Merge pull request #8956 from lafirest/fix/redis_authn
fix(authn_redis): Add new clause for non-existent key check
This commit is contained in:
lafirest
GitHub
commit
9ffbff11c2
|
|
@ -141,15 +141,25 @@ authenticate(
|
|||
{ok, []} ->
|
||||
ignore;
|
||||
{ok, Values} ->
|
||||
Selected = merge(Fields, Values),
|
||||
case
|
||||
emqx_authn_utils:check_password_from_selected_map(
|
||||
Algorithm, Selected, Password
|
||||
)
|
||||
of
|
||||
ok ->
|
||||
{ok, emqx_authn_utils:is_superuser(Selected)};
|
||||
{error, _Reason} ->
|
||||
case merge(Fields, Values) of
|
||||
Selected when Selected =/= #{} ->
|
||||
case
|
||||
emqx_authn_utils:check_password_from_selected_map(
|
||||
Algorithm, Selected, Password
|
||||
)
|
||||
of
|
||||
ok ->
|
||||
{ok, emqx_authn_utils:is_superuser(Selected)};
|
||||
{error, _Reason} = Error ->
|
||||
Error
|
||||
end;
|
||||
_ ->
|
||||
?TRACE_AUTHN_PROVIDER(info, "redis_query_not_matched", #{
|
||||
resource => ResourceId,
|
||||
cmd => Command,
|
||||
keys => NKey,
|
||||
fields => Fields
|
||||
}),
|
||||
ignore
|
||||
end;
|
||||
{error, Reason} ->
|
||||
|
|
|
|||
|
|
@ -161,11 +161,13 @@ t_authenticate(_Config) ->
|
|||
user_seeds()
|
||||
).
|
||||
|
||||
test_user_auth(#{
|
||||
credentials := Credentials0,
|
||||
config_params := SpecificConfigParams,
|
||||
result := Result
|
||||
}) ->
|
||||
test_user_auth(
|
||||
#{
|
||||
credentials := Credentials0,
|
||||
config_params := SpecificConfigParams,
|
||||
result := Result
|
||||
} = Config
|
||||
) ->
|
||||
AuthConfig = maps:merge(raw_redis_auth_config(), SpecificConfigParams),
|
||||
|
||||
{ok, _} = emqx:update_config(
|
||||
|
|
@ -183,14 +185,12 @@ test_user_auth(#{
|
|||
|
||||
?assertEqual(Result, emqx_access_control:authenticate(Credentials)),
|
||||
|
||||
AuthnResult =
|
||||
case Result of
|
||||
{error, _} ->
|
||||
ignore;
|
||||
Any ->
|
||||
Any
|
||||
end,
|
||||
?assertEqual(AuthnResult, emqx_authn_redis:authenticate(Credentials, State)),
|
||||
case maps:get(redis_result, Config, undefined) of
|
||||
undefined ->
|
||||
ok;
|
||||
RedisResult ->
|
||||
?assertEqual(RedisResult, emqx_authn_redis:authenticate(Credentials, State))
|
||||
end,
|
||||
|
||||
emqx_authn_test_lib:delete_authenticators(
|
||||
[authentication],
|
||||
|
|
@ -478,7 +478,7 @@ user_seeds() ->
|
|||
<<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
||||
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
|
||||
},
|
||||
result => {error, not_authorized}
|
||||
result => {error, bad_username_or_password}
|
||||
},
|
||||
|
||||
#{
|
||||
|
|
@ -547,6 +547,23 @@ user_seeds() ->
|
|||
}
|
||||
},
|
||||
result => {ok, #{is_superuser => true}}
|
||||
},
|
||||
|
||||
%% user not exists
|
||||
#{
|
||||
data => #{
|
||||
password_hash => <<"plainsalt">>,
|
||||
salt => <<"salt">>,
|
||||
is_superuser => <<"1">>
|
||||
},
|
||||
credentials => #{
|
||||
username => <<"not_exists">>,
|
||||
password => <<"plain">>
|
||||
},
|
||||
key => <<"mqtt_user:plain">>,
|
||||
config_params => #{},
|
||||
result => {error, not_authorized},
|
||||
redis_result => ignore
|
||||
}
|
||||
].
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue