yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert the PR #2355 

- Add anonymous field for credentials
This commit is contained in:
HeeeJianBo 2019-05-15 11:51:38 +08:00 committed by Shawn
parent 1a92f3259f
commit caa582a028
2 changed files with 10 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/emqx_access_control.erl
View File

@ -28,14 +28,12 @@
-spec(authenticate(emqx_types:credentials()) -spec(authenticate(emqx_types:credentials())
-> {ok, emqx_types:credentials()} | {error, term()}). -> {ok, emqx_types:credentials()} | {error, term()}).
authenticate(Credentials) -> authenticate(Credentials) ->
detect_anonymous_permission(Credentials, fun() -> case emqx_hooks:run_fold('client.authenticate', [], init_auth_result(Credentials)) of
case emqx_hooks:run_fold('client.authenticate', [], init_auth_result(Credentials)) of #{auth_result := success} = NewCredentials ->
#{auth_result := success} = NewCredentials -> {ok, NewCredentials};
{ok, NewCredentials}; NewCredentials ->
NewCredentials -> {error, maps:get(auth_result, NewCredentials, unknown_error)}
{error, maps:get(auth_result, NewCredentials, unknown_error)} end.
end
end).
%% @doc Check ACL %% @doc Check ACL
-spec(check_acl(emqx_types:credentials(), emqx_types:pubsub(), emqx_types:topic()) -> allow | deny). -spec(check_acl(emqx_types:credentials(), emqx_types:pubsub(), emqx_types:topic()) -> allow | deny).
@ -68,22 +66,8 @@ reload_acl() ->
emqx_mod_acl_internal:reload_acl(). emqx_mod_acl_internal:reload_acl().
init_auth_result(Credentials) -> init_auth_result(Credentials) ->
case anonymous_permission(Credentials) of case emqx_zone:get_env(maps:get(zone, Credentials, undefined), allow_anonymous, false) of
true -> Credentials#{auth_result => success}; true -> Credentials#{auth_result => success, anonymous => true};
false -> Credentials#{auth_result => not_authorized} false -> Credentials#{auth_result => not_authorized, anonymous => false}
end. end.
detect_anonymous_permission(#{username := undefined,
password := undefined} = Credentials, Fun) ->
case anonymous_permission(Credentials) of
true -> {ok, Credentials};
false -> Fun()
end;
detect_anonymous_permission(_Credentials, Fun) ->
Fun().
anonymous_permission(Credentials) ->
emqx_zone:get_env(maps:get(zone, Credentials, undefined),
allow_anonymous, false).

1
src/emqx_types.erl
View File

@ -89,6 +89,7 @@
mountpoint := binary(), mountpoint := binary(),
password => binary(), password => binary(),
auth_result => auth_result(), auth_result => auth_result(),
anonymous => boolean(),
atom() => term() atom() => term()
}). }).
-type(subscription() :: #subscription{}). -type(subscription() :: #subscription{}).