From 86895ddc24944a4767b7a97bc31690eff9b07901 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Mon, 18 Jan 2021 20:05:08 +0100
Subject: [PATCH] chore(sync-apps): sync emqx_auth_mnesia e4.2.3

---
 .../src/emqx_acl_mnesia_cli.erl               |  2 +-
 .../emqx_auth_mnesia/src/emqx_auth_mnesia.erl | 33 ++++++++++++++++---
 .../src/emqx_auth_mnesia_app.erl              |  2 --
 .../src/emqx_auth_mnesia_cli.erl              |  8 ++---
 sync-apps.sh                                  |  2 +-
 5 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
index 020a94542..10fb4e87b 100644
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
@@ -192,7 +192,7 @@ cli(_) ->
                    , {"acl add _all <Topic> <Action> <Access>", "Add $all acl"}
                    , {"acl del clientid <Clientid> <Topic>", "Delete clientid acl"}
                    , {"acl del username <Username> <Topic>", "Delete username acl"}
-                   , {"acl del _all, <Topic>", "Delete $all acl"}
+                   , {"acl del _all <Topic>", "Delete $all acl"}
                    ]).
 
 
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
index bb413b6d9..9cb468a8f 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
@@ -63,10 +63,8 @@ check(ClientInfo = #{ clientid := Clientid
             emqx_metrics:inc(?AUTH_METRICS(ignore)),
             ok;
         List ->
-            case [ Hash  || <<Salt:4/binary, Hash/binary>> <- lists:sort(fun emqx_auth_mnesia_cli:comparing/2, List),
-                            Hash =:= hash(NPassword, Salt, HashType)
-                 ] of
-                [] ->
+            case match_password(NPassword, HashType, List)  of
+                false ->
                     ?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]),
                     emqx_metrics:inc(?AUTH_METRICS(failure)),
                     {stop, AuthResult#{anonymous => false, auth_result => password_error}};
@@ -78,7 +76,34 @@ check(ClientInfo = #{ clientid := Clientid
 
 description() -> "Authentication with Mnesia".
 
+match_password(Password, HashType, HashList) ->
+    lists:any(
+      fun(Secret) ->
+        case is_salt_hash(Secret, HashType) of
+            true ->
+                <<Salt:4/binary, Hash/binary>> = Secret,
+                Hash =:= hash(Password, Salt, HashType);
+            _ ->
+                Secret =:= hash(Password, HashType)
+        end
+      end, HashList).
+
+hash(undefined, HashType) ->
+    hash(<<>>, HashType);
+hash(Password, HashType) ->
+    emqx_passwd:hash(HashType, Password).
+
 hash(undefined, SaltBin, HashType) ->
     hash(<<>>, SaltBin, HashType);
 hash(Password, SaltBin, HashType) ->
     emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
+
+is_salt_hash(_, plain) ->
+    true;
+is_salt_hash(Secret, HashType) ->
+    not (byte_size(Secret) == len(HashType)).
+
+len(md5) -> 32;
+len(sha) -> 40;
+len(sha256) -> 64;
+len(sha512) -> 128.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
index cfc9df995..e55e45ed4 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
@@ -35,7 +35,6 @@
 start(_StartType, _StartArgs) ->
     {ok, Sup} = emqx_auth_mnesia_sup:start_link(),
     emqx_ctl:register_command(clientid, {emqx_auth_mnesia_cli, auth_clientid_cli}, []),
-    emqx_ctl:register_command(username, {emqx_auth_mnesia_cli, auth_username_cli}, []),
     emqx_ctl:register_command(user, {emqx_auth_mnesia_cli, auth_username_cli}, []),
     emqx_ctl:register_command(acl, {emqx_acl_mnesia_cli, cli}, []),
     load_auth_hook(),
@@ -46,7 +45,6 @@ prep_stop(State) ->
     emqx:unhook('client.authenticate', fun emqx_auth_mnesia:check/3),
     emqx:unhook('client.check_acl', fun emqx_acl_mnesia:check_acl/5),
     emqx_ctl:unregister_command(clientid),
-    emqx_ctl:unregister_command(username),
     emqx_ctl:unregister_command(user),
     emqx_ctl:unregister_command(acl),
     State.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
index b937eb238..7c0181e47 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
@@ -175,7 +175,7 @@ auth_username_cli(["del", Username]) ->
     end;
 
 auth_username_cli(_) ->
-    emqx_ctl:usage([{"users list", "List username auth rules"},
-                    {"users add <Username> <Password>", "Add username auth rule"},
-                    {"users update <Username> <NewPassword>", "Update username auth rule"},
-                    {"users del <Username>", "Delete username auth rule"}]).
+    emqx_ctl:usage([{"user list", "List username auth rules"},
+                    {"user add <Username> <Password>", "Add username auth rule"},
+                    {"user update <Username> <NewPassword>", "Update username auth rule"},
+                    {"user del <Username>", "Delete username auth rule"}]).
diff --git a/sync-apps.sh b/sync-apps.sh
index 85cca416d..ab4a75004 100755
--- a/sync-apps.sh
+++ b/sync-apps.sh
@@ -78,7 +78,7 @@ extract_zip(){
     mv "apps/${repo}-${vsn}/" "apps/$app/"
 }
 
-extract_zip "emqx_auth_mnesia" "e4.2.2" "e4.2.2"
+extract_zip "emqx_auth_mnesia" "e4.2.3" "e4.2.3"
 for app in ${apps[@]}; do
     extract_zip "$app" "$default_vsn"
 done