yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(authentication): implement http api and change external apis

This commit is contained in:
zhouzb 2021-05-29 09:58:27 +08:00
parent 54106790c7
commit 9d4af87eb7
9 changed files with 563 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/emqx_authentication/data/user-credentials.csv
View File

@ -1,2 +1,2 @@
myuser3,mypassword3 myuser3,8d41233e39c95b5da13361e354e1c9e639f07b27d397463a8f91b71ee07ccfb2
myuser4,mypassword4 myuser4,5809df0154f3cb4ac5c3a5572eaca0c5f7f9d858e887fc675b2becab9feb19d1
1 myuser3 mypassword3 8d41233e39c95b5da13361e354e1c9e639f07b27d397463a8f91b71ee07ccfb2
2 myuser4 mypassword4 5809df0154f3cb4ac5c3a5572eaca0c5f7f9d858e887fc675b2becab9feb19d1

4
apps/emqx_authentication/data/user-credentials.json
View File

@ -1,4 +1,4 @@
{ {
"myuser1": "mypassword1", "myuser1": "09343625c6c123d3434932fe1ce08bae5ac00a8f95bd746e10491b0bafdd1817",
"myuser2": "mypassword2" "myuser2": "8767a7d316ad68cb607c7c805b859ffa78277dda13b7a3e2e8b53cad3cabbc6e"
} }

115
apps/emqx_authentication/src/emqx_authentication.erl
View File

@ -40,11 +40,12 @@
, move_service_to_the_nth/3 , move_service_to_the_nth/3
]). ]).
-export([ import_user_credentials/4 -export([ import_users/3
, add_user_credential/3 , add_user/3
, delete_user_credential/3 , delete_user/3
, update_user_credential/3 , update_user/4
, lookup_user_credential/3 , lookup_user/3
, list_users/2
]). ]).
-export([mnesia/1]). -export([mnesia/1]).
@ -101,7 +102,7 @@ disable() ->
authenticate(#{chain_id := ChainID} = ClientInfo) -> authenticate(#{chain_id := ChainID} = ClientInfo) ->
case mnesia:dirty_read(?CHAIN_TAB, ChainID) of case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
[#chain{services = []}] -> [#chain{services = []}] ->
{error, todo}; {error, no_services};
[#chain{services = Services}] -> [#chain{services = Services}] ->
do_authenticate(Services, ClientInfo); do_authenticate(Services, ClientInfo);
[] -> [] ->
@ -109,7 +110,7 @@ authenticate(#{chain_id := ChainID} = ClientInfo) ->
end. end.
do_authenticate([], _) -> do_authenticate([], _) ->
{error, user_credential_not_found}; {error, user_not_found};
do_authenticate([{_, #service{provider = Provider, state = State}} | More], ClientInfo) -> do_authenticate([{_, #service{provider = Provider, state = State}} | More], ClientInfo) ->
case Provider:authenticate(ClientInfo, State) of case Provider:authenticate(ClientInfo, State) of
ignore -> do_authenticate(More, ClientInfo); ignore -> do_authenticate(More, ClientInfo);
@ -136,55 +137,44 @@ register_service_types([{_App, Mod, #{name := Name,
params_spec = ParamsSpec}, params_spec = ParamsSpec},
register_service_types(Types, [ServiceType | Acc]). register_service_types(Types, [ServiceType | Acc]).
create_chain(Params = #{chain_id := ChainID}) -> create_chain(#{id := ID}) ->
ServiceParams = maps:get(services, Params, []),
case validate_service_params(ServiceParams) of
{ok, NServiceParams} ->
trans(
fun() ->
case mnesia:read(?CHAIN_TAB, ChainID, write) of
[] ->
case create_services(ChainID, NServiceParams) of
{ok, Services} ->
Chain = #chain{id = ChainID,
services = Services,
created_at = erlang:system_time(millisecond)},
mnesia:write(?CHAIN_TAB, Chain, write),
{ok, ChainID};
{error, Reason} ->
{error, Reason}
end;
[_ | _] ->
{error, {already_exists, {chain, ChainID}}}
end
end);
{error, Reason} ->
{error, Reason}
end.
delete_chain(ChainID) ->
trans( trans(
fun() -> fun() ->
case mnesia:read(?CHAIN_TAB, ChainID, write) of case mnesia:read(?CHAIN_TAB, ID, write) of
[] -> [] ->
{error, {not_found, {chain, ChainID}}}; Chain = #chain{id = ID,
[#chain{services = Services}] -> services = [],
ok = delete_services_(Services), created_at = erlang:system_time(millisecond)},
mnesia:delete(?CHAIN_TAB, ChainID, write) mnesia:write(?CHAIN_TAB, Chain, write),
{ok, serialize_chain(Chain)};
[_ | _] ->
{error, {already_exists, {chain, ID}}}
end end
end). end).
lookup_chain(ChainID) -> delete_chain(ID) ->
case mnesia:dirty_read(?CHAIN_TAB, ChainID) of trans(
fun() ->
case mnesia:read(?CHAIN_TAB, ID, write) of
[] ->
{error, {not_found, {chain, ID}}};
[#chain{services = Services}] ->
ok = delete_services_(Services),
mnesia:delete(?CHAIN_TAB, ID, write)
end
end).
lookup_chain(ID) ->
case mnesia:dirty_read(?CHAIN_TAB, ID) of
[] -> [] ->
{error, {not_found, {chain, ChainID}}}; {error, {not_found, {chain, ID}}};
[Chain] -> [Chain] ->
{ok, serialize_chain(Chain)} {ok, serialize_chain(Chain)}
end. end.
list_chains() -> list_chains() ->
Chains = ets:tab2list(?CHAIN_TAB), Chains = ets:tab2list(?CHAIN_TAB),
[serialize_chain(Chain) || Chain <- Chains]. {ok, [serialize_chain(Chain) || Chain <- Chains]}.
add_services(ChainID, ServiceParams) -> add_services(ChainID, ServiceParams) ->
case validate_service_params(ServiceParams) of case validate_service_params(ServiceParams) of
@ -195,8 +185,10 @@ add_services(ChainID, ServiceParams) ->
ok -> ok ->
case create_services(ChainID, NServiceParams) of case create_services(ChainID, NServiceParams) of
{ok, NServices} -> {ok, NServices} ->
io:format("~p~n", [NServices]),
NChain = Chain#chain{services = Services ++ NServices}, NChain = Chain#chain{services = Services ++ NServices},
mnesia:write(?CHAIN_TAB, NChain, write); ok = mnesia:write(?CHAIN_TAB, NChain, write),
{ok, serialize_services(NServices)};
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end; end;
@ -243,8 +235,9 @@ update_service(ChainID, ServiceName, NewParams) ->
{ok, NState} -> {ok, NState} ->
NService = Service#service{params = Params, NService = Service#service{params = Params,
state = NState}, state = NState},
NServices = lists:keyreplace(ServiceName, 1, Services, [{ServiceName, NService}]), NServices = lists:keyreplace(ServiceName, 1, Services, {ServiceName, NService}),
mnesia:write(?CHAIN_TAB, Chain#chain{services = NServices}, write); ok = mnesia:write(?CHAIN_TAB, Chain#chain{services = NServices}, write),
{ok, serialize_service({ServiceName, NService})};
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end end
@ -270,7 +263,7 @@ list_services(ChainID) ->
[] -> [] ->
{error, {not_found, {chain, ChainID}}}; {error, {not_found, {chain, ChainID}}};
[#chain{services = Services}] -> [#chain{services = Services}] ->
{ok, [serialize_service(Service) || Service <- Services]} {ok, serialize_services(Services)}
end. end.
move_service_to_the_front(ChainID, ServiceName) -> move_service_to_the_front(ChainID, ServiceName) ->
@ -309,20 +302,23 @@ move_service_to_the_nth(ChainID, ServiceName, N) ->
end, end,
update_chain(ChainID, UpdateFun). update_chain(ChainID, UpdateFun).
import_user_credentials(ChainID, ServiceName, Filename, FileFormat) -> import_users(ChainID, ServiceName, Filename) ->
call_service(ChainID, ServiceName, import_user_credentials, [Filename, FileFormat]). call_service(ChainID, ServiceName, import_users, [Filename]).
add_user_credential(ChainID, ServiceName, Credential) -> add_user(ChainID, ServiceName, UserInfo) ->
call_service(ChainID, ServiceName, add_user_credential, [Credential]). call_service(ChainID, ServiceName, add_user, [UserInfo]).
delete_user_credential(ChainID, ServiceName, UserIdentity) -> delete_user(ChainID, ServiceName, UserID) ->
call_service(ChainID, ServiceName, delete_user_credential, [UserIdentity]). call_service(ChainID, ServiceName, delete_user, [UserID]).
update_user_credential(ChainID, ServiceName, Credential) -> update_user(ChainID, ServiceName, UserID, NewUserInfo) ->
call_service(ChainID, ServiceName, update_user_credential, [Credential]). call_service(ChainID, ServiceName, update_user, [UserID, NewUserInfo]).
lookup_user_credential(ChainID, ServiceName, UserIdentity) -> lookup_user(ChainID, ServiceName, UserID) ->
call_service(ChainID, ServiceName, lookup_user_credential, [UserIdentity]). call_service(ChainID, ServiceName, lookup_user, [UserID]).
list_users(ChainID, ServiceName) ->
call_service(ChainID, ServiceName, list_users, []).
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Internal functions %% Internal functions
@ -506,9 +502,12 @@ serialize_chain(#chain{id = ID,
services = Services, services = Services,
created_at = CreatedAt}) -> created_at = CreatedAt}) ->
#{id => ID, #{id => ID,
services => [serialize_service(Service) || Service <- Services], services => serialize_services(Services),
created_at => CreatedAt}. created_at => CreatedAt}.
serialize_services(Services) ->
[serialize_service(Service) || Service <- Services].
serialize_service({_, #service{name = Name, serialize_service({_, #service{name = Name,
type = Type, type = Type,
params = Params}}) -> params = Params}}) ->

452
apps/emqx_authentication/src/emqx_authentication_api.erl
View File

@ -20,25 +20,22 @@
, delete_chain/2 , delete_chain/2
, lookup_chain/2 , lookup_chain/2
, list_chains/2 , list_chains/2
, add_services/2 , add_service/2
, delete_services/2 , delete_service/2
, update_service/2 , update_service/2
, lookup_service/2 , lookup_service/2
, list_services/2 , list_services/2
, move_service/2 , move_service/2
, import_user_credentials/2 , import_users/2
, add_user_creadential/2 , add_user/2
, delete_user/2
, update_user/2
, lookup_user/2
, list_users/2
]). ]).
-import(minirest, [return/1]). -import(minirest, [return/1]).
-rest_api(#{name => list_chains,
method => 'GET',
path => "/authentication/chains",
func => list_chains,
descr => "List all chains"
}).
-rest_api(#{name => create_chain, -rest_api(#{name => create_chain,
method => 'POST', method => 'POST',
path => "/authentication/chains", path => "/authentication/chains",
@ -46,187 +43,352 @@
descr => "Create a chain" descr => "Create a chain"
}). }).
create_chain(_Binding, Params = #{chain_id := ChainID}) -> -rest_api(#{name => delete_chain,
case emqx_authentication:create_chain(Params) of method => 'DELETE',
{ok, ChainID} -> path => "/authentication/chains/:bin:chain_id",
return({ok, ChainID}); func => delete_chain,
{error, Reason} -> descr => "Delete chain"
return({error, serialize_error(Reason)}) }).
end;
create_chain(_Binding, _Params) ->
return({error, serialize_error({missing_parameter, chain_id})}).
delete_chain(_Binding, #{chain_id := ChainID}) -> -rest_api(#{name => lookup_chain,
method => 'GET',
path => "/authentication/chains/:bin:chain_id",
func => lookup_chain,
descr => "Lookup chain"
}).
-rest_api(#{name => list_chains,
method => 'GET',
path => "/authentication/chains",
func => list_chains,
descr => "List all chains"
}).
-rest_api(#{name => add_service,
method => 'POST',
path => "/authentication/chains/:bin:chain_id/services",
func => add_service,
descr => "Add service to chain"
}).
-rest_api(#{name => delete_service,
method => 'DELETE',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name",
func => delete_service,
descr => "Delete service from chain"
}).
-rest_api(#{name => update_service,
method => 'PUT',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name",
func => update_service,
descr => "Update service in chain"
}).
-rest_api(#{name => lookup_service,
method => 'GET',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name",
func => lookup_service,
descr => "Lookup service in chain"
}).
-rest_api(#{name => list_services,
method => 'GET',
path => "/authentication/chains/:bin:chain_id/services",
func => list_services,
descr => "List services in chain"
}).
-rest_api(#{name => move_service,
method => 'POST',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/position",
func => move_service,
descr => "Change the order of services"
}).
-rest_api(#{name => import_users,
method => 'POST',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/import-users",
func => import_users,
descr => "Import users"
}).
-rest_api(#{name => add_user,
method => 'POST',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/users",
func => add_user,
descr => "Add user"
}).
-rest_api(#{name => delete_user,
method => 'DELETE',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/users/:bin:user_id",
func => delete_user,
descr => "Delete user"
}).
-rest_api(#{name => update_user,
method => 'PUT',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/users/:bin:user_id",
func => update_user,
descr => "Update user"
}).
-rest_api(#{name => lookup_user,
method => 'GET',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/users/:bin:user_id",
func => lookup_user,
descr => "Lookup user"
}).
%% TODO: Support pagination
-rest_api(#{name => list_users,
method => 'GET',
path => "/authentication/chains/:bin:chain_id/services/:bin:service_name/users",
func => list_users,
descr => "List all users"
}).
create_chain(Binding, Params) ->
do_create_chain(uri_decode(Binding), maps:from_list(Params)).
do_create_chain(_Binding, #{<<"chain_id">> := ChainID}) ->
case emqx_authentication:create_chain(ChainID) of
{ok, Chain} ->
return({ok, Chain});
{error, Reason} ->
return(serialize_error(Reason))
end;
do_create_chain(_Binding, _Params) ->
return(serialize_error({missing_parameter, chain_id})).
delete_chain(Binding, Params) ->
do_delete_chain(uri_decode(Binding), maps:from_list(Params)).
do_delete_chain(#{chain_id := ChainID}, _Params) ->
case emqx_authentication:delete_chain(ChainID) of case emqx_authentication:delete_chain(ChainID) of
ok -> ok ->
return(ok); return(ok);
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end. end.
lookup_chain(_Binding, #{chain_id := ChainID}) -> lookup_chain(Binding, Params) ->
do_lookup_chain(uri_decode(Binding), maps:from_list(Params)).
do_lookup_chain(#{chain_id := ChainID}, _Params) ->
case emqx_authentication:lookup_chain(ChainID) of case emqx_authentication:lookup_chain(ChainID) of
{ok, Chain} -> {ok, Chain} ->
return({ok, Chain}); return({ok, Chain});
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end.
list_chains(Binding, Params) ->
do_list_chains(uri_decode(Binding), maps:from_list(Params)).
do_list_chains(_Binding, _Params) ->
{ok, Chains} = emqx_authentication:list_chains(),
return({ok, Chains}).
add_service(Binding, Params) ->
do_add_service(uri_decode(Binding), maps:from_list(Params)).
do_add_service(#{chain_id := ChainID}, #{<<"name">> := Name,
<<"type">> := Type,
<<"params">> := Params}) ->
case emqx_authentication:add_services(ChainID, [#{name => Name,
type => binary_to_existing_atom(Type, utf8),
params => maps:from_list(Params)}]) of
{ok, Services} ->
return({ok, Services});
{error, Reason} ->
return(serialize_error(Reason))
end; end;
lookup_chain(_Binding, _Params) -> %% TODO: Check missed field in params
return({error, serialize_error({missing_parameter, chain_id})}). do_add_service(_Binding, Params) ->
Missed = get_missed_params(Params, [<<"name">>, <<"type">>, <<"params">>]),
return(serialize_error({missing_parameter, Missed})).
list_chains(_Binding, _Params) -> delete_service(Binding, Params) ->
emqx_authentication:list_chains(). do_delete_service(uri_decode(Binding), maps:from_list(Params)).
add_services(_Binding, Params = #{chain_id := ChainID}) -> do_delete_service(#{chain_id := ChainID,
case maps:get(services, Params, []) of service_name := ServiceName}, _Params) ->
[] -> return(ok); case emqx_authentication:delete_services(ChainID, [ServiceName]) of
Services ->
case emqx_authentication:add_services(ChainID, Services) of
ok ->
return(ok);
{error, Reason} ->
return({error, serialize_error(Reason)})
end
end;
add_services(_Binding, _Params) ->
return({error, serialize_error({missing_parameter, chain_id})}).
delete_services(_Binding, #{chain_id := ChainID,
service_names := ServiceNames}) ->
case emqx_authentication:delete_services(ChainID, ServiceNames) of
ok -> ok ->
return(ok); return(ok);
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end.
delete_services(_Binding, #{chain_id := _}) ->
return({error, serialize_error({missing_parameter, service_names})});
delete_services(_Binding, #{service_names := _}) ->
return({error, serialize_error({missing_parameter, chain_id})}).
%% TODO: better input parameters update_service(Binding, Params) ->
update_service(_Binding, #{chain_id := ChainID, do_update_service(uri_decode(Binding), maps:from_list(Params)).
service_name := ServiceName,
service_params := Params}) -> %% TOOD: PUT
do_update_service(#{chain_id := ChainID,
service_name := ServiceName}, Params) ->
case emqx_authentication:update_service(ChainID, ServiceName, Params) of case emqx_authentication:update_service(ChainID, ServiceName, Params) of
ok -> {ok, Service} ->
return(ok); return({ok, Service});
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end.
update_service(_Binding, #{chain_id := _}) ->
return({error, serialize_error({missing_parameter, service_name})});
update_service(_Binding, #{service_name := _}) ->
return({error, serialize_error({missing_parameter, chain_id})}).
lookup_service(_Binding, #{chain_id := ChainID, lookup_service(Binding, Params) ->
service_name := ServiceName}) -> do_lookup_service(uri_decode(Binding), maps:from_list(Params)).
do_lookup_service(#{chain_id := ChainID,
service_name := ServiceName}, _Params) ->
case emqx_authentication:lookup_service(ChainID, ServiceName) of case emqx_authentication:lookup_service(ChainID, ServiceName) of
{ok, Service} -> {ok, Service} ->
return({ok, Service}); return({ok, Service});
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end.
lookup_service(_Binding, #{chain_id := _}) ->
return({error, serialize_error({missing_parameter, service_name})});
lookup_service(_Binding, #{service_name := _}) ->
return({error, serialize_error({missing_parameter, chain_id})}).
list_services(_Binding, #{chain_id := ChainID}) -> list_services(Binding, Params) ->
do_list_services(uri_decode(Binding), maps:from_list(Params)).
do_list_services(#{chain_id := ChainID}, _Params) ->
case emqx_authentication:list_services(ChainID) of case emqx_authentication:list_services(ChainID) of
{ok, Service} -> {ok, Services} ->
return({ok, Service}); return({ok, Services});
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end.
list_services(_Binding, _Params) ->
return({error, serialize_error({missing_parameter, chain_id})}).
move_service(_Binding, #{chain_id := ChainID, move_service(Binding, Params) ->
service_name := ServiceName, do_move_service(uri_decode(Binding), maps:from_list(Params)).
to := <<"the front">>}) ->
case emqx_authenticaiton:move_service_to_the_front(ChainID, ServiceName) of
ok ->
return(ok);
{error, Reason} ->
return({error, serialize_error(Reason)})
end;
move_service(_Binding, #{chain_id := ChainID,
service_name := ServiceName,
to := <<"the end">>}) ->
case emqx_authenticaiton:move_service_to_the_end(ChainID, ServiceName) of
ok ->
return(ok);
{error, Reason} ->
return({error, serialize_error(Reason)})
end;
move_service(_Binding, #{chain_id := ChainID,
service_name := ServiceName,
to := N}) when is_number(N) ->
case emqx_authenticaiton:move_service_to_the_nth(ChainID, ServiceName, N) of
ok ->
return(ok);
{error, Reason} ->
return({error, serialize_error(Reason)})
end;
move_service(_Binding, Params) ->
Missed = get_missed_params(Params, [chain_id, service_name, to]),
return({error, serialize_error({missing_parameter, Missed})}).
import_user_credentials(_Binding, #{chain_id := ChainID, do_move_service(#{chain_id := ChainID,
service_name := ServiceName, service_name := ServiceName}, #{<<"position">> := <<"the front">>}) ->
filename := Filename, case emqx_authentication:move_service_to_the_front(ChainID, ServiceName) of
file_format := FileFormat}) ->
case emqx_authentication:import_user_credentials(ChainID, ServiceName, Filename, FileFormat) of
ok -> ok ->
return(ok); return(ok);
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end;
import_user_credentials(_Binding, Params) -> do_move_service(#{chain_id := ChainID,
Missed = get_missed_params(Params, [chain_id, service_name, filename, file_format]), service_name := ServiceName}, #{<<"position">> := <<"the end">>}) ->
return({error, serialize_error({missing_parameter, Missed})}). case emqx_authentication:move_service_to_the_end(ChainID, ServiceName) of
ok ->
return(ok);
{error, Reason} ->
return(serialize_error(Reason))
end;
do_move_service(#{chain_id := ChainID,
service_name := ServiceName}, #{<<"position">> := N}) when is_number(N) ->
case emqx_authentication:move_service_to_the_nth(ChainID, ServiceName, N) of
ok ->
return(ok);
{error, Reason} ->
return(serialize_error(Reason))
end;
do_move_service(_Binding, _Params) ->
return(serialize_error({missing_parameter, <<"position">>})).
add_user_creadential(_Binding, #{chain_id := ChainID, import_users(Binding, Params) ->
service_name := ServiceName, do_import_users(uri_decode(Binding), maps:from_list(Params)).
credential := Credential}) ->
case emqx_authentication:add_user_creadentials(ChainID, ServiceName, Credential) of do_import_users(#{chain_id := ChainID, service_name := ServiceName},
#{<<"filename">> := Filename}) ->
case emqx_authentication:import_users(ChainID, ServiceName, Filename) of
ok -> ok ->
return(ok); return(ok);
{error, Reason} -> {error, Reason} ->
return({error, serialize_error(Reason)}) return(serialize_error(Reason))
end; end;
add_user_creadential(_Binding, Params) -> do_import_users(_Binding, Params) ->
Missed = get_missed_params(Params, [chain_id, service_name, credential]), Missed = get_missed_params(Params, [<<"filename">>, <<"file_format">>]),
return({error, serialize_error({missing_parameter, Missed})}). return(serialize_error({missing_parameter, Missed})).
add_user(Binding, Params) ->
do_add_user(uri_decode(Binding), maps:from_list(Params)).
do_add_user(#{chain_id := ChainID,
service_name := ServiceName}, UserInfo) ->
case emqx_authentication:add_user(ChainID, ServiceName, UserInfo) of
{ok, User} ->
return({ok, User});
{error, Reason} ->
return(serialize_error(Reason))
end.
delete_user(Binding, Params) ->
do_delete_user(uri_decode(Binding), maps:from_list(Params)).
do_delete_user(#{chain_id := ChainID,
service_name := ServiceName,
user_id := UserID}, _Params) ->
case emqx_authentication:delete_user(ChainID, ServiceName, UserID) of
ok ->
return(ok);
{error, Reason} ->
return(serialize_error(Reason))
end.
update_user(Binding, Params) ->
do_update_user(uri_decode(Binding), maps:from_list(Params)).
do_update_user(#{chain_id := ChainID,
service_name := ServiceName,
user_id := UserID}, NewUserInfo) ->
case emqx_authentication:update_user(ChainID, ServiceName, UserID, NewUserInfo) of
{ok, User} ->
return({ok, User});
{error, Reason} ->
return(serialize_error(Reason))
end.
lookup_user(Binding, Params) ->
do_lookup_user(uri_decode(Binding), maps:from_list(Params)).
do_lookup_user(#{chain_id := ChainID,
service_name := ServiceName,
user_id := UserID}, _Params) ->
case emqx_authentication:lookup_user(ChainID, ServiceName, UserID) of
{ok, User} ->
return({ok, User});
{error, Reason} ->
return(serialize_error(Reason))
end.
list_users(Binding, Params) ->
do_list_users(uri_decode(Binding), maps:from_list(Params)).
do_list_users(#{chain_id := ChainID,
service_name := ServiceName}, _Params) ->
case emqx_authentication:list_users(ChainID, ServiceName) of
{ok, Users} ->
return({ok, Users});
{error, Reason} ->
return(serialize_error(Reason))
end.
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Internal functions %% Internal functions
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
serialize_error(Reason) when not is_map(Reason) -> uri_decode(Params) ->
Error = serialize_error_(Reason), maps:fold(fun(K, V, Acc) ->
emqx_json:encode(Error). Acc#{K => emqx_http_lib:uri_decode(V)}
end, #{}, Params).
serialize_error_({already_exists, {Type, ID}}) -> serialize_error({already_exists, {Type, ID}}) ->
#{code => "ALREADY_EXISTS", {error, <<"ALREADY_EXISTS">>, list_to_binary(io_lib:format("~p ~p already exists", [serialize_type(Type), ID]))};
message => io_lib:format("~p ~p already exists", [serialize_type(Type), ID])}; serialize_error({not_found, {Type, ID}}) ->
serialize_error_({not_found, {Type, ID}}) -> {error, <<"NOT_FOUND">>, list_to_binary(io_lib:format("~p ~p not found", [serialize_type(Type), ID]))};
#{code => "NOT_FOUND", serialize_error({duplicate, Name}) ->
message => io_lib:format("~p ~p not found", [serialize_type(Type), ID])}; {error, <<"INVALID_PARAMETER">>, list_to_binary(io_lib:format("Service name ~p is duplicated", [Name]))};
serialize_error_({duplicate, Name}) -> serialize_error({missing_parameter, Names = [_ | Rest]}) ->
#{code => "INVALID_PARAMETER",
message => io_lib:format("Service name ~p is duplicated", [Name])};
serialize_error_({missing_parameter, Names = [_ | Rest]}) ->
Format = ["~p," || _ <- Rest] ++ ["~p"], Format = ["~p," || _ <- Rest] ++ ["~p"],
NFormat = binary_to_list(iolist_to_binary(Format)), NFormat = binary_to_list(iolist_to_binary(Format)),
#{code => "MISSING_PARAMETER", {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameters " ++ NFormat ++ " that are mandatory for processing this request are not supplied.", Names))};
message => io_lib:format("The input parameters " ++ NFormat ++ " that are mandatory for processing this request are not supplied.", Names)}; serialize_error({missing_parameter, Name}) ->
serialize_error_({missing_parameter, Name}) -> {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameter ~p that is mandatory for processing this request is not supplied.", [Name]))};
#{code => "MISSING_PARAMETER", serialize_error(_) ->
message => io_lib:format("The input parameter ~p that is mandatory for processing this request is not supplied.", [Name])}; {error, <<"UNKNOWN_ERROR">>, <<"Unknown error">>}.
serialize_error_(_) ->
#{code => "UNKNOWN_ERROR"}.
serialize_type(service) -> serialize_type(service) ->
"Service"; "Service";

2
apps/emqx_authentication/src/emqx_authentication_app.erl
View File

@ -18,6 +18,8 @@
-behaviour(application). -behaviour(application).
-emqx_plugin(?MODULE).
%% Application callbacks %% Application callbacks
-export([ start/2 -export([ start/2
, stop/1 , stop/1

234
apps/emqx_authentication/src/emqx_authentication_mnesia.erl
View File

@ -24,17 +24,18 @@
, destroy/1 , destroy/1
]). ]).
-export([ import_user_credentials/3 -export([ import_users/2
, add_user_credential/2 , add_user/2
, delete_user_credential/2 , delete_user/2
, update_user_credential/2 , update_user/3
, lookup_user_credential/2 , lookup_user/2
, list_users/1
]). ]).
-service_type(#{ -service_type(#{
name => mnesia, name => mnesia,
params_spec => #{ params_spec => #{
user_identity_type => #{ user_id_type => #{
order => 1, order => 1,
type => string, type => string,
required => true, required => true,
@ -51,13 +52,13 @@
} }
}). }).
-record(user_credential, -record(user_info,
{ user_identity :: {user_group(), user_identity()} { user_id :: {user_group(), user_id()}
, password_hash :: binary() , password_hash :: binary()
}). }).
-type(user_group() :: {chain_id(), service_name()}). -type(user_group() :: {chain_id(), service_name()}).
-type(user_identity() :: binary()). -type(user_id() :: binary()).
-export([mnesia/1]). -export([mnesia/1]).
@ -66,6 +67,8 @@
-define(TAB, mnesia_basic_auth). -define(TAB, mnesia_basic_auth).
%% TODO: Support salt
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Mnesia bootstrap %% Mnesia bootstrap
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
@ -75,17 +78,17 @@
mnesia(boot) -> mnesia(boot) ->
ok = ekka_mnesia:create_table(?TAB, [ ok = ekka_mnesia:create_table(?TAB, [
{disc_copies, [node()]}, {disc_copies, [node()]},
{record_name, user_credential}, {record_name, user_info},
{attributes, record_info(fields, user_credential)}, {attributes, record_info(fields, user_info)},
{storage_properties, [{ets, [{read_concurrency, true}]}]}]); {storage_properties, [{ets, [{read_concurrency, true}]}]}]);
mnesia(copy) -> mnesia(copy) ->
ok = ekka_mnesia:copy_table(?TAB, disc_copies). ok = ekka_mnesia:copy_table(?TAB, disc_copies).
create(ChainID, ServiceName, #{<<"user_identity_type">> := Type, create(ChainID, ServiceName, #{<<"user_id_type">> := Type,
<<"password_hash_algorithm">> := Algorithm}) -> <<"password_hash_algorithm">> := Algorithm}) ->
State = #{user_group => {ChainID, ServiceName}, State = #{user_group => {ChainID, ServiceName},
user_identity_type => binary_to_atom(Type, utf8), user_id_type => binary_to_atom(Type, utf8),
password_hash_algorithm => binary_to_atom(Algorithm, utf8)}, password_hash_algorithm => binary_to_atom(Algorithm, utf8)},
{ok, State}. {ok, State}.
@ -94,13 +97,13 @@ update(ChainID, ServiceName, Params, _State) ->
authenticate(ClientInfo = #{password := Password}, authenticate(ClientInfo = #{password := Password},
#{user_group := UserGroup, #{user_group := UserGroup,
user_identity_type := Type, user_id_type := Type,
password_hash_algorithm := Algorithm}) -> password_hash_algorithm := Algorithm}) ->
UserIdentity = get_user_identity(ClientInfo, Type), UserID = get_user_identity(ClientInfo, Type),
case mnesia:dirty_read(?TAB, {UserGroup, UserIdentity}) of case mnesia:dirty_read(?TAB, {UserGroup, UserID}) of
[] -> [] ->
ignore; ignore;
[#user_credential{password_hash = Hash}] -> [#user_info{password_hash = Hash}] ->
case Hash =:= emqx_passwd:hash(Algorithm, Password) of case Hash =:= emqx_passwd:hash(Algorithm, Password) of
true -> true ->
ok; ok;
@ -112,117 +115,133 @@ authenticate(ClientInfo = #{password := Password},
destroy(#{user_group := UserGroup}) -> destroy(#{user_group := UserGroup}) ->
trans( trans(
fun() -> fun() ->
MatchSpec = [{#user_credential{user_identity = {UserGroup, '_'}, _ = '_'}, [], ['$_']}], MatchSpec = [{#user_info{user_id = {UserGroup, '_'}, _ = '_'}, [], ['$_']}],
lists:foreach(fun delete_user_credential/1, mnesia:select(?TAB, MatchSpec, write)) lists:foreach(fun delete_user2/1, mnesia:select(?TAB, MatchSpec, write))
end). end).
import_users(Filename0, State) ->
Filename = to_binary(Filename0),
case filename:extension(Filename) of
<<".json">> ->
import_users_from_json(Filename, State);
<<".csv">> ->
import_users_from_csv(Filename, State);
<<>> ->
{error, unknown_file_format};
Extension ->
{error, {unsupported_file_format, Extension}}
end.
add_user(#{<<"user_id">> := UserID,
<<"password">> := Password},
#{user_group := UserGroup,
password_hash_algorithm := Algorithm}) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserID}, write) of
[] ->
add(UserGroup, UserID, Password, Algorithm),
{ok, #{user_id => UserID}};
[_] ->
{error, already_exist}
end
end).
delete_user(UserID, #{user_group := UserGroup}) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserID}, write) of
[] ->
{error, not_found};
[_] ->
mnesia:delete(?TAB, {UserGroup, UserID}, write)
end
end).
update_user(UserID, #{<<"password">> := Password},
#{user_group := UserGroup,
password_hash_algorithm := Algorithm}) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserID}, write) of
[] ->
{error, not_found};
[_] ->
add(UserGroup, UserID, Password, Algorithm),
{ok, #{user_id => UserID}}
end
end).
lookup_user(UserID, #{user_group := UserGroup}) ->
case mnesia:dirty_read(?TAB, {UserGroup, UserID}) of
[#user_info{user_id = {_, UserID}}] ->
{ok, #{user_id => UserID}};
[] ->
{error, not_found}
end.
list_users(#{user_group := UserGroup}) ->
Users = [#{user_id => UserID} || #user_info{user_id = {UserGroup0, UserID}} <- ets:tab2list(?TAB), UserGroup0 =:= UserGroup],
{ok, Users}.
%%------------------------------------------------------------------------------
%% Internal functions
%%------------------------------------------------------------------------------
%% Example: %% Example:
%% { %% {
%% "myuser1":"mypassword1", %% "myuser1":"password_hash1",
%% "myuser2":"mypassword2" %% "myuser2":"password_hash2"
%% } %% }
import_user_credentials(Filename, json, import_users_from_json(Filename, #{user_group := UserGroup}) ->
#{user_group := UserGroup,
password_hash_algorithm := Algorithm}) ->
case file:read_file(Filename) of case file:read_file(Filename) of
{ok, Bin} -> {ok, Bin} ->
case emqx_json:safe_decode(Bin) of case emqx_json:safe_decode(Bin) of
{ok, List} -> {ok, List} ->
import(UserGroup, List, Algorithm); import(UserGroup, List);
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end; end;
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end; end.
%% Example: %% Example:
%% myuser1,mypassword1 %% myuser1,password_hash1
%% myuser2,mypassword2 %% myuser2,password_hash2
import_user_credentials(Filename, csv, import_users_from_csv(Filename, #{user_group := UserGroup}) ->
#{user_group := UserGroup,
password_hash_algorithm := Algorithm}) ->
case file:open(Filename, [read, binary]) of case file:open(Filename, [read, binary]) of
{ok, File} -> {ok, File} ->
Result = import(UserGroup, File, Algorithm), Result = import(UserGroup, File),
file:close(File), file:close(File),
Result; Result;
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end. end.
add_user_credential(#{user_identity := UserIdentity, password := Password}, import(UserGroup, ListOrFile) ->
#{user_group := UserGroup, trans(fun do_import/2, [UserGroup, ListOrFile]).
password_hash_algorithm := Algorithm}) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserIdentity}, write) of
[] ->
add(UserGroup, UserIdentity, Password, Algorithm);
[_] ->
{error, already_exist}
end
end).
delete_user_credential(UserIdentity, #{user_group := UserGroup}) -> do_import(_UserGroup, []) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserIdentity}, write) of
[] ->
{error, not_found};
[_] ->
mnesia:delete(?TAB, {UserGroup, UserIdentity}, write)
end
end).
update_user_credential(#{user_identity := UserIdentity, password := Password},
#{user_group := UserGroup,
password_hash_algorithm := Algorithm}) ->
trans(
fun() ->
case mnesia:read(?TAB, {UserGroup, UserIdentity}, write) of
[] ->
{error, not_found};
[_] ->
add(UserGroup, UserIdentity, Password, Algorithm)
end
end).
lookup_user_credential(UserIdentity, #{user_group := UserGroup}) ->
case mnesia:dirty_read(?TAB, {UserGroup, UserIdentity}) of
[#user_credential{user_identity = {_, UserIdentity},
password_hash = PassHash}] ->
{ok, #{user_identity => UserIdentity,
password_hash => PassHash}};
[] -> {error, not_found}
end.
%%------------------------------------------------------------------------------
%% Internal functions
%%------------------------------------------------------------------------------
import(UserGroup, ListOrFile, Algorithm) ->
trans(fun do_import/3, [UserGroup, ListOrFile, Algorithm]).
do_import(_UserGroup, [], _Algorithm) ->
ok; ok;
do_import(UserGroup, [{UserIdentity, Password} | More], Algorithm) do_import(UserGroup, [{UserID, PasswordHash} | More])
when is_binary(UserIdentity) andalso is_binary(Password) -> when is_binary(UserID) andalso is_binary(PasswordHash) ->
add(UserGroup, UserIdentity, Password, Algorithm), import_user(UserGroup, UserID, PasswordHash),
do_import(UserGroup, More, Algorithm); do_import(UserGroup, More);
do_import(_UserGroup, [_ | _More], _Algorithm) -> do_import(_UserGroup, [_ | _More]) ->
{error, bad_format}; {error, bad_format};
%% Importing 5w credentials needs 1.7 seconds %% Importing 5w users needs 1.7 seconds
do_import(UserGroup, File, Algorithm) -> do_import(UserGroup, File) ->
case file:read_line(File) of case file:read_line(File) of
{ok, Line} -> {ok, Line} ->
case binary:split(Line, [<<",">>, <<"\n">>], [global]) of case binary:split(Line, [<<",">>, <<"\n">>], [global]) of
[UserIdentity, Password, <<>>] -> [UserID, PasswordHash, <<>>] ->
add(UserGroup, UserIdentity, Password, Algorithm), import_user(UserGroup, UserID, PasswordHash),
do_import(UserGroup, File, Algorithm); do_import(UserGroup, File);
[UserIdentity, Password] -> [UserID, PasswordHash] ->
add(UserGroup, UserIdentity, Password, Algorithm), import_user(UserGroup, UserID, PasswordHash),
do_import(UserGroup, File, Algorithm); do_import(UserGroup, File);
_ -> _ ->
{error, bad_format} {error, bad_format}
end; end;
@ -233,13 +252,18 @@ do_import(UserGroup, File, Algorithm) ->
end. end.
-compile({inline, [add/4]}). -compile({inline, [add/4]}).
add(UserGroup, UserIdentity, Password, Algorithm) -> add(UserGroup, UserID, Password, Algorithm) ->
Credential = #user_credential{user_identity = {UserGroup, UserIdentity}, Credential = #user_info{user_id = {UserGroup, UserID},
password_hash = emqx_passwd:hash(Algorithm, Password)}, password_hash = emqx_passwd:hash(Algorithm, Password)},
mnesia:write(?TAB, Credential, write). mnesia:write(?TAB, Credential, write).
delete_user_credential(UserCredential) -> import_user(UserGroup, UserID, PasswordHash) ->
mnesia:delete_object(?TAB, UserCredential, write). Credential = #user_info{user_id = {UserGroup, UserID},
password_hash = PasswordHash},
mnesia:write(?TAB, Credential, write).
delete_user2(UserInfo) ->
mnesia:delete_object(?TAB, UserInfo, write).
%% TODO: Support other type %% TODO: Support other type
get_user_identity(#{username := Username}, username) -> get_user_identity(#{username := Username}, username) ->
@ -259,6 +283,10 @@ trans(Fun, Args) ->
end. end.
to_binary(B) when is_binary(B) ->
B;
to_binary(L) when is_list(L) ->
iolist_to_binary(L).

4
apps/emqx_authentication/test/data/user-credentials.csv
View File

@ -1,2 +1,2 @@
myuser3,mypassword3 myuser3,8d41233e39c95b5da13361e354e1c9e639f07b27d397463a8f91b71ee07ccfb2
myuser4,mypassword4 myuser4,5809df0154f3cb4ac5c3a5572eaca0c5f7f9d858e887fc675b2becab9feb19d1
1 myuser3 mypassword3 8d41233e39c95b5da13361e354e1c9e639f07b27d397463a8f91b71ee07ccfb2
2 myuser4 mypassword4 5809df0154f3cb4ac5c3a5572eaca0c5f7f9d858e887fc675b2becab9feb19d1

4
apps/emqx_authentication/test/data/user-credentials.json
View File

@ -1,4 +1,4 @@
{ {
"myuser1": "mypassword1", "myuser1": "09343625c6c123d3434932fe1ce08bae5ac00a8f95bd746e10491b0bafdd1817",
"myuser2": "mypassword2" "myuser2": "8767a7d316ad68cb607c7c805b859ffa78277dda13b7a3e2e8b53cad3cabbc6e"
} }

117
apps/emqx_authentication/test/emqx_authentication_SUITE.erl
View File

@ -37,10 +37,8 @@ end_per_suite(_) ->
t_chain(_) -> t_chain(_) ->
ChainID = <<"mychain">>, ChainID = <<"mychain">>,
ChainParams = #{chain_id => ChainID, ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
services => []}, ?assertEqual({error, {already_exists, {chain, ChainID}}}, ?AUTH:create_chain(#{id => ChainID})),
?assertEqual({ok, ChainID}, ?AUTH:create_chain(ChainParams)),
?assertEqual({error, {already_exists, {chain, ChainID}}}, ?AUTH:create_chain(ChainParams)),
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)), ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)),
?assertEqual(ok, ?AUTH:delete_chain(ChainID)), ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
?assertMatch({error, {not_found, {chain, ChainID}}}, ?AUTH:lookup_chain(ChainID)), ?assertMatch({error, {not_found, {chain, ChainID}}}, ?AUTH:lookup_chain(ChainID)),
@ -48,34 +46,33 @@ t_chain(_) ->
t_service(_) -> t_service(_) ->
ChainID = <<"mychain">>, ChainID = <<"mychain">>,
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)),
ServiceName1 = <<"myservice1">>, ServiceName1 = <<"myservice1">>,
ServiceParams1 = #{name => ServiceName1, ServiceParams1 = #{name => ServiceName1,
type => mnesia, type => mnesia,
params => #{ params => #{
user_identity_type => <<"username">>, user_id_type => <<"username">>,
password_hash_algorithm => <<"sha256">>}}, password_hash_algorithm => <<"sha256">>}},
ChainParams = #{chain_id => ChainID, ?assertEqual({ok, [ServiceParams1]}, ?AUTH:add_services(ChainID, [ServiceParams1])),
services => [ServiceParams1]}, ?assertEqual({ok, ServiceParams1}, ?AUTH:lookup_service(ChainID, ServiceName1)),
?assertEqual({ok, ChainID}, ?AUTH:create_chain(ChainParams)), ?assertEqual({ok, [ServiceParams1]}, ?AUTH:list_services(ChainID)),
Service1 = ServiceParams1,
?assertMatch({ok, #{id := ChainID, services := [Service1]}}, ?AUTH:lookup_chain(ChainID)),
?assertEqual({ok, Service1}, ?AUTH:lookup_service(ChainID, ServiceName1)),
?assertEqual({ok, [Service1]}, ?AUTH:list_services(ChainID)),
?assertEqual({error, {already_exists, {service, ServiceName1}}}, ?AUTH:add_services(ChainID, [ServiceParams1])), ?assertEqual({error, {already_exists, {service, ServiceName1}}}, ?AUTH:add_services(ChainID, [ServiceParams1])),
ServiceName2 = <<"myservice2">>, ServiceName2 = <<"myservice2">>,
ServiceParams2 = ServiceParams1#{name => ServiceName2}, ServiceParams2 = ServiceParams1#{name => ServiceName2},
?assertEqual(ok, ?AUTH:add_services(ChainID, [ServiceParams2])), ?assertEqual({ok, [ServiceParams2]}, ?AUTH:add_services(ChainID, [ServiceParams2])),
Service2 = ServiceParams2, ?assertMatch({ok, #{id := ChainID, services := [ServiceParams1, ServiceParams2]}}, ?AUTH:lookup_chain(ChainID)),
?assertMatch({ok, #{id := ChainID, services := [Service1, Service2]}}, ?AUTH:lookup_chain(ChainID)), ?assertEqual({ok, ServiceParams2}, ?AUTH:lookup_service(ChainID, ServiceName2)),
?assertEqual({ok, Service2}, ?AUTH:lookup_service(ChainID, ServiceName2)), ?assertEqual({ok, [ServiceParams1, ServiceParams2]}, ?AUTH:list_services(ChainID)),
?assertEqual({ok, [Service1, Service2]}, ?AUTH:list_services(ChainID)),
?assertEqual(ok, ?AUTH:move_service_to_the_front(ChainID, ServiceName2)), ?assertEqual(ok, ?AUTH:move_service_to_the_front(ChainID, ServiceName2)),
?assertEqual({ok, [Service2, Service1]}, ?AUTH:list_services(ChainID)), ?assertEqual({ok, [ServiceParams2, ServiceParams1]}, ?AUTH:list_services(ChainID)),
?assertEqual(ok, ?AUTH:move_service_to_the_end(ChainID, ServiceName2)), ?assertEqual(ok, ?AUTH:move_service_to_the_end(ChainID, ServiceName2)),
?assertEqual({ok, [Service1, Service2]}, ?AUTH:list_services(ChainID)), ?assertEqual({ok, [ServiceParams1, ServiceParams2]}, ?AUTH:list_services(ChainID)),
?assertEqual(ok, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 1)), ?assertEqual(ok, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 1)),
?assertEqual({ok, [Service2, Service1]}, ?AUTH:list_services(ChainID)), ?assertEqual({ok, [ServiceParams2, ServiceParams1]}, ?AUTH:list_services(ChainID)),
?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 3)), ?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 3)),
?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 0)), ?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 0)),
?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName1, ServiceName2])), ?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName1, ServiceName2])),
@ -85,40 +82,40 @@ t_service(_) ->
t_mnesia_service(_) -> t_mnesia_service(_) ->
ChainID = <<"mychain">>, ChainID = <<"mychain">>,
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
ServiceName = <<"myservice">>, ServiceName = <<"myservice">>,
ServiceParams = #{name => ServiceName, ServiceParams = #{name => ServiceName,
type => mnesia, type => mnesia,
params => #{ params => #{
user_identity_type => <<"username">>, user_id_type => <<"username">>,
password_hash_algorithm => <<"sha256">>}}, password_hash_algorithm => <<"sha256">>}},
ChainParams = #{chain_id => ChainID, ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
services => [ServiceParams]},
?assertEqual({ok, ChainID}, ?AUTH:create_chain(ChainParams)), UserInfo = #{<<"user_id">> => <<"myuser">>,
UserCredential = #{user_identity => <<"myuser">>, <<"password">> => <<"mypass">>},
password => <<"mypass">>}, ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, ServiceName, UserInfo)),
?assertEqual(ok, ?AUTH:add_user_credential(ChainID, ServiceName, UserCredential)), ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
?assertMatch({ok, #{user_identity := <<"myuser">>, password_hash := _}},
?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser">>)),
ClientInfo = #{chain_id => ChainID, ClientInfo = #{chain_id => ChainID,
username => <<"myuser">>, username => <<"myuser">>,
password => <<"mypass">>}, password => <<"mypass">>},
?assertEqual(ok, ?AUTH:authenticate(ClientInfo)), ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
ClientInfo2 = ClientInfo#{username => <<"baduser">>}, ClientInfo2 = ClientInfo#{username => <<"baduser">>},
?assertEqual({error, user_credential_not_found}, ?AUTH:authenticate(ClientInfo2)), ?assertEqual({error, user_not_found}, ?AUTH:authenticate(ClientInfo2)),
ClientInfo3 = ClientInfo#{password => <<"badpass">>}, ClientInfo3 = ClientInfo#{password => <<"badpass">>},
?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo3)), ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo3)),
UserCredential2 = UserCredential#{password => <<"mypass2">>}, UserInfo2 = UserInfo#{<<"password">> => <<"mypass2">>},
?assertEqual(ok, ?AUTH:update_user_credential(ChainID, ServiceName, UserCredential2)), ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:update_user(ChainID, ServiceName, <<"myuser">>, UserInfo2)),
ClientInfo4 = ClientInfo#{password => <<"mypass2">>}, ClientInfo4 = ClientInfo#{password => <<"mypass2">>},
?assertEqual(ok, ?AUTH:authenticate(ClientInfo4)), ?assertEqual(ok, ?AUTH:authenticate(ClientInfo4)),
?assertEqual(ok, ?AUTH:delete_user_credential(ChainID, ServiceName, <<"myuser">>)), ?assertEqual(ok, ?AUTH:delete_user(ChainID, ServiceName, <<"myuser">>)),
?assertEqual({error, not_found}, ?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser">>)), ?assertEqual({error, not_found}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
?assertEqual(ok, ?AUTH:add_user_credential(ChainID, ServiceName, UserCredential)), ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, ServiceName, UserInfo)),
?assertMatch({ok, #{user_identity := <<"myuser">>}}, ?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser">>)), ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName])), ?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName])),
?assertEqual(ok, ?AUTH:add_services(ChainID, [ServiceParams])), ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
?assertMatch({error, not_found}, ?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser">>)), ?assertMatch({error, not_found}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
?assertEqual(ok, ?AUTH:delete_chain(ChainID)), ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
?assertEqual([], ets:tab2list(mnesia_basic_auth)), ?assertEqual([], ets:tab2list(mnesia_basic_auth)),
@ -126,20 +123,21 @@ t_mnesia_service(_) ->
t_import(_) -> t_import(_) ->
ChainID = <<"mychain">>, ChainID = <<"mychain">>,
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
ServiceName = <<"myservice">>, ServiceName = <<"myservice">>,
ServiceParams = #{name => ServiceName, ServiceParams = #{name => ServiceName,
type => mnesia, type => mnesia,
params => #{ params => #{
user_identity_type => <<"username">>, user_id_type => <<"username">>,
password_hash_algorithm => <<"sha256">>}}, password_hash_algorithm => <<"sha256">>}},
ChainParams = #{chain_id => ChainID, ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
services => [ServiceParams]},
?assertEqual({ok, ChainID}, ?AUTH:create_chain(ChainParams)),
Dir = code:lib_dir(emqx_authentication, test), Dir = code:lib_dir(emqx_authentication, test),
?assertEqual(ok, ?AUTH:import_user_credentials(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.json"]), json)), ?assertEqual(ok, ?AUTH:import_users(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.json"]))),
?assertEqual(ok, ?AUTH:import_user_credentials(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.csv"]), csv)), ?assertEqual(ok, ?AUTH:import_users(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.csv"]))),
?assertMatch({ok, #{user_identity := <<"myuser1">>}}, ?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser1">>)), ?assertMatch({ok, #{user_id := <<"myuser1">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser1">>)),
?assertMatch({ok, #{user_identity := <<"myuser3">>}}, ?AUTH:lookup_user_credential(ChainID, ServiceName, <<"myuser3">>)), ?assertMatch({ok, #{user_id := <<"myuser3">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser3">>)),
ClientInfo1 = #{chain_id => ChainID, ClientInfo1 = #{chain_id => ChainID,
username => <<"myuser1">>, username => <<"myuser1">>,
password => <<"mypassword1">>}, password => <<"mypassword1">>},
@ -152,30 +150,31 @@ t_import(_) ->
t_multi_mnesia_service(_) -> t_multi_mnesia_service(_) ->
ChainID = <<"mychain">>, ChainID = <<"mychain">>,
?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
ServiceName1 = <<"myservice1">>, ServiceName1 = <<"myservice1">>,
ServiceParams1 = #{name => ServiceName1, ServiceParams1 = #{name => ServiceName1,
type => mnesia, type => mnesia,
params => #{ params => #{
user_identity_type => <<"username">>, user_id_type => <<"username">>,
password_hash_algorithm => <<"sha256">>}}, password_hash_algorithm => <<"sha256">>}},
ServiceName2 = <<"myservice2">>, ServiceName2 = <<"myservice2">>,
ServiceParams2 = #{name => ServiceName2, ServiceParams2 = #{name => ServiceName2,
type => mnesia, type => mnesia,
params => #{ params => #{
user_identity_type => <<"clientid">>, user_id_type => <<"clientid">>,
password_hash_algorithm => <<"sha256">>}}, password_hash_algorithm => <<"sha256">>}},
ChainParams = #{chain_id => ChainID, ?assertEqual({ok, [ServiceParams1]}, ?AUTH:add_services(ChainID, [ServiceParams1])),
services => [ServiceParams1, ServiceParams2]}, ?assertEqual({ok, [ServiceParams2]}, ?AUTH:add_services(ChainID, [ServiceParams2])),
?assertEqual({ok, ChainID}, ?AUTH:create_chain(ChainParams)),
?assertEqual(ok, ?AUTH:add_user_credential(ChainID, ?assertEqual({ok, #{user_id => <<"myuser">>}},
ServiceName1, ?AUTH:add_user(ChainID, ServiceName1,
#{user_identity => <<"myuser">>, #{<<"user_id">> => <<"myuser">>,
password => <<"mypass1">>})), <<"password">> => <<"mypass1">>})),
?assertEqual(ok, ?AUTH:add_user_credential(ChainID, ?assertEqual({ok, #{user_id => <<"myclient">>}},
ServiceName2, ?AUTH:add_user(ChainID, ServiceName2,
#{user_identity => <<"myclient">>, #{<<"user_id">> => <<"myclient">>,
password => <<"mypass2">>})), <<"password">> => <<"mypass2">>})),
ClientInfo1 = #{chain_id => ChainID, ClientInfo1 = #{chain_id => ChainID,
username => <<"myuser">>, username => <<"myuser">>,
clientid => <<"myclient">>, clientid => <<"myclient">>,