From bfadcebb9c026158715e013711bb119600b511d4 Mon Sep 17 00:00:00 2001
From: zhongwencool <zhongwencool@gmail.com>
Date: Wed, 16 Mar 2022 15:17:56 +0800
Subject: [PATCH] chore: remind the user to delete bad appid/username.

---
 apps/emqx_management/src/emqx_mgmt_auth.erl   | 22 +++++++--
 apps/emqx_management/src/emqx_mgmt_sup.erl    |  2 +-
 .../src/emqx_dashboard_admin.erl              | 17 ++++++-
 src/emqx_misc.erl                             | 47 ++++++++++---------
 4 files changed, 59 insertions(+), 29 deletions(-)

diff --git a/apps/emqx_management/src/emqx_mgmt_auth.erl b/apps/emqx_management/src/emqx_mgmt_auth.erl
index 6793c9885..e48132e71 100644
--- a/apps/emqx_management/src/emqx_mgmt_auth.erl
+++ b/apps/emqx_management/src/emqx_mgmt_auth.erl
@@ -16,6 +16,8 @@
 
 -module(emqx_mgmt_auth).
 
+-include_lib("emqx/include/logger.hrl").
+
 %% Mnesia Bootstrap
 -export([mnesia/1]).
 -boot_mnesia({mnesia, [boot]}).
@@ -35,6 +37,8 @@
         , list_apps/0
         ]).
 
+-export([abnormal_appid_warning/0]).
+
 %% APP Auth/ACL API
 -export([is_authorized/2]).
 
@@ -89,7 +93,7 @@ add_app(AppId, Name, Desc, Status, Expired) when is_binary(AppId) ->
       -> {ok, appsecret()}
        | {error, term()}).
 add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
-    case emqx_misc:valid_str(Name) of
+    case emqx_misc:is_sane_id(AppId) of
         ok ->
             Secret1 = generate_appsecret_if_need(Secret),
             App = #mqtt_app{id = AppId,
@@ -101,7 +105,7 @@ add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
             AddFun = fun() ->
                 case mnesia:wread({mqtt_app, AppId}) of
                     [] -> mnesia:write(App);
-                    _  -> mnesia:abort(alread_existed)
+                    _  -> mnesia:abort(already_existed)
                 end
                      end,
             case mnesia:transaction(AddFun) of
@@ -112,7 +116,7 @@ add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
     end.
 
 force_add_app(AppId, Name, Secret, Desc, Status, Expired) ->
-    case emqx_misc:valid_str(Name) of
+    case emqx_misc:is_sane_id(AppId) of
         ok ->
             AddFun = fun() ->
                 mnesia:write(#mqtt_app{
@@ -216,3 +220,15 @@ is_authorized(AppId, AppSecret) ->
 
 is_expired(undefined) -> true;
 is_expired(Expired)   -> Expired >= erlang:system_time(second).
+
+abnormal_appid_warning() ->
+    lists:foreach(fun(Id) ->
+        case emqx_misc:is_sane_id(Id) of
+            ok -> ok;
+            {error, _} ->
+                ?LOG(warning,
+                    "[app] ~ts is not a sane appid(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
+                    "Please use `emqx_ctl mgmt delete ~ts` to delete it and create a new one.",
+                    [Id, Id])
+        end
+                  end, mnesia:dirty_all_keys(mqtt_app)).
diff --git a/apps/emqx_management/src/emqx_mgmt_sup.erl b/apps/emqx_management/src/emqx_mgmt_sup.erl
index f3f5545f2..ef3856654 100644
--- a/apps/emqx_management/src/emqx_mgmt_sup.erl
+++ b/apps/emqx_management/src/emqx_mgmt_sup.erl
@@ -23,8 +23,8 @@
 -export([init/1]).
 
 start_link() ->
+    emqx_mgmt_auth:abnormal_appid_warning(),
 	supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
 init([]) ->
 	{ok, {{one_for_one, 1, 5}, []}}.
-
diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
index 7ce1f564f..c9327aedf 100644
--- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
@@ -78,7 +78,7 @@ start_link() ->
 
 -spec(add_user(binary(), binary(), binary()) -> ok | {error, any()}).
 add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password) ->
-    case emqx_misc:valid_str(Username) of
+    case emqx_misc:is_sane_id(Username) of
         ok ->
             Admin = #mqtt_admin{username = Username, password = hash(Password), tags = Tags},
             return(mnesia:transaction(fun add_user_/1, [Admin]));
@@ -86,7 +86,7 @@ add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password)
     end.
 
 force_add_user(Username, Password, Tags) ->
-    case emqx_misc:valid_str(Username) of
+    case emqx_misc:is_sane_id(Username) of
         ok ->
             AddFun = fun() ->
                 mnesia:write(#mqtt_admin{username = Username, password = Password, tags = Tags})
@@ -188,6 +188,7 @@ check(Username, Password) ->
 init([]) ->
     %% Add default admin user
     _ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)),
+    abnormal_username_warning(),
     {ok, state}.
 
 handle_call(_Req, _From, State) ->
@@ -256,3 +257,15 @@ add_default_user(Username, Password) ->
             end
     end,
     ok.
+
+abnormal_username_warning() ->
+    lists:foreach(fun(Name) ->
+        case emqx_misc:is_sane_id(Name) of
+            ok -> ok;
+            {error, _} ->
+                ?LOG(warning,
+                    "[dashboard] `~ts` is not a sane username(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
+                    "Please use `emqx_ctl admins del ~ts` to delete it and create a new one.",
+                    [Name, Name])
+        end
+                  end, mnesia:dirty_all_keys(mqtt_admin)).
diff --git a/src/emqx_misc.erl b/src/emqx_misc.erl
index 8c76ff4a6..3c866b732 100644
--- a/src/emqx_misc.erl
+++ b/src/emqx_misc.erl
@@ -52,13 +52,13 @@
         , hexstr2bin/1
         ]).
 
--export([ valid_str/1
+-export([ is_sane_id/1
         ]).
 
--define(VALID_STR_RE, "^[A-Za-z]+[A-Za-z0-9-_]*$").
+-define(VALID_STR_RE, "^[A-Za-z0-9]+[A-Za-z0-9-_]*$").
 
--spec valid_str(list() | binary()) -> ok | {error, Reason::binary()}.
-valid_str(Str) ->
+-spec is_sane_id(list() | binary()) -> ok | {error, Reason::binary()}.
+is_sane_id(Str) ->
     StrLen = len(Str),
     case StrLen > 0 andalso StrLen =< 256 of
         true ->
@@ -329,29 +329,30 @@ hexchar2int(I) when I >= $a andalso I =< $f -> I - $a + 10.
 ipv6_probe_test() ->
     ?assertEqual([{ipv6_probe, true}], ipv6_probe([])).
 
-valid_str_test() ->
-    ?assertMatch({error, _}, valid_str("")),
-    ?assertMatch({error, _}, valid_str("_")),
-    ?assertMatch({error, _}, valid_str("_aaa")),
-    ?assertMatch({error, _}, valid_str("lkad/oddl")),
-    ?assertMatch({error, _}, valid_str("lkad*oddl")),
-    ?assertMatch({error, _}, valid_str("<script>lkadoddl")),
-    ?assertMatch({error, _}, valid_str("1lkdfaldk")),
-    ?assertMatch({error, _}, valid_str("1223333434")),
+is_sane_id_test() ->
+    ?assertMatch({error, _}, is_sane_id("")),
+    ?assertMatch({error, _}, is_sane_id("_")),
+    ?assertMatch({error, _}, is_sane_id("_aaa")),
+    ?assertMatch({error, _}, is_sane_id("lkad/oddl")),
+    ?assertMatch({error, _}, is_sane_id("lkad*oddl")),
+    ?assertMatch({error, _}, is_sane_id("script>lkadoddl")),
+    ?assertMatch({error, _}, is_sane_id("<script>lkadoddl")),
 
-    ?assertMatch(ok, valid_str(<<"Abckdf_lkdfd_1222">>)),
-    ?assertMatch(ok, valid_str("Abckdf_lkdfd_1222")),
-    ?assertMatch(ok, valid_str("abckdf_lkdfd_1222")),
-    ?assertMatch(ok, valid_str("abckdflkdfd1222")),
-    ?assertMatch(ok, valid_str("abckdflkdf")),
-    ?assertMatch(ok, valid_str("a1122222")),
+    ?assertMatch(ok, is_sane_id(<<"Abckdf_lkdfd_1222">>)),
+    ?assertMatch(ok, is_sane_id("Abckdf_lkdfd_1222")),
+    ?assertMatch(ok, is_sane_id("abckdf_lkdfd_1222")),
+    ?assertMatch(ok, is_sane_id("abckdflkdfd1222")),
+    ?assertMatch(ok, is_sane_id("abckdflkdf")),
+    ?assertMatch(ok, is_sane_id("a1122222")),
+    ?assertMatch(ok, is_sane_id("1223333434")),
+    ?assertMatch(ok, is_sane_id("1lkdfaldk")),
 
     Ok = lists:flatten(lists:duplicate(256, "a")),
     Bad = Ok ++ "a",
-    ?assertMatch(ok, valid_str(Ok)),
-    ?assertMatch(ok, valid_str(list_to_binary(Ok))),
-    ?assertMatch({error, _}, valid_str(Bad)),
-    ?assertMatch({error, _}, valid_str(list_to_binary(Bad))),
+    ?assertMatch(ok, is_sane_id(Ok)),
+    ?assertMatch(ok, is_sane_id(list_to_binary(Ok))),
+    ?assertMatch({error, _}, is_sane_id(Bad)),
+    ?assertMatch({error, _}, is_sane_id(list_to_binary(Bad))),
     ok.
 
 -endif.