yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: apply suggestions from code review 

Co-authored-by: zmstone <zmstone@gmail.com>
This commit is contained in:
zhongwencool 2024-06-27 19:31:35 +08:00 committed by GitHub
parent cbaa0b0be0
commit d9086139eb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
rel/i18n/emqx_authn_mnesia_schema.hocon
View File

@ -19,22 +19,24 @@ bootstrap_file.label:
"""Bootstrap File Path"""
bootstrap_type.desc:
"""- **`plain`**:
- Format: `{user_id},{password},{is_superuser}`
- `user_id`: Can be `clientid` or `username`, based on `user_id_type`.
- `password`: User's plaintext password.
- `is_superuser`: Boolean, user's administrative status.
"""Specify which type of content the bootstrap file has.
- **`hash`**:
- Format: `{user_id},{password_hash},{salt},{is_superuser}`
- Definitions similar to `plain` type, with `password_hash` and `salt` added for security.
- **`plain`**:
- Expected data fields: `user_id`, `password`, `is_superuser`
- `user_id`: Can be Client ID or username, depending on built-in database authentication's `user_id_type` config.
- `password`: User's plaintext password.
- `is_superuser`: Boolean, user's administrative status.
All file format support is the same as `authentication/password_based:built_in_database/import_users` API.
Json file plain format example:`[{"user_id": "my_user","password": "s3cr3tp@ssw0rd","is_superuser": true}]`.
CSV file hash format example :`user_id,password_hash,salt,is_superuser\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`
- **`hash`**:
- Expected data fields: `user_id`,`password_hash`,`salt`,`is_superuser`
- Definitions similar to `plain` type, with `password_hash` and `salt` added for security.
Formula for `password_hash`:
If configured as `password_hash_algorithm {name = sha256, salt_position = suffix}`,
the Python code to calculate the `password_hash` is `hashlib.sha256(password + salt).hexdigest()`."""
The content can be either in CSV, or JSON format.
Here is a CSV example: `user_id,password_hash,salt,is_superuser\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`
And JSON content should be decoded into an array of objects, for example: `[{"user_id": "my_user","password": "s3cr3tp@ssw0rd","is_superuser": true}]`.
The hash string for password_hash depends on how password_hash_algorithm is configured for the built-in database authentication mechanism. For example, if it's configured as `password_hash_algorithm {name = sha256, salt_position = suffix}`, then the salt is appended to the password before hashed. Here is the equivalent Python expression: `hashlib.sha256(password + salt).hexdigest()`."""
}