feat(authn-redis): needs to compatible with 4.x auth data

2022-06-30 11:26:56 +08:00 · 2022-06-30 11:26:56 +08:00 · d7c21020f6
parent 88746c7c11
commit d7c21020f6
2 changed files with 34 additions and 7 deletions
--- a/apps/emqx_authn/src/emqx_authn_utils.erl
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@ -72,13 +72,18 @@ start_resource_if_enabled(Result, _ResourceId, _Config) ->

 check_password_from_selected_map(_Algorithm, _Selected, undefined) ->
    {error, bad_username_or_password};
-check_password_from_selected_map(
-    Algorithm, #{<<"password_hash">> := Hash} = Selected, Password
-) ->
-    Salt = maps:get(<<"salt">>, Selected, <<>>),
-    case emqx_authn_password_hashing:check_password(Algorithm, Salt, Hash, Password) of
-        true -> ok;
-        false -> {error, bad_username_or_password}
+check_password_from_selected_map(Algorithm, Selected, Password) ->
+    Hash = maps:get(<<"password_hash">>, Selected,
+                    maps:get(<<"password">>>, Selected, undefined)),
+    case Hash of
+        undefined -> {error, bad_username_or_password};
+        _ ->
+            Salt = maps:get(<<"salt">>, Selected, <<>>),
+            case emqx_authn_password_hashing:check_password(
+                   Algorithm, Salt, Hash, Password) of
+                true -> ok;
+                false -> {error, bad_username_or_password}
+            end
    end.

 parse_deep(Template) ->
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@ -453,6 +453,28 @@ user_seeds() ->
                <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
            },
            result => {error, bad_username_or_password}
+        },
+
+        #{
+            data => #{
+                password =>
+                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
+                is_superuser => <<"1">>
+            },
+            credentials => #{
+                clientid => <<"sha256_no_salt">>,
+                password => <<"sha256_no_salt">>
+            },
+            key => <<"mqtt_user:sha256_no_salt">>,
+            config_params => #{
+                %% Needs to be compatible with emqx 4.x auth data
+                <<"cmd">> => <<"HMGET mqtt_user:${clientid} password is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"disable">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
        }
    ].