:close(Dev) + end. + +add_bootstrap_user(File, Dev, MP, Line) -> + case file:read_line(Dev) of + {ok, Bin} -> + case re:run(Bin, MP, [global, {capture, all_but_first, binary}]) of + {match, [[Username, Password]]} -> + case add_user(Username, Password, ?BOOTSTRAP_USER_TAG) of + ok -> + add_bootstrap_user(File, Dev, MP, Line + 1); + Reason -> + throw(#{file => File, line => Line, content => Bin, reason => Reason}) + end; + _ -> + ?LOG(error, + "failed to bootstrap users file(~s) for Line(~w): ~ts", + [File, Line, Bin] + ), + throw(#{file => File, line => Line, content => Bin, reason => "invalid format"}) + end; + eof -> + ok; + Error -> + throw(#{file => File, line => Line, reason => Error}) + end. + +clear_bootstrap_users() -> + FoldFun = + fun(#mqtt_admin{tags = ?BOOTSTRAP_USER_TAG} = User, Acc) -> + mnesia:delete_object(User), Acc; + (_, Acc) -> Acc + end, + mnesia:foldl(FoldFun, ok, mqtt_admin). + bad_login_penalty() -> timer:sleep(2000), ok. @@ -207,16 +278,20 @@ is_valid_pwd(<>, Password) -> %%-------------------------------------------------------------------- init([]) -> - case binenv(default_user_username) of - <<>> -> ok; - UserName -> - %% Add default admin user - {ok, _} = mnesia:subscribe({table, mqtt_admin, simple}), - PasswordHash = ensure_default_user_in_db(UserName), - ok = ensure_default_user_passwd_hashed_in_pt(PasswordHash), - ok = maybe_warn_default_pwd() - end, - {ok, state}. + case add_bootstrap_users() of + ok -> + case binenv(default_user_username) of + <<>> -> ok; + UserName -> + %% Add default admin user + {ok, _} = mnesia:subscribe({table, mqtt_admin, simple}), + PasswordHash = ensure_default_user_in_db(UserName), + ok = ensure_default_user_passwd_hashed_in_pt(PasswordHash), + ok = maybe_warn_default_pwd() + end, + {ok, state}; + Error -> {stop, Error} + end. handle_call(_Req, _From, State) -> {reply, error, State}. From ec426df0a747e3345d32283768240b3cb081d679 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 09:51:09 +0800 Subject: [PATCH 2/7] fix: typo error --- apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl | 4 ++-- changes/v4.3.22-en.md | 3 ++- changes/v4.3.22-zh.md | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl index 34f9777b9..c4b11dbe9 100644 --- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl +++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl @@ -122,8 +122,8 @@ cli(_) -> , {"acl list ", "List all acls"} , {"acl show clientid ", "Lookup clientid acl detail"} , {"acl show username ", "Lookup username acl detail"} - , {"acl aad clientid ", "Add clientid acl"} - , {"acl add Username ", "Add username acl"} + , {"acl add clientid ", "Add clientid acl"} + , {"acl add username ", "Add username acl"} , {"acl add _all ", "Add $all acl"} , {"acl delete clientid ", "Delete clientid acl"} , {"acl delete username ", "Delete username acl"} diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index 7bb224925..05d8f05b1 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -17,7 +17,8 @@ - Enhanced log security in ACL modules, sensitive data will be obscured. [#9242](https://github.com/emqx/emqx/pull/9242). -- Add `dashboard.bootstrap_users_file` configuration to bulk import default user&password when EMQX first starts. +- Add `dashboard.bootstrap_users_file` configuration to bulk import default user&password when EMQX first starts [#9256](https://github.com/emqx/emqx/pull/9256). + ## Bug fixes diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index bc5ea5607..fc7d1a435 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -17,7 +17,7 @@ - 增强 ACL 模块中的日志安全性,敏感数据将被模糊化。[#9242](https://github.com/emqx/emqx/pull/9242)。 -- 增加 `dashboard.bootstrap_users_file` 配置,可以在EMQX第一次启动时批量导入默认的用户/密码。 +- 增加 `dashboard.bootstrap_users_file` 配置,可以在EMQX第一次启动时批量导入默认的用户/密码 [#9256](https://github.com/emqx/emqx/pull/9256)。 ## 修复 From ab51684b36eccb5c7dca4cd8df7ce29bad999582 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 14:41:19 +0800 Subject: [PATCH 3/7] chore: add more test for emqx_dashboard --- lib-ce/emqx_dashboard/etc/emqx_dashboard.conf | 2 +- .../src/emqx_dashboard_admin.erl | 2 +- .../emqx_dashboard_admin_bootstrap_user.erl | 89 +++++++++++++++++++ 3 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 lib-ce/emqx_dashboard/test/emqx_dashboard_admin_bootstrap_user.erl diff --git a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf index 7de3dbbf4..5bcebfc4d 100644 --- a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf +++ b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf @@ -24,7 +24,7 @@ dashboard.default_user.password = public ##username1:password1 ##username2:password2 ## ``` -dashboard.bootstrap_users_file = {{ platform_etc_dir }}/bootstrap_users.txt +# dashboard.bootstrap_users_file = {{ platform_etc_dir }}/bootstrap_users.txt ##-------------------------------------------------------------------- ## HTTP Listener diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl index 5ebe18221..402f3e304 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl @@ -212,7 +212,7 @@ add_bootstrap_users(File, 0) -> ok -> ok; Error -> %% if failed add bootstrap users, we should clear all bootstrap users - mnesia:transaction(fun clear_bootstrap_users/0, []), + {atomic, ok} = mnesia:transaction(fun clear_bootstrap_users/0, []), Error end; {error, Reason} = Error -> diff --git a/lib-ce/emqx_dashboard/test/emqx_dashboard_admin_bootstrap_user.erl b/lib-ce/emqx_dashboard/test/emqx_dashboard_admin_bootstrap_user.erl new file mode 100644 index 000000000..452cfc25a --- /dev/null +++ b/lib-ce/emqx_dashboard/test/emqx_dashboard_admin_bootstrap_user.erl @@ -0,0 +1,89 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2022 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_dashboard_admin_bootstrap_user). + +-compile(export_all). +-compile(nowarn_export_all). +-import(emqx_dashboard_SUITE, [http_post/2]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("emqx/include/emqx.hrl"). + +%%-------------------------------------------------------------------- +%% Setups +%%-------------------------------------------------------------------- + +all() -> + emqx_ct:all(?MODULE). + +init_per_suite(Config) -> + Config. + +end_per_suite(_) -> + ok. + +%%-------------------------------------------------------------------- +%% Test cases +%%-------------------------------------------------------------------- + +t_load_ok(_) -> + Bin = <<"test-1:password-1\ntest-2:password-2">>, + File = "./bootstrap_users.txt", + ok = file:write_file(File, Bin), + _ = mnesia:clear_table(emqx_admin), + application:set_env(emqx_dashboard, bootstrap_users_file, File), + emqx_ct_helpers:start_apps([emqx_dashboard]), + ?assertEqual(#{<<"code">> => 0}, check_auth(<<"test-1">>, <<"password-1">>)), + ?assertEqual(#{<<"code">> => 0}, check_auth(<<"test-2">>, <<"password-2">>)), + ?assertEqual(#{<<"message">> => <<"Username/Password error">>}, + check_auth(<<"test-2">>, <<"password-1">>)), + emqx_ct_helpers:stop_apps([emqx_dashboard]). + +t_bootstrap_user_file_not_found(_) -> + File = "./bootstrap_users_not_exist.txt", + check_load_failed(File), + ok. + +t_load_invalid_username_failed(_) -> + Bin = <<"test-1:password-1\ntest&2:password-2">>, + File = "./bootstrap_users.txt", + ok = file:write_file(File, Bin), + check_load_failed(File), + ok. + +t_load_invalid_format_failed(_) -> + Bin = <<"test-1:password-1\ntest-2password-2">>, + File = "./bootstrap_users.txt", + ok = file:write_file(File, Bin), + check_load_failed(File), + ok. + +check_load_failed(File) -> + _ = mnesia:clear_table(emqx_admin), + application:set_env(emqx_dashboard, bootstrap_users_file, File), + ?assertError(_, emqx_ct_helpers:start_apps([emqx_dashboard])), + ?assertNot(lists:member(emqx_dashboard, application:which_applications())), + ?assertEqual(0, mnesia:table_info(mqtt_admin, size)). + + +check_auth(Username, Password) -> + {ok, Res} = http_post("auth", #{<<"username">> => Username, <<"password">> => Password}), + json(Res). + +json(Data) -> + {ok, Jsx} = emqx_json:safe_decode(Data, [return_maps]), Jsx. From 47d88186d17543f065d97443859328351e8d41c4 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 14:50:20 +0800 Subject: [PATCH 4/7] chore: update emqx_auth_mnesia appup --- apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src | 2 +- apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src index 6dd1dcdfc..3bce055f6 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_mnesia, [{description, "EMQ X Authentication with Mnesia"}, - {vsn, "4.3.9"}, % strict semver, bump manually + {vsn, "4.3.10"}, % strict semver, bump manually {modules, []}, {registered, []}, {applications, [kernel,stdlib,mnesia]}, diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src index 7906449db..5cf05d34d 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src @@ -1,7 +1,9 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.7", + [{<<"4\\.3\\.[8-9]">>, + [{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]}, + {"4.3.7", [{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[5-6]">>, @@ -33,7 +35,9 @@ {load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.7", + [{<<"4\\.3\\.[8-9]">>, + [{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]}, + {"4.3.7", [{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[5-6]">>, From d37ad38e7a25f885ca03dd535c2e55074fba063e Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 15:43:02 +0800 Subject: [PATCH 5/7] chore: clear_table mqtt_admin when failed --- lib-ce/emqx_dashboard/src/emqx_dashboard.app.src | 2 +- lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src index cb36b99a8..07c67545b 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src @@ -1,6 +1,6 @@ {application, emqx_dashboard, [{description, "EMQ X Web Dashboard"}, - {vsn, "4.3.19"}, % strict semver, bump manually! + {vsn, "4.3.18"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_dashboard_sup]}, {applications, [kernel,stdlib,mnesia,minirest]}, diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl index 402f3e304..a0f62e7bd 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl @@ -212,9 +212,9 @@ add_bootstrap_users(File, 0) -> ok -> ok; Error -> %% if failed add bootstrap users, we should clear all bootstrap users - {atomic, ok} = mnesia:transaction(fun clear_bootstrap_users/0, []), + {atomic, ok} = mnesia:clear_table(mqtt_admin), Error - end; + end; {error, Reason} = Error -> ?LOG(error, "failed to open the dashboard bootstrap users file(~s) for ~p", @@ -258,14 +258,6 @@ add_bootstrap_user(File, Dev, MP, Line) -> throw(#{file => File, line => Line, reason => Error}) end. -clear_bootstrap_users() -> - FoldFun = - fun(#mqtt_admin{tags = ?BOOTSTRAP_USER_TAG} = User, Acc) -> - mnesia:delete_object(User), Acc; - (_, Acc) -> Acc - end, - mnesia:foldl(FoldFun, ok, mqtt_admin). - bad_login_penalty() -> timer:sleep(2000), ok. From 93924f567f9dea880234f06d09793c72e45d8735 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 21:39:45 +0800 Subject: [PATCH 6/7] chore: apply suggestions from code review Co-authored-by: Zaiming (Stone) Shi --- changes/v4.3.22-en.md | 3 +-- changes/v4.3.22-zh.md | 2 +- lib-ce/emqx_dashboard/etc/emqx_dashboard.conf | 5 +++-- lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/changes/v4.3.22-en.md b/changes/v4.3.22-en.md index 05d8f05b1..6b5ed74b7 100644 --- a/changes/v4.3.22-en.md +++ b/changes/v4.3.22-en.md @@ -17,8 +17,7 @@ - Enhanced log security in ACL modules, sensitive data will be obscured. [#9242](https://github.com/emqx/emqx/pull/9242). -- Add `dashboard.bootstrap_users_file` configuration to bulk import default user&password when EMQX first starts [#9256](https://github.com/emqx/emqx/pull/9256). - +- Add `dashboard.bootstrap_users_file` configuration to bulk import default administrative username and password when EMQX initializes the database [#9256](https://github.com/emqx/emqx/pull/9256). ## Bug fixes diff --git a/changes/v4.3.22-zh.md b/changes/v4.3.22-zh.md index fc7d1a435..8fb86bc22 100644 --- a/changes/v4.3.22-zh.md +++ b/changes/v4.3.22-zh.md @@ -17,7 +17,7 @@ - 增强 ACL 模块中的日志安全性,敏感数据将被模糊化。[#9242](https://github.com/emqx/emqx/pull/9242)。 -- 增加 `dashboard.bootstrap_users_file` 配置,可以在EMQX第一次启动时批量导入默认的用户/密码 [#9256](https://github.com/emqx/emqx/pull/9256)。 +- 增加 `dashboard.bootstrap_users_file` 配置,可以让 EMQX 初始化数据库时,从该文件批量导入一些控制台用户的用户名 / 密码 [#9256](https://github.com/emqx/emqx/pull/9256)。 ## 修复 diff --git a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf index 5bcebfc4d..18756f06a 100644 --- a/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf +++ b/lib-ce/emqx_dashboard/etc/emqx_dashboard.conf @@ -18,8 +18,9 @@ dashboard.default_user.login = admin dashboard.default_user.password = public ## Initialize users file -## Is used to add an administrative user to Dashboard when emqx is first launched, -## the format is: +## Is used to add administrative dashboard users when EMQX is launched for the first time. +## This config will not take any effect once EMQX database is populated with the provided users. +## The file content format is as below: ## ``` ##username1:password1 ##username2:password2 diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl index a0f62e7bd..b2589bd06 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl @@ -23,7 +23,7 @@ -include("emqx_dashboard.hrl"). -include_lib("emqx/include/logger.hrl"). -define(DEFAULT_PASSWORD, <<"public">>). --define(BOOTSTRAP_USER_TAG, <<"bootstrap user">>). +-define(BOOTSTRAP_USER_TAG, <<"bootstrapped">>). -boot_mnesia({mnesia, [boot]}). -copy_mnesia({mnesia, [copy]}). @@ -242,7 +242,7 @@ add_bootstrap_user(File, Dev, MP, Line) -> case add_user(Username, Password, ?BOOTSTRAP_USER_TAG) of ok -> add_bootstrap_user(File, Dev, MP, Line + 1); - Reason -> + {error, Reason} -> throw(#{file => File, line => Line, content => Bin, reason => Reason}) end; _ -> @@ -254,7 +254,7 @@ add_bootstrap_user(File, Dev, MP, Line) -> end; eof -> ok; - Error -> + {error, Error} -> throw(#{file => File, line => Line, reason => Error}) end. From 9167055f561280f50e19dc55a21ee00be3847dad Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Fri, 28 Oct 2022 21:49:16 +0800 Subject: [PATCH 7/7] chore: refactor init_default_admin_user/0 function --- .../src/emqx_dashboard_admin.erl | 44 ++++++++++--------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl index b2589bd06..223d99fa5 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl @@ -44,7 +44,7 @@ , change_password/3 , all_users/0 , check/2 - , add_bootstrap_users/0 + , init_bootstrap_users/0 ]). %% gen_server Function Exports @@ -197,18 +197,18 @@ check(Username, Password) -> {error, <<"Username/Password error">>} end. -add_bootstrap_users() -> +init_bootstrap_users() -> Bootstrap = application:get_env(emqx_dashboard, bootstrap_users_file, undefined), Size = mnesia:table_info(mqtt_admin, size), - add_bootstrap_users(Bootstrap, Size). + init_bootstrap_users(Bootstrap, Size). -add_bootstrap_users(undefined, _) -> ok; -add_bootstrap_users(_File, Size)when Size > 0 -> ok; -add_bootstrap_users(File, 0) -> +init_bootstrap_users(undefined, _) -> ok; +init_bootstrap_users(_File, Size)when Size > 0 -> ok; +init_bootstrap_users(File, 0) -> case file:open(File, [read, binary]) of {ok, Dev} -> {ok, MP} = re:compile(<<"(\.+):(\.+$)">>, [ungreedy]), - case add_bootstrap_users(File, Dev, MP) of + case init_bootstrap_users(File, Dev, MP) of ok -> ok; Error -> %% if failed add bootstrap users, we should clear all bootstrap users @@ -223,7 +223,7 @@ add_bootstrap_users(File, 0) -> Error end. -add_bootstrap_users(File, Dev, MP) -> +init_bootstrap_users(File, Dev, MP) -> try add_bootstrap_user(File, Dev, MP, 1) catch @@ -270,21 +270,23 @@ is_valid_pwd(<>, Password) -> %%-------------------------------------------------------------------- init([]) -> - case add_bootstrap_users() of - ok -> - case binenv(default_user_username) of - <<>> -> ok; - UserName -> - %% Add default admin user - {ok, _} = mnesia:subscribe({table, mqtt_admin, simple}), - PasswordHash = ensure_default_user_in_db(UserName), - ok = ensure_default_user_passwd_hashed_in_pt(PasswordHash), - ok = maybe_warn_default_pwd() - end, - {ok, state}; - Error -> {stop, Error} + case init_bootstrap_users() of + ok -> init_default_admin_user(); + {error, Error} -> {stop, Error} end. +init_default_admin_user() -> + case binenv(default_user_username) of + <<>> -> ok; + UserName -> + %% Add default admin user + {ok, _} = mnesia:subscribe({table, mqtt_admin, simple}), + PasswordHash = ensure_default_user_in_db(UserName), + ok = ensure_default_user_passwd_hashed_in_pt(PasswordHash), + ok = maybe_warn_default_pwd() + end, + {ok, state}. + handle_call(_Req, _From, State) -> {reply, error, State}.