fix(auth): replace query with cmd
This commit is contained in:
zhouzb
parent
25c4f4aa4e
commit
b983a18cdf
|
|
@ -1027,7 +1027,7 @@ authenticator_examples() ->
|
||||||
backend => <<"redis">>,
|
backend => <<"redis">>,
|
||||||
server => <<"127.0.0.1:6379">>,
|
server => <<"127.0.0.1:6379">>,
|
||||||
database => 0,
|
database => 0,
|
||||||
query => <<"HMGET ${username} password_hash salt">>,
|
cmd => <<"HMGET ${username} password_hash salt">>,
|
||||||
password_hash_algorithm => <<"sha256">>,
|
password_hash_algorithm => <<"sha256">>,
|
||||||
salt_position => <<"prefix">>
|
salt_position => <<"prefix">>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -58,13 +58,13 @@ fields(sentinel) ->
|
||||||
common_fields() ->
|
common_fields() ->
|
||||||
[{mechanism, {enum, ['password-based']}},
|
[{mechanism, {enum, ['password-based']}},
|
||||||
{backend, {enum, [redis]}},
|
{backend, {enum, [redis]}},
|
||||||
{query, fun query/1},
|
{cmd, fun cmd/1},
|
||||||
{password_hash_algorithm, fun password_hash_algorithm/1},
|
{password_hash_algorithm, fun password_hash_algorithm/1},
|
||||||
{salt_position, fun salt_position/1}
|
{salt_position, fun salt_position/1}
|
||||||
] ++ emqx_authn_schema:common_fields().
|
] ++ emqx_authn_schema:common_fields().
|
||||||
|
|
||||||
query(type) -> string();
|
cmd(type) -> string();
|
||||||
query(_) -> undefined.
|
cmd(_) -> undefined.
|
||||||
|
|
||||||
password_hash_algorithm(type) -> {enum, [plain, md5, sha, sha256, sha512, bcrypt]};
|
password_hash_algorithm(type) -> {enum, [plain, md5, sha, sha256, sha512, bcrypt]};
|
||||||
password_hash_algorithm(default) -> sha256;
|
password_hash_algorithm(default) -> sha256;
|
||||||
|
|
@ -87,17 +87,17 @@ refs() ->
|
||||||
create(_AuthenticatorID, Config) ->
|
create(_AuthenticatorID, Config) ->
|
||||||
create(Config).
|
create(Config).
|
||||||
|
|
||||||
create(#{query := Query,
|
create(#{cmd := Cmd,
|
||||||
password_hash_algorithm := Algorithm} = Config) ->
|
password_hash_algorithm := Algorithm} = Config) ->
|
||||||
try
|
try
|
||||||
NQuery = parse_query(Query),
|
NCmd = parse_cmd(Cmd),
|
||||||
ok = emqx_authn_utils:ensure_apps_started(Algorithm),
|
ok = emqx_authn_utils:ensure_apps_started(Algorithm),
|
||||||
State = maps:with(
|
State = maps:with(
|
||||||
[password_hash_algorithm, salt_position],
|
[password_hash_algorithm, salt_position],
|
||||||
Config),
|
Config),
|
||||||
ResourceId = emqx_authn_utils:make_resource_id(?MODULE),
|
ResourceId = emqx_authn_utils:make_resource_id(?MODULE),
|
||||||
NState = State#{
|
NState = State#{
|
||||||
query => NQuery,
|
cmd => NCmd,
|
||||||
resource_id => ResourceId},
|
resource_id => ResourceId},
|
||||||
case emqx_resource:create_local(ResourceId, emqx_connector_redis, Config) of
|
case emqx_resource:create_local(ResourceId, emqx_connector_redis, Config) of
|
||||||
{ok, already_created} ->
|
{ok, already_created} ->
|
||||||
|
|
@ -108,8 +108,8 @@ create(#{query := Query,
|
||||||
{error, Reason}
|
{error, Reason}
|
||||||
end
|
end
|
||||||
catch
|
catch
|
||||||
error:{unsupported_query, _Query} ->
|
error:{unsupported_cmd, _Cmd} ->
|
||||||
{error, {unsupported_query, Query}};
|
{error, {unsupported_cmd, Cmd}};
|
||||||
error:missing_password_hash ->
|
error:missing_password_hash ->
|
||||||
{error, missing_password_hash};
|
{error, missing_password_hash};
|
||||||
error:{unsupported_fields, Fields} ->
|
error:{unsupported_fields, Fields} ->
|
||||||
|
|
@ -128,7 +128,7 @@ update(Config, State) ->
|
||||||
authenticate(#{auth_method := _}, _) ->
|
authenticate(#{auth_method := _}, _) ->
|
||||||
ignore;
|
ignore;
|
||||||
authenticate(#{password := Password} = Credential,
|
authenticate(#{password := Password} = Credential,
|
||||||
#{query := {Command, Key, Fields},
|
#{cmd := {Command, Key, Fields},
|
||||||
resource_id := ResourceId} = State) ->
|
resource_id := ResourceId} = State) ->
|
||||||
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
|
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
|
||||||
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
|
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
|
||||||
|
|
@ -162,15 +162,15 @@ destroy(#{resource_id := ResourceId}) ->
|
||||||
%%------------------------------------------------------------------------------
|
%%------------------------------------------------------------------------------
|
||||||
|
|
||||||
%% Only support HGET and HMGET
|
%% Only support HGET and HMGET
|
||||||
parse_query(Query) ->
|
parse_cmd(Cmd) ->
|
||||||
case string:tokens(Query, " ") of
|
case string:tokens(Cmd, " ") of
|
||||||
[Command, Key, Field | Fields] when Command =:= "HGET" orelse Command =:= "HMGET" ->
|
[Command, Key, Field | Fields] when Command =:= "HGET" orelse Command =:= "HMGET" ->
|
||||||
NFields = [Field | Fields],
|
NFields = [Field | Fields],
|
||||||
check_fields(NFields),
|
check_fields(NFields),
|
||||||
NKey = parse_key(Key),
|
NKey = parse_key(Key),
|
||||||
{Command, NKey, NFields};
|
{Command, NKey, NFields};
|
||||||
_ ->
|
_ ->
|
||||||
error({unsupported_query, Query})
|
error({unsupported_cmd, Cmd})
|
||||||
end.
|
end.
|
||||||
|
|
||||||
check_fields(Fields) ->
|
check_fields(Fields) ->
|
||||||
|
|
|
||||||
|
|
@ -98,11 +98,11 @@ t_create_invalid(_Config) ->
|
||||||
AuthConfig#{password => <<"wrongpass">>},
|
AuthConfig#{password => <<"wrongpass">>},
|
||||||
AuthConfig#{database => <<"5678">>},
|
AuthConfig#{database => <<"5678">>},
|
||||||
AuthConfig#{
|
AuthConfig#{
|
||||||
query => <<"MGET password_hash:${username} salt:${username}">>},
|
cmd => <<"MGET password_hash:${username} salt:${username}">>},
|
||||||
AuthConfig#{
|
AuthConfig#{
|
||||||
query => <<"HMGET mqtt_user:${username} password_hash invalid_field">>},
|
cmd => <<"HMGET mqtt_user:${username} password_hash invalid_field">>},
|
||||||
AuthConfig#{
|
AuthConfig#{
|
||||||
query => <<"HMGET mqtt_user:${username} salt is_superuser">>}
|
cmd => <<"HMGET mqtt_user:${username} salt is_superuser">>}
|
||||||
],
|
],
|
||||||
|
|
||||||
lists:foreach(
|
lists:foreach(
|
||||||
|
|
@ -177,7 +177,7 @@ t_update(_Config) ->
|
||||||
CorrectConfig = raw_redis_auth_config(),
|
CorrectConfig = raw_redis_auth_config(),
|
||||||
IncorrectConfig =
|
IncorrectConfig =
|
||||||
CorrectConfig#{
|
CorrectConfig#{
|
||||||
query => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>},
|
cmd => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>},
|
||||||
|
|
||||||
{ok, _} = emqx:update_config(
|
{ok, _} = emqx:update_config(
|
||||||
?PATH,
|
?PATH,
|
||||||
|
|
@ -214,7 +214,7 @@ raw_redis_auth_config() ->
|
||||||
enable => <<"true">>,
|
enable => <<"true">>,
|
||||||
|
|
||||||
backend => <<"redis">>,
|
backend => <<"redis">>,
|
||||||
query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
||||||
database => <<"1">>,
|
database => <<"1">>,
|
||||||
password => <<"public">>,
|
password => <<"public">>,
|
||||||
server => redis_server()
|
server => redis_server()
|
||||||
|
|
@ -262,7 +262,7 @@ user_seeds() ->
|
||||||
},
|
},
|
||||||
key => "mqtt_user:sha256",
|
key => "mqtt_user:sha256",
|
||||||
config_params => #{
|
config_params => #{
|
||||||
query => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
|
cmd => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
|
||||||
password_hash_algorithm => <<"sha256">>,
|
password_hash_algorithm => <<"sha256">>,
|
||||||
salt_position => <<"prefix">>
|
salt_position => <<"prefix">>
|
||||||
},
|
},
|
||||||
|
|
@ -298,7 +298,7 @@ user_seeds() ->
|
||||||
key => "mqtt_user:bcrypt0",
|
key => "mqtt_user:bcrypt0",
|
||||||
config_params => #{
|
config_params => #{
|
||||||
% clientid variable & username credentials
|
% clientid variable & username credentials
|
||||||
query => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
|
cmd => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
|
||||||
password_hash_algorithm => <<"bcrypt">>,
|
password_hash_algorithm => <<"bcrypt">>,
|
||||||
salt_position => <<"suffix">>
|
salt_position => <<"suffix">>
|
||||||
},
|
},
|
||||||
|
|
@ -316,8 +316,8 @@ user_seeds() ->
|
||||||
},
|
},
|
||||||
key => "mqtt_user:bcrypt1",
|
key => "mqtt_user:bcrypt1",
|
||||||
config_params => #{
|
config_params => #{
|
||||||
% Bad key in query
|
% Bad key in cmd
|
||||||
query => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
|
cmd => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
|
||||||
password_hash_algorithm => <<"bcrypt">>,
|
password_hash_algorithm => <<"bcrypt">>,
|
||||||
salt_position => <<"suffix">>
|
salt_position => <<"suffix">>
|
||||||
},
|
},
|
||||||
|
|
@ -336,7 +336,7 @@ user_seeds() ->
|
||||||
},
|
},
|
||||||
key => "mqtt_user:bcrypt2",
|
key => "mqtt_user:bcrypt2",
|
||||||
config_params => #{
|
config_params => #{
|
||||||
query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
|
||||||
password_hash_algorithm => <<"bcrypt">>,
|
password_hash_algorithm => <<"bcrypt">>,
|
||||||
salt_position => <<"suffix">>
|
salt_position => <<"suffix">>
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue