yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7856 from HJianBo/expose-built-authn-user-group-option 

fix(authn):  use a fix group id to void data overlap
This commit is contained in:
JianBo He 2022-05-07 16:18:38 +08:00 committed by GitHub
parent 62d448fb28 8db8598622
commit b059eeda0a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 45 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/emqx/src/emqx_authentication.erl
View File

@ -550,11 +550,12 @@ handle_update_authenticator(Chain, AuthenticatorID, Config) ->
#authenticator{provider = Provider, state = ST} = Authenticator -> #authenticator{provider = Provider, state = ST} = Authenticator ->
case AuthenticatorID =:= authenticator_id(Config) of case AuthenticatorID =:= authenticator_id(Config) of
true -> true ->
case Provider:update(Config, ST) of NConfig = insert_user_group(Chain, Config),
case Provider:update(NConfig, ST) of
{ok, NewST} -> {ok, NewST} ->
NewAuthenticator = Authenticator#authenticator{ NewAuthenticator = Authenticator#authenticator{
state = NewST, state = NewST,
enable = maps:get(enable, Config) enable = maps:get(enable, NConfig)
}, },
NewAuthenticators = replace_authenticator( NewAuthenticators = replace_authenticator(
AuthenticatorID, AuthenticatorID,
@ -603,7 +604,8 @@ handle_create_authenticator(Chain, Config, Providers) ->
true -> true ->
{error, {already_exists, {authenticator, AuthenticatorID}}}; {error, {already_exists, {authenticator, AuthenticatorID}}};
false -> false ->
case do_create_authenticator(AuthenticatorID, Config, Providers) of NConfig = insert_user_group(Chain, Config),
case do_create_authenticator(AuthenticatorID, NConfig, Providers) of
{ok, Authenticator} -> {ok, Authenticator} ->
NAuthenticators = NAuthenticators =
Authenticators ++ Authenticators ++
@ -861,6 +863,17 @@ authn_type(#{mechanism := Mechanism, backend := Backend}) ->
authn_type(#{mechanism := Mechanism}) -> authn_type(#{mechanism := Mechanism}) ->
Mechanism. Mechanism.
insert_user_group(
Chain,
Config = #{
mechanism := password_based,
backend := built_in_database
}
) ->
Config#{user_group => Chain#chain.name};
insert_user_group(_Chain, Config) ->
Config.
to_list(undefined) -> []; to_list(undefined) -> [];
to_list(M) when M =:= #{} -> []; to_list(M) when M =:= #{} -> [];
to_list(M) when is_map(M) -> [M]; to_list(M) when is_map(M) -> [M];

13
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -128,23 +128,26 @@ user_id_type(_) -> undefined.
refs() -> refs() ->
[hoconsc:ref(?MODULE, ?CONF_NS)]. [hoconsc:ref(?MODULE, ?CONF_NS)].
create(_AuthenticatorID, Config) ->
create(Config).
create( create(
AuthenticatorID,
#{ #{
user_id_type := Type, user_id_type := Type,
password_hash_algorithm := Algorithm password_hash_algorithm := Algorithm,
user_group := UserGroup
} }
) -> ) ->
ok = emqx_authn_password_hashing:init(Algorithm), ok = emqx_authn_password_hashing:init(Algorithm),
State = #{ State = #{
user_group => AuthenticatorID, user_group => UserGroup,
user_id_type => Type, user_id_type => Type,
password_hash_algorithm => Algorithm password_hash_algorithm => Algorithm
}, },
{ok, State}. {ok, State}.
update(Config, #{user_group := ID}) -> update(Config, _State) ->
create(ID, Config). create(Config).
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;

7
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
View File

@ -96,9 +96,9 @@ t_update(_) ->
t_destroy(_) -> t_destroy(_) ->
Config = config(), Config = config(),
OtherId = list_to_binary([?AUTHN_ID, <<"-other">>]), OtherConfig = Config#{user_group => <<"stomp:global">>},
{ok, State0} = emqx_authn_mnesia:create(?AUTHN_ID, Config), {ok, State0} = emqx_authn_mnesia:create(?AUTHN_ID, Config),
{ok, StateOther} = emqx_authn_mnesia:create(OtherId, Config), {ok, StateOther} = emqx_authn_mnesia:create(?AUTHN_ID, OtherConfig),
User = #{user_id => <<"u">>, password => <<"p">>}, User = #{user_id => <<"u">>, password => <<"p">>},
@ -282,5 +282,6 @@ config() ->
password_hash_algorithm => #{ password_hash_algorithm => #{
name => bcrypt, name => bcrypt,
salt_rounds => 8 salt_rounds => 8
} },
user_group => <<"global:mqtt">>
}. }.

39
apps/emqx_management/test/emqx_mgmt_cli_SUITE.erl
View File

@ -36,13 +36,23 @@ end_per_suite(_) ->
set_special_configs(emqx_dashboard) -> set_special_configs(emqx_dashboard) ->
Config = #{ Config = #{
default_username => <<"admin">>, default_username => <<"admin">>,
default_password => <<"public">>, default_password => <<"public">>,
listeners => [#{ listeners =>
protocol => http, #{
port => 18083 http =>
}] #{
}, backlog => 512,
bind => 18083,
enable => true,
inet6 => false,
ipv6_v6only => false,
max_connections => 512,
num_acceptors => 4,
send_timeout => 5000
}
}
},
emqx_config:put([dashboard], Config), emqx_config:put([dashboard], Config),
ok; ok;
set_special_configs(_App) -> set_special_configs(_App) ->
@ -52,7 +62,6 @@ t_status(_Config) ->
emqx_ctl:run_command([]), emqx_ctl:run_command([]),
emqx_ctl:run_command(["status"]), emqx_ctl:run_command(["status"]),
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_broker(_Config) -> t_broker(_Config) ->
%% broker # Show broker version, uptime and description %% broker # Show broker version, uptime and description
@ -62,7 +71,6 @@ t_broker(_Config) ->
%% broker metrics # Show broker metrics %% broker metrics # Show broker metrics
emqx_ctl:run_command(["broker", "metrics"]), emqx_ctl:run_command(["broker", "metrics"]),
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_cluster(_Config) -> t_cluster(_Config) ->
%% cluster join <Node> # Join the cluster %% cluster join <Node> # Join the cluster
@ -71,7 +79,6 @@ t_cluster(_Config) ->
%% cluster status # Cluster status %% cluster status # Cluster status
emqx_ctl:run_command(["cluster", "status"]), emqx_ctl:run_command(["cluster", "status"]),
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_clients(_Config) -> t_clients(_Config) ->
%% clients list # List all clients %% clients list # List all clients
@ -79,14 +86,12 @@ t_clients(_Config) ->
%% clients show <ClientId> # Show a client %% clients show <ClientId> # Show a client
%% clients kick <ClientId> # Kick out a client %% clients kick <ClientId> # Kick out a client
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_routes(_Config) -> t_routes(_Config) ->
%% routes list # List all routes %% routes list # List all routes
emqx_ctl:run_command(["routes", "list"]), emqx_ctl:run_command(["routes", "list"]),
%% routes show <Topic> # Show a route %% routes show <Topic> # Show a route
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_subscriptions(_Config) -> t_subscriptions(_Config) ->
%% subscriptions list # List all subscriptions %% subscriptions list # List all subscriptions
@ -95,7 +100,6 @@ t_subscriptions(_Config) ->
%% subscriptions add <ClientId> <Topic> <QoS> # Add a static subscription manually %% subscriptions add <ClientId> <Topic> <QoS> # Add a static subscription manually
%% subscriptions del <ClientId> <Topic> # Delete a static subscription manually %% subscriptions del <ClientId> <Topic> # Delete a static subscription manually
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_plugins(_Config) -> t_plugins(_Config) ->
%% plugins <command> [Name-Vsn] # e.g. 'start emqx_plugin_template-5.0-rc.1' %% plugins <command> [Name-Vsn] # e.g. 'start emqx_plugin_template-5.0-rc.1'
@ -118,7 +122,6 @@ t_plugins(_Config) ->
%% # e.g. plugins disable foo-0.1.0 front %% # e.g. plugins disable foo-0.1.0 front
%% # plugins enable bar-0.2.0 before foo-0.1.0 %% # plugins enable bar-0.2.0 before foo-0.1.0
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_vm(_Config) -> t_vm(_Config) ->
%% vm all # Show info of Erlang VM %% vm all # Show info of Erlang VM
@ -134,13 +137,11 @@ t_vm(_Config) ->
%% vm ports # Show Ports of Erlang VM %% vm ports # Show Ports of Erlang VM
emqx_ctl:run_command(["vm", "ports"]), emqx_ctl:run_command(["vm", "ports"]),
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_mnesia(_Config) -> t_mnesia(_Config) ->
%% mnesia # Mnesia system info %% mnesia # Mnesia system info
emqx_ctl:run_command(["mnesia"]), emqx_ctl:run_command(["mnesia"]),
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_log(_Config) -> t_log(_Config) ->
%% log set-level <Level> # Set the overall log level %% log set-level <Level> # Set the overall log level
@ -153,7 +154,6 @@ t_log(_Config) ->
%% log handlers stop <HandlerId> # Stop a log handler %% log handlers stop <HandlerId> # Stop a log handler
%% log handlers set-level <HandlerId> <Level> # Set log level of a log handler %% log handlers set-level <HandlerId> <Level> # Set log level of a log handler
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_trace(_Config) -> t_trace(_Config) ->
%% trace list # List all traces started on local node %% trace list # List all traces started on local node
@ -165,7 +165,6 @@ t_trace(_Config) ->
%% trace start ip_address <IP> <File> [<Level>] # Traces for a client ip on local node %% trace start ip_address <IP> <File> [<Level>] # Traces for a client ip on local node
%% trace stop ip_addresss <IP> # Stop tracing for a client ip on local node %% trace stop ip_addresss <IP> # Stop tracing for a client ip on local node
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_traces(_Config) -> t_traces(_Config) ->
%% traces list # List all cluster traces started %% traces list # List all cluster traces started
@ -176,7 +175,6 @@ t_traces(_Config) ->
%% traces stop <Name> # Stop trace in cluster %% traces stop <Name> # Stop trace in cluster
%% traces delete <Name> # Delete trace in cluster %% traces delete <Name> # Delete trace in cluster
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_listeners(_Config) -> t_listeners(_Config) ->
%% listeners # List listeners %% listeners # List listeners
@ -185,7 +183,6 @@ t_listeners(_Config) ->
%% listeners start <Identifier> # Start a listener %% listeners start <Identifier> # Start a listener
%% listeners restart <Identifier> # Restart a listener %% listeners restart <Identifier> # Restart a listener
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_authz(_Config) -> t_authz(_Config) ->
%% authz cache-clean all # Clears authorization cache on all nodes %% authz cache-clean all # Clears authorization cache on all nodes
@ -193,7 +190,6 @@ t_authz(_Config) ->
%% authz cache-clean node <Node> # Clears authorization cache on given node %% authz cache-clean node <Node> # Clears authorization cache on given node
%% authz cache-clean <ClientId> # Clears authorization cache for given client %% authz cache-clean <ClientId> # Clears authorization cache for given client
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_olp(_Config) -> t_olp(_Config) ->
%% olp status # Return OLP status if system is overloaded %% olp status # Return OLP status if system is overloaded
@ -201,7 +197,6 @@ t_olp(_Config) ->
%% olp enable # Enable overload protection %% olp enable # Enable overload protection
%% olp disable # Disable overload protection %% olp disable # Disable overload protection
ok. ok.
%% --------------------------------------------------------------------------------------------------------------
t_admin(_Config) -> t_admin(_Config) ->
%% admins add <Username> <Password> <Description> # Add dashboard user %% admins add <Username> <Password> <Description> # Add dashboard user