yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(authn-redis): needs to compatible with 4.x auth data

This commit is contained in:
JianBo He 2022-06-30 11:26:56 +08:00
parent 88746c7c11
commit d7c21020f6
2 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/emqx_authn/src/emqx_authn_utils.erl
View File

@ -72,13 +72,18 @@ start_resource_if_enabled(Result, _ResourceId, _Config) ->
check_password_from_selected_map(_Algorithm, _Selected, undefined) -> check_password_from_selected_map(_Algorithm, _Selected, undefined) ->
{error, bad_username_or_password}; {error, bad_username_or_password};
check_password_from_selected_map( check_password_from_selected_map(Algorithm, Selected, Password) ->
Algorithm, #{<<"password_hash">> := Hash} = Selected, Password Hash = maps:get(<<"password_hash">>, Selected,
) -> maps:get(<<"password">>>, Selected, undefined)),
case Hash of
undefined -> {error, bad_username_or_password};
_ ->
Salt = maps:get(<<"salt">>, Selected, <<>>), Salt = maps:get(<<"salt">>, Selected, <<>>),
case emqx_authn_password_hashing:check_password(Algorithm, Salt, Hash, Password) of case emqx_authn_password_hashing:check_password(
Algorithm, Salt, Hash, Password) of
true -> ok; true -> ok;
false -> {error, bad_username_or_password} false -> {error, bad_username_or_password}
end
end. end.
parse_deep(Template) -> parse_deep(Template) ->

22
apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
View File

@ -453,6 +453,28 @@ user_seeds() ->
<<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>} <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
}, },
result => {error, bad_username_or_password} result => {error, bad_username_or_password}
},
#{
data => #{
password =>
<<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
is_superuser => <<"1">>
},
credentials => #{
clientid => <<"sha256_no_salt">>,
password => <<"sha256_no_salt">>
},
key => <<"mqtt_user:sha256_no_salt">>,
config_params => #{
%% Needs to be compatible with emqx 4.x auth data
<<"cmd">> => <<"HMGET mqtt_user:${clientid} password is_superuser">>,
<<"password_hash_algorithm">> => #{
<<"name">> => <<"sha256">>,
<<"salt_position">> => <<"disable">>
}
},
result => {ok, #{is_superuser => true}}
} }
]. ].