fix: urldecode appid and username.

2022-03-16 16:33:03 +08:00 · 2022-03-16 16:33:03 +08:00 · 8cf97a93af
parent bfadcebb9c
commit 8cf97a93af
5 changed files with 7 additions and 35 deletions
--- a/apps/emqx_management/src/emqx_mgmt_api_apps.erl
+++ b/apps/emqx_management/src/emqx_mgmt_api_apps.erl
@ -68,7 +68,7 @@ add_app(_Bindings, Params) ->
    end.

 del_app(#{appid := AppId}, _Params) ->
-    case emqx_mgmt_auth:del_app(AppId) of
+    case emqx_mgmt_auth:del_app(emqx_mgmt_util:urldecode(AppId)) of
        ok -> minirest:return();
        {error, Reason} -> minirest:return({error, Reason})
    end.
@ -77,7 +77,7 @@ list_apps(_Bindings, _Params) ->
    minirest:return({ok, [format(Apps)|| Apps <- emqx_mgmt_auth:list_apps()]}).

 lookup_app(#{appid := AppId}, _Params) ->
-    case emqx_mgmt_auth:lookup_app(AppId) of
+    case emqx_mgmt_auth:lookup_app(emqx_mgmt_util:urldecode(AppId)) of
        {AppId, AppSecret, Name, Desc, Status, Expired} ->
            minirest:return({ok, #{app_id => AppId,
                          secret => AppSecret,
@ -94,7 +94,7 @@ update_app(#{appid := AppId}, Params) ->
    Desc = proplists:get_value(<<"desc">>, Params),
    Status = proplists:get_value(<<"status">>, Params),
    Expired = proplists:get_value(<<"expired">>, Params),
-    case emqx_mgmt_auth:update_app(AppId, Name, Desc, Status, Expired) of
+    case emqx_mgmt_auth:update_app(emqx_mgmt_util:urldecode(AppId), Name, Desc, Status, Expired) of
        ok -> minirest:return();
        {error, Reason} -> minirest:return({error, Reason})
    end.
--- a/apps/emqx_management/src/emqx_mgmt_auth.erl
+++ b/apps/emqx_management/src/emqx_mgmt_auth.erl
@ -37,8 +37,6 @@
        , list_apps/0
        ]).

-export([abnormal_appid_warning/0]).
-
 %% APP Auth/ACL API
 -export([is_authorized/2]).

@ -220,15 +218,3 @@ is_authorized(AppId, AppSecret) ->

 is_expired(undefined) -> true;
 is_expired(Expired)   -> Expired >= erlang:system_time(second).
-
-abnormal_appid_warning() ->
-    lists:foreach(fun(Id) ->
-        case emqx_misc:is_sane_id(Id) of
-            ok -> ok;
-            {error, _} ->
-                ?LOG(warning,
-                    "[app] ~ts is not a sane appid(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
-                    "Please use `emqx_ctl mgmt delete ~ts` to delete it and create a new one.",
-                    [Id, Id])
-        end
-                  end, mnesia:dirty_all_keys(mqtt_app)).
--- a/apps/emqx_management/src/emqx_mgmt_sup.erl
+++ b/apps/emqx_management/src/emqx_mgmt_sup.erl
@ -23,7 +23,6 @@
 -export([init/1]).

 start_link() ->
-    emqx_mgmt_auth:abnormal_appid_warning(),
 	supervisor:start_link({local, ?MODULE}, ?MODULE, []).

 init([]) ->
--- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
@ -188,7 +188,6 @@ check(Username, Password) ->
 init([]) ->
    %% Add default admin user
    _ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)),
-    abnormal_username_warning(),
    {ok, state}.

 handle_call(_Req, _From, State) ->
@ -257,15 +256,3 @@ add_default_user(Username, Password) ->
            end
    end,
    ok.
-
-abnormal_username_warning() ->
-    lists:foreach(fun(Name) ->
-        case emqx_misc:is_sane_id(Name) of
-            ok -> ok;
-            {error, _} ->
-                ?LOG(warning,
-                    "[dashboard] `~ts` is not a sane username(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
-                    "Please use `emqx_ctl admins del ~ts` to delete it and create a new one.",
-                    [Name, Name])
-        end
-                  end, mnesia:dirty_all_keys(mqtt_admin)).
--- a/lib-ce/emqx_dashboard/src/emqx_dashboard_api.erl
+++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_api.erl
@ -77,9 +77,10 @@ auth(_Bindings, Params) ->
    Password = proplists:get_value(<<"password">>, Params),
    return(emqx_dashboard_admin:check(Username, Password)).

-change_pwd(#{username := Username}, Params) ->
+change_pwd(#{username := Username0}, Params) ->
    OldPwd = proplists:get_value(<<"old_pwd">>, Params),
    NewPwd = proplists:get_value(<<"new_pwd">>, Params),
+    Username = emqx_mgmt_util:urldecode(Username0),
    return(emqx_dashboard_admin:change_password(Username, OldPwd, NewPwd)).

 create(_Bindings, Params) ->
@ -96,14 +97,13 @@ list(_Bindings, _Params) ->

 update(#{name := Username}, Params) ->
    Tags = proplists:get_value(<<"tags">>, Params),
-    return(emqx_dashboard_admin:update_user(Username, Tags)).
+    return(emqx_dashboard_admin:update_user(emqx_mgmt_util:urldecode(Username), Tags)).

 delete(#{name := <<"admin">>}, _Params) ->
    return({error, <<"Cannot delete admin">>});

 delete(#{name := Username}, _Params) ->
-    return(emqx_dashboard_admin:remove_user(Username)).
+    return(emqx_dashboard_admin:remove_user(emqx_mgmt_util:urldecode(Username))).

 row(#mqtt_admin{username = Username, tags = Tags}) ->
    #{username => Username, tags => Tags}.
-