yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: remind the user to delete bad appid/username.

This commit is contained in:
zhongwencool 2022-03-16 15:17:56 +08:00
parent f70d777623
commit bfadcebb9c
4 changed files with 59 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apps/emqx_management/src/emqx_mgmt_auth.erl
View File

@ -16,6 +16,8 @@
-module(emqx_mgmt_auth). -module(emqx_mgmt_auth).
-include_lib("emqx/include/logger.hrl").
%% Mnesia Bootstrap %% Mnesia Bootstrap
-export([mnesia/1]). -export([mnesia/1]).
-boot_mnesia({mnesia, [boot]}). -boot_mnesia({mnesia, [boot]}).
@ -35,6 +37,8 @@
, list_apps/0 , list_apps/0
]). ]).
-export([abnormal_appid_warning/0]).
%% APP Auth/ACL API %% APP Auth/ACL API
-export([is_authorized/2]). -export([is_authorized/2]).
@ -89,7 +93,7 @@ add_app(AppId, Name, Desc, Status, Expired) when is_binary(AppId) ->
-> {ok, appsecret()} -> {ok, appsecret()}
| {error, term()}). | {error, term()}).
add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) -> add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
case emqx_misc:valid_str(Name) of case emqx_misc:is_sane_id(AppId) of
ok -> ok ->
Secret1 = generate_appsecret_if_need(Secret), Secret1 = generate_appsecret_if_need(Secret),
App = #mqtt_app{id = AppId, App = #mqtt_app{id = AppId,
@ -101,7 +105,7 @@ add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
AddFun = fun() -> AddFun = fun() ->
case mnesia:wread({mqtt_app, AppId}) of case mnesia:wread({mqtt_app, AppId}) of
[] -> mnesia:write(App); [] -> mnesia:write(App);
_ -> mnesia:abort(alread_existed) _ -> mnesia:abort(already_existed)
end end
end, end,
case mnesia:transaction(AddFun) of case mnesia:transaction(AddFun) of
@ -112,7 +116,7 @@ add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
end. end.
force_add_app(AppId, Name, Secret, Desc, Status, Expired) -> force_add_app(AppId, Name, Secret, Desc, Status, Expired) ->
case emqx_misc:valid_str(Name) of case emqx_misc:is_sane_id(AppId) of
ok -> ok ->
AddFun = fun() -> AddFun = fun() ->
mnesia:write(#mqtt_app{ mnesia:write(#mqtt_app{
@ -216,3 +220,15 @@ is_authorized(AppId, AppSecret) ->
is_expired(undefined) -> true; is_expired(undefined) -> true;
is_expired(Expired) -> Expired >= erlang:system_time(second). is_expired(Expired) -> Expired >= erlang:system_time(second).
abnormal_appid_warning() ->
lists:foreach(fun(Id) ->
case emqx_misc:is_sane_id(Id) of
ok -> ok;
{error, _} ->
?LOG(warning,
"[app] ~ts is not a sane appid(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
"Please use `emqx_ctl mgmt delete ~ts` to delete it and create a new one.",
[Id, Id])
end
end, mnesia:dirty_all_keys(mqtt_app)).

2
apps/emqx_management/src/emqx_mgmt_sup.erl
View File

@ -23,8 +23,8 @@
-export([init/1]). -export([init/1]).
start_link() -> start_link() ->
emqx_mgmt_auth:abnormal_appid_warning(),
supervisor:start_link({local, ?MODULE}, ?MODULE, []). supervisor:start_link({local, ?MODULE}, ?MODULE, []).
init([]) -> init([]) ->
{ok, {{one_for_one, 1, 5}, []}}. {ok, {{one_for_one, 1, 5}, []}}.

17
lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
View File

@ -78,7 +78,7 @@ start_link() ->
-spec(add_user(binary(), binary(), binary()) -> ok | {error, any()}). -spec(add_user(binary(), binary(), binary()) -> ok | {error, any()}).
add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password) -> add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password) ->
case emqx_misc:valid_str(Username) of case emqx_misc:is_sane_id(Username) of
ok -> ok ->
Admin = #mqtt_admin{username = Username, password = hash(Password), tags = Tags}, Admin = #mqtt_admin{username = Username, password = hash(Password), tags = Tags},
return(mnesia:transaction(fun add_user_/1, [Admin])); return(mnesia:transaction(fun add_user_/1, [Admin]));
@ -86,7 +86,7 @@ add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password)
end. end.
force_add_user(Username, Password, Tags) -> force_add_user(Username, Password, Tags) ->
case emqx_misc:valid_str(Username) of case emqx_misc:is_sane_id(Username) of
ok -> ok ->
AddFun = fun() -> AddFun = fun() ->
mnesia:write(#mqtt_admin{username = Username, password = Password, tags = Tags}) mnesia:write(#mqtt_admin{username = Username, password = Password, tags = Tags})
@ -188,6 +188,7 @@ check(Username, Password) ->
init([]) -> init([]) ->
%% Add default admin user %% Add default admin user
_ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)), _ = add_default_user(binenv(default_user_username), binenv(default_user_passwd)),
abnormal_username_warning(),
{ok, state}. {ok, state}.
handle_call(_Req, _From, State) -> handle_call(_Req, _From, State) ->
@ -256,3 +257,15 @@ add_default_user(Username, Password) ->
end end
end, end,
ok. ok.
abnormal_username_warning() ->
lists:foreach(fun(Name) ->
case emqx_misc:is_sane_id(Name) of
ok -> ok;
{error, _} ->
?LOG(warning,
"[dashboard] `~ts` is not a sane username(^[A-Za-z0-9]+[A-Za-z0-9-_]*$). "
"Please use `emqx_ctl admins del ~ts` to delete it and create a new one.",
[Name, Name])
end
end, mnesia:dirty_all_keys(mqtt_admin)).

47
src/emqx_misc.erl
View File

@ -52,13 +52,13 @@
, hexstr2bin/1 , hexstr2bin/1
]). ]).
-export([ valid_str/1 -export([ is_sane_id/1
]). ]).
-define(VALID_STR_RE, "^[A-Za-z]+[A-Za-z0-9-_]*$"). -define(VALID_STR_RE, "^[A-Za-z0-9]+[A-Za-z0-9-_]*$").
-spec valid_str(list() | binary()) -> ok | {error, Reason::binary()}. -spec is_sane_id(list() | binary()) -> ok | {error, Reason::binary()}.
valid_str(Str) -> is_sane_id(Str) ->
StrLen = len(Str), StrLen = len(Str),
case StrLen > 0 andalso StrLen =< 256 of case StrLen > 0 andalso StrLen =< 256 of
true -> true ->
@ -329,29 +329,30 @@ hexchar2int(I) when I >= $a andalso I =< $f -> I - $a + 10.
ipv6_probe_test() -> ipv6_probe_test() ->
?assertEqual([{ipv6_probe, true}], ipv6_probe([])). ?assertEqual([{ipv6_probe, true}], ipv6_probe([])).
valid_str_test() -> is_sane_id_test() ->
?assertMatch({error, _}, valid_str("")), ?assertMatch({error, _}, is_sane_id("")),
?assertMatch({error, _}, valid_str("_")), ?assertMatch({error, _}, is_sane_id("_")),
?assertMatch({error, _}, valid_str("_aaa")), ?assertMatch({error, _}, is_sane_id("_aaa")),
?assertMatch({error, _}, valid_str("lkad/oddl")), ?assertMatch({error, _}, is_sane_id("lkad/oddl")),
?assertMatch({error, _}, valid_str("lkad*oddl")), ?assertMatch({error, _}, is_sane_id("lkad*oddl")),
?assertMatch({error, _}, valid_str("<script>lkadoddl")), ?assertMatch({error, _}, is_sane_id("script>lkadoddl")),
?assertMatch({error, _}, valid_str("1lkdfaldk")), ?assertMatch({error, _}, is_sane_id("<script>lkadoddl")),
?assertMatch({error, _}, valid_str("1223333434")),
?assertMatch(ok, valid_str(<<"Abckdf_lkdfd_1222">>)), ?assertMatch(ok, is_sane_id(<<"Abckdf_lkdfd_1222">>)),
?assertMatch(ok, valid_str("Abckdf_lkdfd_1222")), ?assertMatch(ok, is_sane_id("Abckdf_lkdfd_1222")),
?assertMatch(ok, valid_str("abckdf_lkdfd_1222")), ?assertMatch(ok, is_sane_id("abckdf_lkdfd_1222")),
?assertMatch(ok, valid_str("abckdflkdfd1222")), ?assertMatch(ok, is_sane_id("abckdflkdfd1222")),
?assertMatch(ok, valid_str("abckdflkdf")), ?assertMatch(ok, is_sane_id("abckdflkdf")),
?assertMatch(ok, valid_str("a1122222")), ?assertMatch(ok, is_sane_id("a1122222")),
?assertMatch(ok, is_sane_id("1223333434")),
?assertMatch(ok, is_sane_id("1lkdfaldk")),
Ok = lists:flatten(lists:duplicate(256, "a")), Ok = lists:flatten(lists:duplicate(256, "a")),
Bad = Ok ++ "a", Bad = Ok ++ "a",
?assertMatch(ok, valid_str(Ok)), ?assertMatch(ok, is_sane_id(Ok)),
?assertMatch(ok, valid_str(list_to_binary(Ok))), ?assertMatch(ok, is_sane_id(list_to_binary(Ok))),
?assertMatch({error, _}, valid_str(Bad)), ?assertMatch({error, _}, is_sane_id(Bad)),
?assertMatch({error, _}, valid_str(list_to_binary(Bad))), ?assertMatch({error, _}, is_sane_id(list_to_binary(Bad))),
ok. ok.
-endif. -endif.