From 998f79070d5087e6b6ccfc1a5d656f0679fafdf8 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 6 Jul 2022 10:34:43 +0200 Subject: [PATCH] feat: add a quick deny option to allow_anonymous config prior to this change, allow_anonymous is only true | false when set to 'false', even if the client is connected without a username, the auth backends will be invoked. this commit introduced a new config value `false_quick_deny` to deny access immediately without involving auth backends --- priv/emqx.schema | 4 +- src/emqx.app.src | 2 +- src/emqx.appup.src | 80 ++++++++++++++++-------------- src/emqx_access_control.erl | 41 ++++++++++----- test/emqx_access_control_SUITE.erl | 6 +++ 5 files changed, 80 insertions(+), 53 deletions(-) diff --git a/priv/emqx.schema b/priv/emqx.schema index 475e0f6ad..a18df0a0a 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -807,7 +807,7 @@ end}. %% @doc Allow anonymous authentication. {mapping, "allow_anonymous", "emqx.allow_anonymous", [ {default, false}, - {datatype, {enum, [true, false]}} + {datatype, {enum, [true, false, false_quick_deny]}} ]}. %% @doc ACL nomatch. @@ -962,7 +962,7 @@ end}. ]}. {mapping, "zone.$name.allow_anonymous", "emqx.zones", [ - {datatype, {enum, [true, false]}} + {datatype, {enum, [true, false, false_quick_deny]}} ]}. {mapping, "zone.$name.acl_nomatch", "emqx.zones", [ diff --git a/src/emqx.app.src b/src/emqx.app.src index 5b5017b1a..5faeb3caf 100644 --- a/src/emqx.app.src +++ b/src/emqx.app.src @@ -6,7 +6,7 @@ %% the emqx `release' version, which in turn is comprised of several %% apps, one of which is this. See `emqx_release.hrl' for more %% info. - {vsn, "4.3.17"}, % strict semver, bump manually! + {vsn, "4.3.18"}, % strict semver, bump manually! {modules, []}, {registered, []}, {applications, [ kernel diff --git a/src/emqx.appup.src b/src/emqx.appup.src index a64c3dbac..2534585eb 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -1,13 +1,15 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.16", - [{load_module,emqx_plugins,brutal_purge,soft_purge,[]}, + [{"4.3.17",[{load_module,emqx_access_control,brutal_purge,soft_purge,[]}]}, + {"4.3.16", + [{load_module,emqx_access_control,brutal_purge,soft_purge,[]}, + {load_module,emqx_plugins,brutal_purge,soft_purge,[]}, {load_module,emqx_metrics,brutal_purge,soft_purge,[]}, {load_module,emqx_app,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_channel,brutal_purge,soft_purge,[]}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, @@ -17,7 +19,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, @@ -41,7 +43,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, @@ -68,7 +70,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -101,7 +103,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -138,7 +140,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -177,7 +179,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -216,7 +218,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -259,7 +261,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -302,7 +304,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -345,7 +347,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -388,7 +390,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -431,7 +433,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -474,7 +476,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -517,7 +519,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]}, @@ -560,7 +562,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_hooks,brutal_purge,soft_purge,[]}, @@ -605,7 +607,7 @@ [{add_module,emqx_calendar}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {add_module,emqx_exclusive_subscription}, - {apply, {emqx_exclusive_subscription, on_add_module, []}}, + {apply,{emqx_exclusive_subscription,on_add_module,[]}}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_broker,brutal_purge,soft_purge,[]}, {load_module,emqx_hooks,brutal_purge,soft_purge,[]}, @@ -650,8 +652,10 @@ {load_module,emqx_message,brutal_purge,soft_purge,[]}, {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.16", - [{load_module,emqx_plugins,brutal_purge,soft_purge,[]}, + [{"4.3.17",[{load_module,emqx_access_control,brutal_purge,soft_purge,[]}]}, + {"4.3.16", + [{load_module,emqx_access_control,brutal_purge,soft_purge,[]}, + {load_module,emqx_plugins,brutal_purge,soft_purge,[]}, {load_module,emqx_metrics,brutal_purge,soft_purge,[]}, {load_module,emqx_app,brutal_purge,soft_purge,[]}, {load_module,emqx_access_rule,brutal_purge,soft_purge,[]}, @@ -660,11 +664,11 @@ {load_module,emqx_ctl,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}]}, {"4.3.15", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -687,7 +691,7 @@ {load_module,emqx_app,brutal_purge,soft_purge,[]}]}, {"4.3.14", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -713,7 +717,7 @@ {load_module,emqx_hooks,brutal_purge,soft_purge,[]}]}, {"4.3.13", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -745,7 +749,7 @@ {load_module,emqx_connection,brutal_purge,soft_purge,[]}]}, {"4.3.12", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -780,7 +784,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.11", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -817,7 +821,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.10", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -854,7 +858,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.9", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -895,7 +899,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.8", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -936,7 +940,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.7", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -977,7 +981,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.6", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1018,7 +1022,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.5", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1059,7 +1063,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.4", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1100,7 +1104,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.3", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1141,7 +1145,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.2", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1182,7 +1186,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.1", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, @@ -1225,7 +1229,7 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {"4.3.0", [{delete_module,emqx_calendar}, - {apply, {emqx_exclusive_subscription, on_delete_module, []}}, + {apply,{emqx_exclusive_subscription,on_delete_module,[]}}, {delete_module,emqx_exclusive_subscription}, {load_module,emqx_topic,brutal_purge,soft_purge,[]}, {load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]}, diff --git a/src/emqx_access_control.erl b/src/emqx_access_control.erl index 93dde28c2..4675c7f81 100644 --- a/src/emqx_access_control.erl +++ b/src/emqx_access_control.erl @@ -33,15 +33,13 @@ -spec(authenticate(emqx_types:clientinfo()) -> {ok, result()} | {error, term()}). authenticate(ClientInfo = #{zone := Zone}) -> - AuthResult = default_auth_result(Zone), - case - begin ok = emqx_metrics:inc('client.authenticate'), - emqx_zone:get_env(Zone, bypass_auth_plugins, false) - end - of - true -> + ok = emqx_metrics:inc('client.authenticate'), + Username = maps:get(username, ClientInfo, undefined), + {MaybeStop, AuthResult} = default_auth_result(Username, Zone), + case MaybeStop of + stop -> return_auth_result(AuthResult); - false -> + continue -> return_auth_result(emqx_hooks:run_fold('client.authenticate', [ClientInfo], AuthResult)) end. @@ -91,10 +89,29 @@ inc_acl_metrics(cache_hit) -> emqx_metrics:inc('client.acl.cache_hit'). %% Auth -default_auth_result(Zone) -> - case emqx_zone:get_env(Zone, allow_anonymous, false) of - true -> #{auth_result => success, anonymous => true}; - false -> #{auth_result => not_authorized, anonymous => false} +default_auth_result(Username, Zone) -> + IsAnonymous = (Username =:= undefined orelse Username =:= <<>>), + AllowAnonymous = emqx_zone:get_env(Zone, allow_anonymous, false), + Bypass = emqx_zone:get_env(Zone, bypass_auth_plugins, false), + %% the `anonymous` filed in auth result does not mean the client is + %% connected without username, but if the auth result is based on + %% allowing anonymous access. + IsResultBasedOnAllowAnonymous = + case AllowAnonymous of + true -> true; + _ -> false + end, + Result = case AllowAnonymous of + true -> #{auth_result => success, anonymous => IsResultBasedOnAllowAnonymous}; + _ -> #{auth_result => not_authorized, anonymous => IsResultBasedOnAllowAnonymous} + end, + case {IsAnonymous, AllowAnonymous} of + {true, false_quick_deny} -> + {stop, Result}; + _ when Bypass -> + {stop, Result}; + _ -> + {continue, Result} end. -compile({inline, [return_auth_result/1]}). diff --git a/test/emqx_access_control_SUITE.erl b/test/emqx_access_control_SUITE.erl index 8b0d5778b..a03312853 100644 --- a/test/emqx_access_control_SUITE.erl +++ b/test/emqx_access_control_SUITE.erl @@ -38,6 +38,12 @@ t_authenticate(_) -> emqx_zone:set_env(zone, allow_anonymous, true), ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())). +t_authenticate_fast_fail(_) -> + emqx_zone:set_env(zone, allow_anonymous, false_quick_deny), + ?assertMatch({error, _}, emqx_access_control:authenticate(clientinfo())), + emqx_zone:set_env(zone, allow_anonymous, true), + ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())). + t_check_acl(_) -> emqx_zone:set_env(zone, acl_nomatch, deny), application:set_env(emqx, enable_acl_cache, false),