yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: urldecode appid and username.

This commit is contained in:
zhongwencool 2022-03-16 16:33:03 +08:00
parent bfadcebb9c
commit 8cf97a93af
5 changed files with 7 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/emqx_management/src/emqx_mgmt_api_apps.erl
View File

@ -68,7 +68,7 @@ add_app(_Bindings, Params) ->
end. end.
del_app(#{appid := AppId}, _Params) -> del_app(#{appid := AppId}, _Params) ->
case emqx_mgmt_auth:del_app(AppId) of case emqx_mgmt_auth:del_app(emqx_mgmt_util:urldecode(AppId)) of
ok -> minirest:return(); ok -> minirest:return();
{error, Reason} -> minirest:return({error, Reason}) {error, Reason} -> minirest:return({error, Reason})
end. end.
@ -77,7 +77,7 @@ list_apps(_Bindings, _Params) ->
minirest:return({ok, [format(Apps)|| Apps <- emqx_mgmt_auth:list_apps()]}). minirest:return({ok, [format(Apps)|| Apps <- emqx_mgmt_auth:list_apps()]}).
lookup_app(#{appid := AppId}, _Params) -> lookup_app(#{appid := AppId}, _Params) ->
case emqx_mgmt_auth:lookup_app(AppId) of case emqx_mgmt_auth:lookup_app(emqx_mgmt_util:urldecode(AppId)) of
{AppId, AppSecret, Name, Desc, Status, Expired} -> {AppId, AppSecret, Name, Desc, Status, Expired} ->
minirest:return({ok, #{app_id => AppId, minirest:return({ok, #{app_id => AppId,
secret => AppSecret, secret => AppSecret,
@ -94,7 +94,7 @@ update_app(#{appid := AppId}, Params) ->
Desc = proplists:get_value(<<"desc">>, Params), Desc = proplists:get_value(<<"desc">>, Params),
Status = proplists:get_value(<<"status">>, Params), Status = proplists:get_value(<<"status">>, Params),
Expired = proplists:get_value(<<"expired">>, Params), Expired = proplists:get_value(<<"expired">>, Params),
case emqx_mgmt_auth:update_app(AppId, Name, Desc, Status, Expired) of case emqx_mgmt_auth:update_app(emqx_mgmt_util:urldecode(AppId), Name, Desc, Status, Expired) of
ok -> minirest:return(); ok -> minirest:return();
{error, Reason} -> minirest:return({error, Reason}) {error, Reason} -> minirest:return({error, Reason})
end. end.

14
apps/emqx_management/src/emqx_mgmt_auth.erl
View File

@ -37,8 +37,6 @@
, list_apps/0 , list_apps/0
]). ]).
-export([abnormal_appid_warning/0]).
%% APP Auth/ACL API %% APP Auth/ACL API
-export([is_authorized/2]). -export([is_authorized/2]).
@ -220,15 +218,3 @@ is_authorized(AppId, AppSecret) ->
is_expired(undefined) -> true; is_expired(undefined) -> true;
is_expired(Expired) -> Expired >= erlang:system_time(second). is_expired(Expired) -> Expired >= erlang:system_time(second).
abnormal_appid_warning() ->
lists:foreach(fun(Id) ->
case emqx_misc:is_sane_id(Id) of
ok -> ok;
{error, _} ->
?LOG(warning,
"[app] ~ts is not a sane appid(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
"Please use `emqx_ctl mgmt delete ~ts` to delete it and create a new one.",
[Id, Id])
end
end, mnesia:dirty_all_keys(mqtt_app)).

1
apps/emqx_management/src/emqx_mgmt_sup.erl
View File

@ -23,7 +23,6 @@
-export([init/1]). -export([init/1]).
start_link() -> start_link() ->
emqx_mgmt_auth:abnormal_appid_warning(),
supervisor:start_link({local, ?MODULE}, ?MODULE, []). supervisor:start_link({local, ?MODULE}, ?MODULE, []).
init([]) -> init([]) ->

13
lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
View File

@ -188,7 +188,6 @@ check(Username, Password) ->
init([]) -> init([]) ->
%% Add default admin user %% Add default admin user
_ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)), _ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)),
abnormal_username_warning(),
{ok, state}. {ok, state}.
handle_call(_Req, _From, State) -> handle_call(_Req, _From, State) ->
@ -257,15 +256,3 @@ add_default_user(Username, Password) ->
end end
end, end,
ok. ok.
abnormal_username_warning() ->
lists:foreach(fun(Name) ->
case emqx_misc:is_sane_id(Name) of
ok -> ok;
{error, _} ->
?LOG(warning,
"[dashboard] `~ts` is not a sane username(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
"Please use `emqx_ctl admins del ~ts` to delete it and create a new one.",
[Name, Name])
end
end, mnesia:dirty_all_keys(mqtt_admin)).

8
lib-ce/emqx_dashboard/src/emqx_dashboard_api.erl
View File

@ -77,9 +77,10 @@ auth(_Bindings, Params) ->
Password = proplists:get_value(<<"password">>, Params), Password = proplists:get_value(<<"password">>, Params),
return(emqx_dashboard_admin:check(Username, Password)). return(emqx_dashboard_admin:check(Username, Password)).
change_pwd(#{username := Username}, Params) -> change_pwd(#{username := Username0}, Params) ->
OldPwd = proplists:get_value(<<"old_pwd">>, Params), OldPwd = proplists:get_value(<<"old_pwd">>, Params),
NewPwd = proplists:get_value(<<"new_pwd">>, Params), NewPwd = proplists:get_value(<<"new_pwd">>, Params),
Username = emqx_mgmt_util:urldecode(Username0),
return(emqx_dashboard_admin:change_password(Username, OldPwd, NewPwd)). return(emqx_dashboard_admin:change_password(Username, OldPwd, NewPwd)).
create(_Bindings, Params) -> create(_Bindings, Params) ->
@ -96,14 +97,13 @@ list(_Bindings, _Params) ->
update(#{name := Username}, Params) -> update(#{name := Username}, Params) ->
Tags = proplists:get_value(<<"tags">>, Params), Tags = proplists:get_value(<<"tags">>, Params),
return(emqx_dashboard_admin:update_user(Username, Tags)). return(emqx_dashboard_admin:update_user(emqx_mgmt_util:urldecode(Username), Tags)).
delete(#{name := <<"admin">>}, _Params) -> delete(#{name := <<"admin">>}, _Params) ->
return({error, <<"Cannot delete admin">>}); return({error, <<"Cannot delete admin">>});
delete(#{name := Username}, _Params) -> delete(#{name := Username}, _Params) ->
return(emqx_dashboard_admin:remove_user(Username)). return(emqx_dashboard_admin:remove_user(emqx_mgmt_util:urldecode(Username))).
row(#mqtt_admin{username = Username, tags = Tags}) -> row(#mqtt_admin{username = Username, tags = Tags}) ->
#{username => Username, tags => Tags}. #{username => Username, tags => Tags}.