From d7c21020f6b8f46d01d633e661d191fcb4ec3cf3 Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@gmail.com>
Date: Thu, 30 Jun 2022 11:26:56 +0800
Subject: [PATCH] feat(authn-redis): needs to compatible with 4.x auth data

---
 apps/emqx_authn/src/emqx_authn_utils.erl      | 19 ++++++++++------
 .../test/emqx_authn_redis_SUITE.erl           | 22 +++++++++++++++++++
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/apps/emqx_authn/src/emqx_authn_utils.erl b/apps/emqx_authn/src/emqx_authn_utils.erl
index 1bd65c7c8..70d6a0b5f 100644
--- a/apps/emqx_authn/src/emqx_authn_utils.erl
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@@ -72,13 +72,18 @@ start_resource_if_enabled(Result, _ResourceId, _Config) ->
 
 check_password_from_selected_map(_Algorithm, _Selected, undefined) ->
     {error, bad_username_or_password};
-check_password_from_selected_map(
-    Algorithm, #{<<"password_hash">> := Hash} = Selected, Password
-) ->
-    Salt = maps:get(<<"salt">>, Selected, <<>>),
-    case emqx_authn_password_hashing:check_password(Algorithm, Salt, Hash, Password) of
-        true -> ok;
-        false -> {error, bad_username_or_password}
+check_password_from_selected_map(Algorithm, Selected, Password) ->
+    Hash = maps:get(<<"password_hash">>, Selected,
+                    maps:get(<<"password">>>, Selected, undefined)),
+    case Hash of
+        undefined -> {error, bad_username_or_password};
+        _ ->
+            Salt = maps:get(<<"salt">>, Selected, <<>>),
+            case emqx_authn_password_hashing:check_password(
+                   Algorithm, Salt, Hash, Password) of
+                true -> ok;
+                false -> {error, bad_username_or_password}
+            end
     end.
 
 parse_deep(Template) ->
diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
index 77e35bf3b..3423879f6 100644
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@@ -453,6 +453,28 @@ user_seeds() ->
                 <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
             result => {error, bad_username_or_password}
+        },
+
+        #{
+            data => #{
+                password =>
+                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
+                is_superuser => <<"1">>
+            },
+            credentials => #{
+                clientid => <<"sha256_no_salt">>,
+                password => <<"sha256_no_salt">>
+            },
+            key => <<"mqtt_user:sha256_no_salt">>,
+            config_params => #{
+                %% Needs to be compatible with emqx 4.x auth data
+                <<"cmd">> => <<"HMGET mqtt_user:${clientid} password is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"disable">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
         }
     ].