Merge pull request #8956 from lafirest/fix/redis_authn
fix(authn_redis): Add new clause for non-existent key check
This commit is contained in:
lafirest
GitHub
commit
9ffbff11c2
|
|
@ -141,15 +141,25 @@ authenticate(
|
||||||
{ok, []} ->
|
{ok, []} ->
|
||||||
ignore;
|
ignore;
|
||||||
{ok, Values} ->
|
{ok, Values} ->
|
||||||
Selected = merge(Fields, Values),
|
case merge(Fields, Values) of
|
||||||
case
|
Selected when Selected =/= #{} ->
|
||||||
emqx_authn_utils:check_password_from_selected_map(
|
case
|
||||||
Algorithm, Selected, Password
|
emqx_authn_utils:check_password_from_selected_map(
|
||||||
)
|
Algorithm, Selected, Password
|
||||||
of
|
)
|
||||||
ok ->
|
of
|
||||||
{ok, emqx_authn_utils:is_superuser(Selected)};
|
ok ->
|
||||||
{error, _Reason} ->
|
{ok, emqx_authn_utils:is_superuser(Selected)};
|
||||||
|
{error, _Reason} = Error ->
|
||||||
|
Error
|
||||||
|
end;
|
||||||
|
_ ->
|
||||||
|
?TRACE_AUTHN_PROVIDER(info, "redis_query_not_matched", #{
|
||||||
|
resource => ResourceId,
|
||||||
|
cmd => Command,
|
||||||
|
keys => NKey,
|
||||||
|
fields => Fields
|
||||||
|
}),
|
||||||
ignore
|
ignore
|
||||||
end;
|
end;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
|
|
|
||||||
|
|
@ -161,11 +161,13 @@ t_authenticate(_Config) ->
|
||||||
user_seeds()
|
user_seeds()
|
||||||
).
|
).
|
||||||
|
|
||||||
test_user_auth(#{
|
test_user_auth(
|
||||||
credentials := Credentials0,
|
#{
|
||||||
config_params := SpecificConfigParams,
|
credentials := Credentials0,
|
||||||
result := Result
|
config_params := SpecificConfigParams,
|
||||||
}) ->
|
result := Result
|
||||||
|
} = Config
|
||||||
|
) ->
|
||||||
AuthConfig = maps:merge(raw_redis_auth_config(), SpecificConfigParams),
|
AuthConfig = maps:merge(raw_redis_auth_config(), SpecificConfigParams),
|
||||||
|
|
||||||
{ok, _} = emqx:update_config(
|
{ok, _} = emqx:update_config(
|
||||||
|
|
@ -183,14 +185,12 @@ test_user_auth(#{
|
||||||
|
|
||||||
?assertEqual(Result, emqx_access_control:authenticate(Credentials)),
|
?assertEqual(Result, emqx_access_control:authenticate(Credentials)),
|
||||||
|
|
||||||
AuthnResult =
|
case maps:get(redis_result, Config, undefined) of
|
||||||
case Result of
|
undefined ->
|
||||||
{error, _} ->
|
ok;
|
||||||
ignore;
|
RedisResult ->
|
||||||
Any ->
|
?assertEqual(RedisResult, emqx_authn_redis:authenticate(Credentials, State))
|
||||||
Any
|
end,
|
||||||
end,
|
|
||||||
?assertEqual(AuthnResult, emqx_authn_redis:authenticate(Credentials, State)),
|
|
||||||
|
|
||||||
emqx_authn_test_lib:delete_authenticators(
|
emqx_authn_test_lib:delete_authenticators(
|
||||||
[authentication],
|
[authentication],
|
||||||
|
|
@ -478,7 +478,7 @@ user_seeds() ->
|
||||||
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
||||||
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
|
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
|
||||||
},
|
},
|
||||||
result => {error, not_authorized}
|
result => {error, bad_username_or_password}
|
||||||
},
|
},
|
||||||
|
|
||||||
#{
|
#{
|
||||||
|
|
@ -547,6 +547,23 @@ user_seeds() ->
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
result => {ok, #{is_superuser => true}}
|
result => {ok, #{is_superuser => true}}
|
||||||
|
},
|
||||||
|
|
||||||
|
%% user not exists
|
||||||
|
#{
|
||||||
|
data => #{
|
||||||
|
password_hash => <<"plainsalt">>,
|
||||||
|
salt => <<"salt">>,
|
||||||
|
is_superuser => <<"1">>
|
||||||
|
},
|
||||||
|
credentials => #{
|
||||||
|
username => <<"not_exists">>,
|
||||||
|
password => <<"plain">>
|
||||||
|
},
|
||||||
|
key => <<"mqtt_user:plain">>,
|
||||||
|
config_params => #{},
|
||||||
|
result => {error, not_authorized},
|
||||||
|
redis_result => ignore
|
||||||
}
|
}
|
||||||
].
|
].
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue