yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(authn): correct peerhost placeholder rendering

This commit is contained in:
JianBo He 2022-06-30 12:50:56 +08:00
parent d7c21020f6
commit 8f696b6f8c
2 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apps/emqx_authn/src/emqx_authn_utils.erl
View File

@ -73,14 +73,21 @@ start_resource_if_enabled(Result, _ResourceId, _Config) ->
check_password_from_selected_map(_Algorithm, _Selected, undefined) -> check_password_from_selected_map(_Algorithm, _Selected, undefined) ->
{error, bad_username_or_password}; {error, bad_username_or_password};
check_password_from_selected_map(Algorithm, Selected, Password) -> check_password_from_selected_map(Algorithm, Selected, Password) ->
Hash = maps:get(<<"password_hash">>, Selected, Hash = maps:get(
maps:get(<<"password">>>, Selected, undefined)), <<"password_hash">>,
Selected,
maps:get(<<"password">>, Selected, undefined)
),
case Hash of case Hash of
undefined -> {error, bad_username_or_password}; undefined ->
{error, bad_username_or_password};
_ -> _ ->
Salt = maps:get(<<"salt">>, Selected, <<>>), Salt = maps:get(<<"salt">>, Selected, <<>>),
case emqx_authn_password_hashing:check_password( case
Algorithm, Salt, Hash, Password) of emqx_authn_password_hashing:check_password(
Algorithm, Salt, Hash, Password
)
of
true -> ok; true -> ok;
false -> {error, bad_username_or_password} false -> {error, bad_username_or_password}
end end
@ -165,10 +172,14 @@ make_resource_id(Name) ->
handle_var({var, Name}, undefined) -> handle_var({var, Name}, undefined) ->
error({cannot_get_variable, Name}); error({cannot_get_variable, Name});
handle_var({var, <<"peerhost">>}, PeerHost) ->
emqx_placeholder:bin(inet:ntoa(PeerHost));
handle_var(_, Value) -> handle_var(_, Value) ->
emqx_placeholder:bin(Value). emqx_placeholder:bin(Value).
handle_sql_var({var, Name}, undefined) -> handle_sql_var({var, Name}, undefined) ->
error({cannot_get_variable, Name}); error({cannot_get_variable, Name});
handle_sql_var({var, <<"peerhost">>}, PeerHost) ->
emqx_placeholder:bin(inet:ntoa(PeerHost));
handle_sql_var(_, Value) -> handle_sql_var(_, Value) ->
emqx_placeholder:sql_data(Value). emqx_placeholder:sql_data(Value).

28
apps/emqx_authn/test/emqx_authn_http_SUITE.erl
View File

@ -29,8 +29,10 @@
-define(HTTP_PORT, 32333). -define(HTTP_PORT, 32333).
-define(HTTP_PATH, "/auth"). -define(HTTP_PATH, "/auth").
-define(CREDENTIALS, #{ -define(CREDENTIALS, #{
clientid => <<"clienta">>,
username => <<"plain">>, username => <<"plain">>,
password => <<"plain">>, password => <<"plain">>,
peerhost => {127, 0, 0, 1},
listener => 'tcp:default', listener => 'tcp:default',
protocol => mqtt protocol => mqtt
}). }).
@ -390,6 +392,32 @@ samples() ->
result => {ok, #{is_superuser => false}} result => {ok, #{is_superuser => false}}
}, },
%% simple post request for placeholders, application/json
#{
handler => fun(Req0, State) ->
{ok, RawBody, Req1} = cowboy_req:read_body(Req0),
#{
<<"username">> := <<"plain">>,
<<"password">> := <<"plain">>,
<<"clientid">> := <<"clienta">>,
<<"peerhost">> := <<"127.0.0.1">>
} = jiffy:decode(RawBody, [return_maps]),
Req = cowboy_req:reply(200, Req1),
{ok, Req, State}
end,
config_params => #{
<<"method">> => <<"post">>,
<<"headers">> => #{<<"content-type">> => <<"application/json">>},
<<"body">> => #{
<<"clientid">> => ?PH_CLIENTID,
<<"username">> => ?PH_USERNAME,
<<"password">> => ?PH_PASSWORD,
<<"peerhost">> => ?PH_PEERHOST
}
},
result => {ok, #{is_superuser => false}}
},
%% custom headers %% custom headers
#{ #{
handler => fun(Req0, State) -> handler => fun(Req0, State) ->