yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(auth): replace query with cmd

This commit is contained in:
zhouzb 2021-12-01 20:24:43 +08:00
parent 25c4f4aa4e
commit b983a18cdf
3 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -1027,7 +1027,7 @@ authenticator_examples() ->
backend => <<"redis">>,
server => <<"127.0.0.1:6379">>,
database => 0,
query => <<"HMGET ${username} password_hash salt">>,
cmd => <<"HMGET ${username} password_hash salt">>,
password_hash_algorithm => <<"sha256">>,
salt_position => <<"prefix">>
}

24
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -58,13 +58,13 @@ fields(sentinel) ->
common_fields() ->
[{mechanism, {enum, ['password-based']}},
{backend, {enum, [redis]}},
{query, fun query/1},
{cmd, fun cmd/1},
{password_hash_algorithm, fun password_hash_algorithm/1},
{salt_position, fun salt_position/1}
] ++ emqx_authn_schema:common_fields().
query(type) -> string();
query(_) -> undefined.
cmd(type) -> string();
cmd(_) -> undefined.
password_hash_algorithm(type) -> {enum, [plain, md5, sha, sha256, sha512, bcrypt]};
password_hash_algorithm(default) -> sha256;
@ -87,17 +87,17 @@ refs() ->
create(_AuthenticatorID, Config) ->
create(Config).
create(#{query := Query,
create(#{cmd := Cmd,
password_hash_algorithm := Algorithm} = Config) ->
try
NQuery = parse_query(Query),
NCmd = parse_cmd(Cmd),
ok = emqx_authn_utils:ensure_apps_started(Algorithm),
State = maps:with(
[password_hash_algorithm, salt_position],
Config),
ResourceId = emqx_authn_utils:make_resource_id(?MODULE),
NState = State#{
query => NQuery,
cmd => NCmd,
resource_id => ResourceId},
case emqx_resource:create_local(ResourceId, emqx_connector_redis, Config) of
{ok, already_created} ->
@ -108,8 +108,8 @@ create(#{query := Query,
{error, Reason}
end
catch
error:{unsupported_query, _Query} ->
{error, {unsupported_query, Query}};
error:{unsupported_cmd, _Cmd} ->
{error, {unsupported_cmd, Cmd}};
error:missing_password_hash ->
{error, missing_password_hash};
error:{unsupported_fields, Fields} ->
@ -128,7 +128,7 @@ update(Config, State) ->
authenticate(#{auth_method := _}, _) ->
ignore;
authenticate(#{password := Password} = Credential,
#{query := {Command, Key, Fields},
#{cmd := {Command, Key, Fields},
resource_id := ResourceId} = State) ->
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
@ -162,15 +162,15 @@ destroy(#{resource_id := ResourceId}) ->
%%------------------------------------------------------------------------------
%% Only support HGET and HMGET
parse_query(Query) ->
case string:tokens(Query, " ") of
parse_cmd(Cmd) ->
case string:tokens(Cmd, " ") of
[Command, Key, Field | Fields] when Command =:= "HGET" orelse Command =:= "HMGET" ->
NFields = [Field | Fields],
check_fields(NFields),
NKey = parse_key(Key),
{Command, NKey, NFields};
_ ->
error({unsupported_query, Query})
error({unsupported_cmd, Cmd})
end.
check_fields(Fields) ->

20
apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
View File

@ -98,11 +98,11 @@ t_create_invalid(_Config) ->
AuthConfig#{password => <<"wrongpass">>},
AuthConfig#{database => <<"5678">>},
AuthConfig#{
query => <<"MGET password_hash:${username} salt:${username}">>},
cmd => <<"MGET password_hash:${username} salt:${username}">>},
AuthConfig#{
query => <<"HMGET mqtt_user:${username} password_hash invalid_field">>},
cmd => <<"HMGET mqtt_user:${username} password_hash invalid_field">>},
AuthConfig#{
query => <<"HMGET mqtt_user:${username} salt is_superuser">>}
cmd => <<"HMGET mqtt_user:${username} salt is_superuser">>}
],
lists:foreach(
@ -177,7 +177,7 @@ t_update(_Config) ->
CorrectConfig = raw_redis_auth_config(),
IncorrectConfig =
CorrectConfig#{
query => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>},
cmd => <<"HMGET invalid_key:${username} password_hash salt is_superuser">>},
{ok, _} = emqx:update_config(
?PATH,
@ -214,7 +214,7 @@ raw_redis_auth_config() ->
enable => <<"true">>,
backend => <<"redis">>,
query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
database => <<"1">>,
password => <<"public">>,
server => redis_server()
@ -262,7 +262,7 @@ user_seeds() ->
},
key => "mqtt_user:sha256",
config_params => #{
query => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
cmd => <<"HMGET mqtt_user:${clientid} password_hash salt is_superuser">>,
password_hash_algorithm => <<"sha256">>,
salt_position => <<"prefix">>
},
@ -298,7 +298,7 @@ user_seeds() ->
key => "mqtt_user:bcrypt0",
config_params => #{
% clientid variable & username credentials
query => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
cmd => <<"HMGET mqtt_client:${clientid} password_hash salt is_superuser">>,
password_hash_algorithm => <<"bcrypt">>,
salt_position => <<"suffix">>
},
@ -316,8 +316,8 @@ user_seeds() ->
},
key => "mqtt_user:bcrypt1",
config_params => #{
% Bad key in query
query => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
% Bad key in cmd
cmd => <<"HMGET badkey:${username} password_hash salt is_superuser">>,
password_hash_algorithm => <<"bcrypt">>,
salt_position => <<"suffix">>
},
@ -336,7 +336,7 @@ user_seeds() ->
},
key => "mqtt_user:bcrypt2",
config_params => #{
query => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
password_hash_algorithm => <<"bcrypt">>,
salt_position => <<"suffix">>
},