diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl index b83d9d1af..83ca9e56d 100644 --- a/apps/emqx_authn/src/emqx_authn_api.erl +++ b/apps/emqx_authn/src/emqx_authn_api.erl @@ -1027,7 +1027,7 @@ authenticator_examples() -> backend => <<"redis">>, server => <<"127.0.0.1:6379">>, database => 0, - query => <<"HMGET ${username} password_hash salt">>, + cmd => <<"HMGET ${username} password_hash salt">>, password_hash_algorithm => <<"sha256">>, salt_position => <<"prefix">> } diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl index 963536e0b..d238bc537 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl @@ -58,13 +58,13 @@ fields(sentinel) -> common_fields() -> [{mechanism, {enum, ['password-based']}}, {backend, {enum, [redis]}}, - {query, fun query/1}, + {cmd, fun cmd/1}, {password_hash_algorithm, fun password_hash_algorithm/1}, {salt_position, fun salt_position/1} ] ++ emqx_authn_schema:common_fields(). -query(type) -> string(); -query(_) -> undefined. +cmd(type) -> string(); +cmd(_) -> undefined. password_hash_algorithm(type) -> {enum, [plain, md5, sha, sha256, sha512, bcrypt]}; password_hash_algorithm(default) -> sha256; @@ -87,17 +87,17 @@ refs() -> create(_AuthenticatorID, Config) -> create(Config). -create(#{query := Query, +create(#{cmd := Cmd, password_hash_algorithm := Algorithm} = Config) -> try - NQuery = parse_query(Query), + NCmd = parse_cmd(Cmd), ok = emqx_authn_utils:ensure_apps_started(Algorithm), State = maps:with( [password_hash_algorithm, salt_position], Config), ResourceId = emqx_authn_utils:make_resource_id(?MODULE), NState = State#{ - query => NQuery, + cmd => NCmd, resource_id => ResourceId}, case emqx_resource:create_local(ResourceId, emqx_connector_redis, Config) of {ok, already_created} -> @@ -108,8 +108,8 @@ create(#{query := Query, {error, Reason} end catch - error:{unsupported_query, _Query} -> - {error, {unsupported_query, Query}}; + error:{unsupported_cmd, _Cmd} -> + {error, {unsupported_cmd, Cmd}}; error:missing_password_hash -> {error, missing_password_hash}; error:{unsupported_fields, Fields} -> @@ -128,7 +128,7 @@ update(Config, State) -> authenticate(#{auth_method := _}, _) -> ignore; authenticate(#{password := Password} = Credential, - #{query := {Command, Key, Fields}, + #{cmd := {Command, Key, Fields}, resource_id := ResourceId} = State) -> NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))), case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of @@ -162,15 +162,15 @@ destroy(#{resource_id := ResourceId}) -> %%------------------------------------------------------------------------------ %% Only support HGET and HMGET -parse_query(Query) -> - case string:tokens(Query, " ") of +parse_cmd(Cmd) -> + case string:tokens(Cmd, " ") of [Command, Key, Field | Fields] when Command =:= "HGET" orelse Command =:= "HMGET" -> NFields = [Field | Fields], check_fields(NFields), NKey = parse_key(Key), {Command, NKey, NFields}; _ -> - error({unsupported_query, Query}) + error({unsupported_cmd, Cmd}) end. check_fields(Fields) -> diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl index be1ae6d13..02f3e0b7c 100644 --- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl @@ -98,11 +98,11 @@ t_create_invalid(_Config) -> AuthConfig#{password => <<"wrongpass">>}, AuthConfig#{database => <<"5678">>}, AuthConfig#{ - query => <<"MGET password_hash:${username} salt:${username}">>}, + cmd => <<"MGET password_hash:${username} salt:${username}">>}, AuthConfig#{ - query => <<"HMGET mqtt_user:${username} password_hash invalid_field">>}, + cmd => <<"HMGET mqtt_user:${username} password_hash invalid_field">>}, AuthConfig#{ - query => <<"HMGET mqtt_user:${username} salt is_superuser">>} + cmd => <<"HMGET mqtt_user:${username} salt is_superuser">>} ], lists:foreach( @@ -177,7 +177,7 @@ t_update(_Config) -> CorrectConfig = raw_redis_auth_config(), IncorrectConfig = CorrectConfig#{ - query => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>}, + cmd => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>}, {ok, _} = emqx:update_config( ?PATH, @@ -214,7 +214,7 @@ raw_redis_auth_config() -> enable => <<"true">>, backend => <<"redis">>, - query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, + cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, database => <<"1">>, password => <<"public">>, server => redis_server() @@ -262,7 +262,7 @@ user_seeds() -> }, key => "mqtt_user:sha256", config_params => #{ - query => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>, + cmd => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>, password_hash_algorithm => <<"sha256">>, salt_position => <<"prefix">> }, @@ -298,7 +298,7 @@ user_seeds() -> key => "mqtt_user:bcrypt0", config_params => #{ % clientid variable & username credentials - query => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>, + cmd => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>, password_hash_algorithm => <<"bcrypt">>, salt_position => <<"suffix">> }, @@ -316,8 +316,8 @@ user_seeds() -> }, key => "mqtt_user:bcrypt1", config_params => #{ - % Bad key in query - query => <<"HMGET badkey:${username} password_hash salt is_superuser">>, + % Bad key in cmd + cmd => <<"HMGET badkey:${username} password_hash salt is_superuser">>, password_hash_algorithm => <<"bcrypt">>, salt_position => <<"suffix">> }, @@ -336,7 +336,7 @@ user_seeds() -> }, key => "mqtt_user:bcrypt2", config_params => #{ - query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, + cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, password_hash_algorithm => <<"bcrypt">>, salt_position => <<"suffix">> },