test(authn): test cert_subject/cert_common_name placeholder

apps/emqx_authn/test/emqx_authn_http_SUITE.erl

@@ -34,7 +34,9 @@
     password => <<"plain">>,
     peerhost => {127, 0, 0, 1},
     listener => 'tcp:default',
-    protocol => mqtt
+    protocol => mqtt,
+    cert_subject => <<"cert_subject_data">>,
+    cert_common_name => <<"cert_common_name_data">>
 }).
 
 -define(SERVER_RESPONSE_JSON(Result), ?SERVER_RESPONSE_JSON(Result, false)).
@@ -517,7 +519,9 @@ samples() ->
                     <<"username">> := <<"plain">>,
                     <<"password">> := <<"plain">>,
                     <<"clientid">> := <<"clienta">>,
-                    <<"peerhost">> := <<"127.0.0.1">>
+                    <<"peerhost">> := <<"127.0.0.1">>,
+                    <<"cert_subject">> := <<"cert_subject_data">>,
+                    <<"cert_common_name">> := <<"cert_common_name_data">>
                 } = jiffy:decode(RawBody, [return_maps]),
                 Req = cowboy_req:reply(
                     200,
@@ -534,7 +538,9 @@ samples() ->
                     <<"clientid">> => ?PH_CLIENTID,
                     <<"username">> => ?PH_USERNAME,
                     <<"password">> => ?PH_PASSWORD,
-                    <<"peerhost">> => ?PH_PEERHOST
+                    <<"peerhost">> => ?PH_PEERHOST,
+                    <<"cert_subject">> => ?PH_CERT_SUBJECT,
+                    <<"cert_common_name">> => ?PH_CERT_CN_NAME
                 }
             },
             result => {ok, #{is_superuser => false, user_property => #{}}}

apps/emqx_authn/test/emqx_authn_mongo_SUITE.erl

@@ -345,6 +345,33 @@ user_seeds() ->
             result => {ok, #{is_superuser => true}}
         },
 
+        #{
+            data => #{
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>,
+                password_hash =>
+                    <<"ac63a624e7074776d677dd61a003b8c803eb11db004d0ec6ae032a5d7c9c5caf">>,
+                salt => <<"salt">>,
+                is_superuser => 1
+            },
+            credentials => #{
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>,
+                password => <<"sha256">>
+            },
+            config_params => #{
+                <<"filter">> => #{
+                    <<"cert_subject">> => <<"${cert_subject}">>,
+                    <<"cert_common_name">> => <<"${cert_common_name}">>
+                },
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
+        },
+
         #{
             data => #{
                 username => <<"bcrypt">>,

apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl

@@ -318,6 +318,35 @@ user_seeds() ->
             result => {ok, #{is_superuser => true}}
         },
 
+        #{
+            data => #{
+                username => "sha256",
+                password_hash => "ac63a624e7074776d677dd61a003b8c803eb11db004d0ec6ae032a5d7c9c5caf",
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>,
+                salt => "salt",
+                is_superuser_int => 1
+            },
+            credentials => #{
+                clientid => <<"sha256">>,
+                password => <<"sha256">>,
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>
+            },
+            config_params => #{
+                <<"query">> =>
+                    <<
+                        "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
+                        "   FROM users where cert_subject = ${cert_subject} AND cert_common_name = ${cert_common_name} LIMIT 1"
+                    >>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
+        },
+
         #{
             data => #{
                 username => <<"bcrypt">>,
@@ -433,6 +462,8 @@ init_seeds() ->
         "                       username VARCHAR(255),\n"
         "                       password_hash VARCHAR(255),\n"
         "                       salt VARCHAR(255),\n"
+        "                       cert_subject VARCHAR(255),\n"
+        "                       cert_common_name VARCHAR(255),\n"
         "                       is_superuser_str VARCHAR(255),\n"
         "                       is_superuser_int TINYINT)"
     ),

apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl

@@ -380,6 +380,35 @@ user_seeds() ->
             result => {ok, #{is_superuser => true}}
         },
 
+        #{
+            data => #{
+                username => "sha256",
+                password_hash => "ac63a624e7074776d677dd61a003b8c803eb11db004d0ec6ae032a5d7c9c5caf",
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>,
+                salt => "salt",
+                is_superuser_int => 1
+            },
+            credentials => #{
+                clientid => <<"sha256">>,
+                password => <<"sha256">>,
+                cert_subject => <<"cert_subject_data">>,
+                cert_common_name => <<"cert_common_name_data">>
+            },
+            config_params => #{
+                <<"query">> =>
+                    <<
+                        "SELECT password_hash, salt, is_superuser_int as is_superuser\n"
+                        "      FROM users where cert_subject = ${cert_subject} AND cert_common_name = ${cert_common_name} LIMIT 1"
+                    >>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"prefix">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
+        },
+
         #{
             data => #{
                 username => <<"bcrypt">>,
@@ -474,6 +503,8 @@ init_seeds() ->
         "                       username varchar(255),\n"
         "                       password_hash varchar(255),\n"
         "                       salt varchar(255),\n"
+        "                       cert_subject varchar(255),\n"
+        "                       cert_common_name varchar(255),\n"
         "                       is_superuser_str varchar(255),\n"
         "                       is_superuser_int smallint,\n"
         "                       is_superuser_bool boolean)"

apps/emqx_authn/test/emqx_authn_redis_SUITE.erl

@@ -479,7 +479,7 @@ user_seeds() ->
 
         #{
             data => #{
-                password =>
+                password_hash =>
                     <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
                 is_superuser => <<"1">>
             },
@@ -502,7 +502,7 @@ user_seeds() ->
 
         #{
             data => #{
-                password =>
+                password_hash =>
                     <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
                 is_superuser => <<"1">>
             },