yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: bad authorization format crash with 500

This commit is contained in:
zhongwencool 2022-03-22 22:55:56 +08:00
parent ce2e4f51ac
commit 99dfd8504c
3 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_management/src/emqx_management.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_management, {application, emqx_management,
[{description, "EMQ X Management API and CLI"}, [{description, "EMQ X Management API and CLI"},
{vsn, "4.3.13"}, % strict semver, bump manually! {vsn, "4.3.11"}, % strict semver, bump manually!
{modules, []}, {modules, []},
{registered, [emqx_management_sup]}, {registered, [emqx_management_sup]},
{applications, [kernel,stdlib,minirest]}, {applications, [kernel,stdlib,minirest]},

7
apps/emqx_management/src/emqx_mgmt_http.erl
View File

@ -118,9 +118,10 @@ handle_request(_Method, _Path, Req) ->
cowboy_req:reply(400, #{<<"content-type">> => <<"text/plain">>}, <<"Not found.">>, Req). cowboy_req:reply(400, #{<<"content-type">> => <<"text/plain">>}, <<"Not found.">>, Req).
authorize_appid(Req) -> authorize_appid(Req) ->
case cowboy_req:parse_header(<<"authorization">>, Req) of try
{basic, AppId, AppSecret} -> emqx_mgmt_auth:is_authorized(AppId, AppSecret); {basic, AppId, AppSecret} = cowboy_req:parse_header(<<"authorization">>, Req),
_ -> false emqx_mgmt_auth:is_authorized(AppId, AppSecret)
catch _:_ -> false
end. end.
-ifdef(EMQX_ENTERPRISE). -ifdef(EMQX_ENTERPRISE).

22
lib-ce/emqx_dashboard/src/emqx_dashboard.erl
View File

@ -103,17 +103,17 @@ is_authorized(Req) ->
is_authorized("/api/v4/auth", _Req) -> is_authorized("/api/v4/auth", _Req) ->
true; true;
is_authorized(_Path, Req) -> is_authorized(_Path, Req) ->
case cowboy_req:parse_header(<<"authorization">>, Req) of try
{basic, Username, Password} -> {basic, Username, Password} = cowboy_req:parse_header(<<"authorization">>, Req),
case emqx_dashboard_admin:check(iolist_to_binary(Username), case emqx_dashboard_admin:check(iolist_to_binary(Username), iolist_to_binary(Password)) of
iolist_to_binary(Password)) of ok -> true;
ok -> true; {error, Reason} ->
{error, Reason} -> ?LOG(error, "[Dashboard] Authorization Failure: username=~s, reason=~p",
?LOG(error, "[Dashboard] Authorization Failure: username=~s, reason=~p", [Username, Reason]),
[Username, Reason]), false
false end
end; catch _:_ -> %% bad authorization header will crash.
_ -> false false
end. end.
filter(#{app := emqx_modules}) -> true; filter(#{app := emqx_modules}) -> true;