From 8d92d58b6cb035b3319d10ad10698bd787c048f9 Mon Sep 17 00:00:00 2001
From: JianBo He <HeeeJianBo@gmail.com>
Date: Tue, 26 Mar 2019 10:25:51 +0800
Subject: [PATCH] Fix allow_anonymous behavoir error (#2355)

EMQ should allow the anonymous connection if the allow_anonymous option is true, although it has one or more auth plugins started.
---
 src/emqx_access_control.erl | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/emqx_access_control.erl b/src/emqx_access_control.erl
index 4fda19b08..501d5f0db 100644
--- a/src/emqx_access_control.erl
+++ b/src/emqx_access_control.erl
@@ -29,12 +29,14 @@
 -spec(authenticate(emqx_types:credentials())
       -> {ok, emqx_types:credentials()} | {error, term()}).
 authenticate(Credentials) ->
-    case emqx_hooks:run_fold('client.authenticate', [], Credentials#{auth_result => init_auth_result(Credentials)}) of
-        #{auth_result := success} = NewCredentials ->
-            {ok, NewCredentials};
-        NewCredentials ->
-            {error, maps:get(auth_result, NewCredentials, unknown_error)}
-    end.
+    detect_anonymous_permission(Credentials, fun() ->
+        case emqx_hooks:run_fold('client.authenticate', [], init_auth_result(Credentials)) of
+            #{auth_result := success} = NewCredentials ->
+                {ok, NewCredentials};
+            NewCredentials ->
+                {error, maps:get(auth_result, NewCredentials, unknown_error)}
+        end
+    end).
 
 %% @doc Check ACL
 -spec(check_acl(emqx_types:credentials(), emqx_types:pubsub(), emqx_types:topic()) -> allow | deny).
@@ -67,7 +69,22 @@ reload_acl() ->
     emqx_mod_acl_internal:reload_acl().
 
 init_auth_result(Credentials) ->
-    case emqx_zone:get_env(maps:get(zone, Credentials, undefined), allow_anonymous, false) of
-        true -> success;
-        false -> not_authorized
+    case anonymous_permission(Credentials) of
+        true -> Credentials#{auth_result => success};
+        false -> Credentials#{auth_result => not_authorized}
     end.
+
+detect_anonymous_permission(#{username := undefined,
+                              password := undefined} = Credentials, Fun) ->
+    case anonymous_permission(Credentials) of
+        true -> {ok, Credentials};
+        false -> Fun()
+    end;
+
+detect_anonymous_permission(_Credentials, Fun) ->
+    Fun().
+
+anonymous_permission(Credentials) ->
+    emqx_zone:get_env(maps:get(zone, Credentials, undefined),
+                      allow_anonymous, false).
+