yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(authn): adapt listener id type

This commit is contained in:
zhouzb 2021-09-08 09:46:47 +08:00
parent c68edb3905
commit be38bcc5cc
7 changed files with 48 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/include/emqx.hrl
View File

@ -147,6 +147,6 @@
}). }).
-record(chain, -record(chain,
{ name :: binary() { name :: atom()
, authenticators :: [#authenticator{}] , authenticators :: [#authenticator{}]
}). }).

20
apps/emqx/src/emqx_authentication.erl
View File

@ -473,7 +473,7 @@ handle_call({update_authenticator, ChainName, AuthenticatorID, Config}, _From, S
state = #{version := Version} = ST} = Authenticator -> state = #{version := Version} = ST} = Authenticator ->
case AuthenticatorID =:= generate_id(Config) of case AuthenticatorID =:= generate_id(Config) of
true -> true ->
Unique = <<ChainName/binary, "/", AuthenticatorID/binary, ":", Version/binary>>, Unique = unique(ChainName, AuthenticatorID, Version),
case Provider:update(Config#{'_unique' => Unique}, ST) of case Provider:update(Config#{'_unique' => Unique}, ST) of
{ok, NewST} -> {ok, NewST} ->
NewAuthenticator = Authenticator#authenticator{state = switch_version(NewST)}, NewAuthenticator = Authenticator#authenticator{state = switch_version(NewST)},
@ -575,17 +575,17 @@ split_by_id(ID, AuthenticatorsConfig) ->
end. end.
global_chain(mqtt) -> global_chain(mqtt) ->
<<"mqtt:global">>; 'mqtt:global';
global_chain('mqtt-sn') -> global_chain('mqtt-sn') ->
<<"mqtt-sn:global">>; 'mqtt-sn:global';
global_chain(coap) -> global_chain(coap) ->
<<"coap:global">>; 'coap:global';
global_chain(lwm2m) -> global_chain(lwm2m) ->
<<"lwm2m:global">>; 'lwm2m:global';
global_chain(stomp) -> global_chain(stomp) ->
<<"stomp:global">>; 'stomp:global';
global_chain(_) -> global_chain(_) ->
<<"unknown:global">>. 'unknown:global'.
may_hook(#{hooked := false} = State) -> may_hook(#{hooked := false} = State) ->
case lists:any(fun(#chain{authenticators = []}) -> false; case lists:any(fun(#chain{authenticators = []}) -> false;
@ -618,7 +618,7 @@ do_create_authenticator(ChainName, AuthenticatorID, #{enable := Enable} = Config
undefined -> undefined ->
{error, no_available_provider}; {error, no_available_provider};
Provider -> Provider ->
Unique = <<ChainName/binary, "/", AuthenticatorID/binary, ":", ?VER_1/binary>>, Unique = unique(ChainName, AuthenticatorID, ?VER_1),
case Provider:create(Config#{'_unique' => Unique}) of case Provider:create(Config#{'_unique' => Unique}) of
{ok, State} -> {ok, State} ->
Authenticator = #authenticator{id = AuthenticatorID, Authenticator = #authenticator{id = AuthenticatorID,
@ -704,6 +704,10 @@ serialize_authenticator(#authenticator{id = ID,
, state => State , state => State
}. }.
unique(ChainName, AuthenticatorID, Version) ->
NChainName = atom_to_binary(ChainName),
<<NChainName/binary, "/", AuthenticatorID/binary, ":", Version/binary>>.
switch_version(State = #{version := ?VER_1}) -> switch_version(State = #{version := ?VER_1}) ->
State#{version := ?VER_2}; State#{version := ?VER_2};
switch_version(State = #{version := ?VER_2}) -> switch_version(State = #{version := ?VER_2}) ->

8
apps/emqx/src/emqx_channel.erl
View File

@ -214,7 +214,7 @@ init(ConnInfo = #{peername := {PeerHost, _Port},
ClientInfo = set_peercert_infos( ClientInfo = set_peercert_infos(
Peercert, Peercert,
#{zone => Zone, #{zone => Zone,
listener => Listener, listener => emqx_listeners:listener_id(Type, Listener),
protocol => Protocol, protocol => Protocol,
peerhost => PeerHost, peerhost => PeerHost,
sockport => SockPort, sockport => SockPort,
@ -223,7 +223,7 @@ init(ConnInfo = #{peername := {PeerHost, _Port},
mountpoint => MountPoint, mountpoint => MountPoint,
is_bridge => false, is_bridge => false,
is_superuser => false is_superuser => false
}, Zone, Listener), }, Zone),
{NClientInfo, NConnInfo} = take_ws_cookie(ClientInfo, ConnInfo), {NClientInfo, NConnInfo} = take_ws_cookie(ClientInfo, ConnInfo),
#channel{conninfo = NConnInfo, #channel{conninfo = NConnInfo,
clientinfo = NClientInfo, clientinfo = NClientInfo,
@ -244,12 +244,12 @@ quota_policy(RawPolicy) ->
erlang:trunc(hocon_postprocess:duration(StrWind) / 1000)}} erlang:trunc(hocon_postprocess:duration(StrWind) / 1000)}}
|| {Name, [StrCount, StrWind]} <- maps:to_list(RawPolicy)]. || {Name, [StrCount, StrWind]} <- maps:to_list(RawPolicy)].
set_peercert_infos(NoSSL, ClientInfo, _, _) set_peercert_infos(NoSSL, ClientInfo, _)
when NoSSL =:= nossl; when NoSSL =:= nossl;
NoSSL =:= undefined -> NoSSL =:= undefined ->
ClientInfo#{username => undefined}; ClientInfo#{username => undefined};
set_peercert_infos(Peercert, ClientInfo, Zone, _Listener) -> set_peercert_infos(Peercert, ClientInfo, Zone) ->
{DN, CN} = {esockd_peercert:subject(Peercert), {DN, CN} = {esockd_peercert:subject(Peercert),
esockd_peercert:common_name(Peercert)}, esockd_peercert:common_name(Peercert)},
PeercetAs = fun(Key) -> PeercetAs = fun(Key) ->

10
apps/emqx/test/emqx_authentication_SUITE.erl
View File

@ -94,7 +94,7 @@ end_per_suite(_) ->
t_chain(_) -> t_chain(_) ->
% CRUD of authentication chain % CRUD of authentication chain
ChainName = <<"test">>, ChainName = 'test',
?assertMatch({ok, []}, ?AUTHN:list_chains()), ?assertMatch({ok, []}, ?AUTHN:list_chains()),
?assertMatch({ok, #{name := ChainName, authenticators := []}}, ?AUTHN:create_chain(ChainName)), ?assertMatch({ok, #{name := ChainName, authenticators := []}}, ?AUTHN:create_chain(ChainName)),
?assertEqual({error, {already_exists, {chain, ChainName}}}, ?AUTHN:create_chain(ChainName)), ?assertEqual({error, {already_exists, {chain, ChainName}}}, ?AUTHN:create_chain(ChainName)),
@ -105,7 +105,7 @@ t_chain(_) ->
ok. ok.
t_authenticator(_) -> t_authenticator(_) ->
ChainName = <<"test">>, ChainName = 'test',
AuthenticatorConfig1 = #{mechanism => 'password-based', AuthenticatorConfig1 = #{mechanism => 'password-based',
backend => 'built-in-database', backend => 'built-in-database',
enable => true}, enable => true},
@ -155,7 +155,7 @@ t_authenticator(_) ->
ok. ok.
t_authenticate(_) -> t_authenticate(_) ->
ListenerID = <<"tcp:default">>, ListenerID = 'tcp:default',
ClientInfo = #{zone => default, ClientInfo = #{zone => default,
listener => ListenerID, listener => ListenerID,
protocol => mqtt, protocol => mqtt,
@ -186,7 +186,7 @@ t_update_config(_) ->
?AUTHN:add_provider(AuthNType1, ?MODULE), ?AUTHN:add_provider(AuthNType1, ?MODULE),
?AUTHN:add_provider(AuthNType2, ?MODULE), ?AUTHN:add_provider(AuthNType2, ?MODULE),
Global = <<"mqtt:global">>, Global = 'mqtt:global',
AuthenticatorConfig1 = #{mechanism => 'password-based', AuthenticatorConfig1 = #{mechanism => 'password-based',
backend => 'built-in-database', backend => 'built-in-database',
enable => true}, enable => true},
@ -212,7 +212,7 @@ t_update_config(_) ->
?assertMatch({ok, _}, update_config([authentication], {delete_authenticator, Global, ID1})), ?assertMatch({ok, _}, update_config([authentication], {delete_authenticator, Global, ID1})),
?assertEqual({error, {not_found, {authenticator, ID1}}}, ?AUTHN:lookup_authenticator(Global, ID1)), ?assertEqual({error, {not_found, {authenticator, ID1}}}, ?AUTHN:lookup_authenticator(Global, ID1)),
ListenerID = <<"tcp:default">>, ListenerID = 'tcp:default',
ConfKeyPath = [listeners, tcp, default, authentication], ConfKeyPath = [listeners, tcp, default, authentication],
?assertMatch({ok, _}, update_config(ConfKeyPath, {create_authenticator, ListenerID, AuthenticatorConfig1})), ?assertMatch({ok, _}, update_config(ConfKeyPath, {create_authenticator, ListenerID, AuthenticatorConfig1})),
?assertMatch({ok, #{id := ID1, state := #{mark := 1}}}, ?AUTHN:lookup_authenticator(ListenerID, ID1)), ?assertMatch({ok, #{id := ID1, state := #{mark := 1}}}, ?AUTHN:lookup_authenticator(ListenerID, ID1)),

2
apps/emqx_authn/include/emqx_authn.hrl
View File

@ -18,7 +18,7 @@
-define(AUTHN, emqx_authentication). -define(AUTHN, emqx_authentication).
-define(GLOBAL, <<"mqtt:global">>). -define(GLOBAL, 'mqtt:global').
-define(RE_PLACEHOLDER, "\\$\\{[a-z0-9\\-]+\\}"). -define(RE_PLACEHOLDER, "\\$\\{[a-z0-9\\-]+\\}").

34
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -1824,7 +1824,8 @@ find_listener(ListenerID) ->
{ok, {Type, Name}} {ok, {Type, Name}}
end. end.
create_authenticator(ConfKeyPath, ChainName, Config) -> create_authenticator(ConfKeyPath, ChainName0, Config) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {create_authenticator, ChainName, Config}) of case update_config(ConfKeyPath, {create_authenticator, ChainName, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}}, {ok, #{post_config_update := #{?AUTHN := #{id := ID}},
raw_config := AuthenticatorsConfig}} -> raw_config := AuthenticatorsConfig}} ->
@ -1849,7 +1850,8 @@ list_authenticator(ConfKeyPath, AuthenticatorID) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) -> update_authenticator(ConfKeyPath, ChainName0, AuthenticatorID, Config) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, case update_config(ConfKeyPath,
{update_authenticator, ChainName, AuthenticatorID, Config}) of {update_authenticator, ChainName, AuthenticatorID, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}}, {ok, #{post_config_update := #{?AUTHN := #{id := ID}},
@ -1860,7 +1862,8 @@ update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) -> delete_authenticator(ConfKeyPath, ChainName0, AuthenticatorID) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {delete_authenticator, ChainName, AuthenticatorID}) of case update_config(ConfKeyPath, {delete_authenticator, ChainName, AuthenticatorID}) of
{ok, _} -> {ok, _} ->
{204}; {204};
@ -1868,7 +1871,8 @@ delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) -> move_authenitcator(ConfKeyPath, ChainName0, AuthenticatorID, Position) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {move_authenticator, ChainName, AuthenticatorID, Position}) of case update_config(ConfKeyPath, {move_authenticator, ChainName, AuthenticatorID, Position}) of
{ok, _} -> {ok, _} ->
{204}; {204};
@ -1876,7 +1880,8 @@ move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
add_user(ChainName, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) -> add_user(ChainName0, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
ChainName = to_atom(ChainName0),
Superuser = maps:get(<<"superuser">>, UserInfo, false), Superuser = maps:get(<<"superuser">>, UserInfo, false),
case ?AUTHN:add_user(ChainName, AuthenticatorID, #{ user_id => UserID case ?AUTHN:add_user(ChainName, AuthenticatorID, #{ user_id => UserID
, password => Password , password => Password
@ -1891,7 +1896,8 @@ add_user(_, _, #{<<"user_id">> := _}) ->
add_user(_, _, _) -> add_user(_, _, _) ->
serialize_error({missing_parameter, user_id}). serialize_error({missing_parameter, user_id}).
update_user(ChainName, AuthenticatorID, UserID, UserInfo) -> update_user(ChainName0, AuthenticatorID, UserID, UserInfo) ->
ChainName = to_atom(ChainName0),
case maps:with([<<"password">>, <<"superuser">>], UserInfo) =:= #{} of case maps:with([<<"password">>, <<"superuser">>], UserInfo) =:= #{} of
true -> true ->
serialize_error({missing_parameter, password}); serialize_error({missing_parameter, password});
@ -1904,7 +1910,8 @@ update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
end end
end. end.
find_user(ChainName, AuthenticatorID, UserID) -> find_user(ChainName0, AuthenticatorID, UserID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:lookup_user(ChainName, AuthenticatorID, UserID) of case ?AUTHN:lookup_user(ChainName, AuthenticatorID, UserID) of
{ok, User} -> {ok, User} ->
{200, User}; {200, User};
@ -1912,7 +1919,8 @@ find_user(ChainName, AuthenticatorID, UserID) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
delete_user(ChainName, AuthenticatorID, UserID) -> delete_user(ChainName0, AuthenticatorID, UserID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:delete_user(ChainName, AuthenticatorID, UserID) of case ?AUTHN:delete_user(ChainName, AuthenticatorID, UserID) of
ok -> ok ->
{204}; {204};
@ -1920,7 +1928,8 @@ delete_user(ChainName, AuthenticatorID, UserID) ->
serialize_error(Reason) serialize_error(Reason)
end. end.
list_users(ChainName, AuthenticatorID) -> list_users(ChainName0, AuthenticatorID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:list_users(ChainName, AuthenticatorID) of case ?AUTHN:list_users(ChainName, AuthenticatorID) of
{ok, Users} -> {ok, Users} ->
{200, Users}; {200, Users};
@ -1973,4 +1982,9 @@ serialize_error(Reason) ->
to_list(M) when is_map(M) -> to_list(M) when is_map(M) ->
[M]; [M];
to_list(L) when is_list(L) -> to_list(L) when is_list(L) ->
L. L.
to_atom(B) when is_binary(B) ->
binary_to_atom(B);
to_atom(A) when is_atom(A) ->
A.

2
apps/emqx_authn/src/emqx_authn_app.erl
View File

@ -53,7 +53,7 @@ remove_providers() ->
initialize() -> initialize() ->
?AUTHN:initialize_authentication(?GLOBAL, emqx:get_raw_config([authentication], [])), ?AUTHN:initialize_authentication(?GLOBAL, emqx:get_raw_config([authentication], [])),
lists:foreach(fun({ListenerID, ListenerConfig}) -> lists:foreach(fun({ListenerID, ListenerConfig}) ->
?AUTHN:initialize_authentication(atom_to_binary(ListenerID), maps:get(authentication, ListenerConfig, [])) ?AUTHN:initialize_authentication(ListenerID, maps:get(authentication, ListenerConfig, []))
end, emqx_listeners:list()), end, emqx_listeners:list()),
ok. ok.