From b0c5b447a442b2016d4e69690efb1898695f7d8e Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 22 Aug 2023 11:49:32 +0800 Subject: [PATCH] fix(authn): quickly return when the password is absent in password-based authentication --- apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl | 2 ++ apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl | 2 ++ apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl | 2 ++ apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl | 2 ++ apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl | 2 ++ apps/emqx_ldap/src/emqx_ldap_authn.erl | 2 ++ 6 files changed, 12 insertions(+) diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl index bf0b04d04..2a124ae98 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl @@ -173,6 +173,8 @@ update(Config, _State) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{ diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl index 4498d3d8d..9cbd1f2dc 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl @@ -160,6 +160,8 @@ destroy(#{resource_id := ResourceId}) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{ diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl index dc4e0d163..49471eb23 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl @@ -110,6 +110,8 @@ destroy(#{resource_id := ResourceId}) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{ diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl index d9526cc7b..b9ce9db8d 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl @@ -113,6 +113,8 @@ destroy(#{resource_id := ResourceId}) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{ diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl index f6f02c1bc..a5312e41b 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl @@ -148,6 +148,8 @@ destroy(#{resource_id := ResourceId}) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{ diff --git a/apps/emqx_ldap/src/emqx_ldap_authn.erl b/apps/emqx_ldap/src/emqx_ldap_authn.erl index d814e2aae..b600e10b6 100644 --- a/apps/emqx_ldap/src/emqx_ldap_authn.erl +++ b/apps/emqx_ldap/src/emqx_ldap_authn.erl @@ -109,6 +109,8 @@ destroy(#{resource_id := ResourceId}) -> authenticate(#{auth_method := _}, _) -> ignore; +authenticate(#{password := undefined}, _) -> + {error, bad_username_or_password}; authenticate( #{password := Password} = Credential, #{