diff --git a/src/emqx_channel.erl b/src/emqx_channel.erl index e1fd1b6f3..9a3339c65 100644 --- a/src/emqx_channel.erl +++ b/src/emqx_channel.erl @@ -1138,21 +1138,18 @@ do_enhanced_auth(undefined, _AuthData, Channel) -> do_enhanced_auth(_AuthMethod, undefined, Channel) -> {error, emqx_reason_codes:connack_error(not_authorized), Channel}; do_enhanced_auth(AuthMethod, AuthData, Channel = #channel{auth_cache = Cache}) -> - case do_auth_check(AuthMethod, AuthData, Cache) of - ok -> {ok, #{}, Channel#channel{auth_cache = #{}}}; + case run_hooks('client.enhanced_authenticate',[AuthMethod, AuthData, Cache]) of + {ok, <<>>} -> {ok, #{}, Channel#channel{auth_cache = #{}}}; {ok, NAuthData} -> NProperties = #{'Authentication-Method' => AuthMethod, 'Authentication-Data' => NAuthData}, {ok, NProperties, Channel#channel{auth_cache = #{}}}; {continue, NAuthData, NCache} -> NProperties = #{'Authentication-Method' => AuthMethod, 'Authentication-Data' => NAuthData}, {continue, NProperties, Channel#channel{auth_cache = NCache}}; - {error, _Reason} -> + _ -> {error, emqx_reason_codes:connack_error(not_authorized), Channel} end. -do_auth_check(_AuthMethod, _AuthData, _AuthDataCache) -> - {error, not_authorized}. - %%-------------------------------------------------------------------- %% Process Topic Alias diff --git a/src/emqx_metrics.erl b/src/emqx_metrics.erl index 47c2e9a6a..4009ca67c 100644 --- a/src/emqx_metrics.erl +++ b/src/emqx_metrics.erl @@ -520,11 +520,12 @@ reserved_idx('client.connect') -> 200; reserved_idx('client.connack') -> 201; reserved_idx('client.connected') -> 202; reserved_idx('client.authenticate') -> 203; -reserved_idx('client.auth.anonymous') -> 204; -reserved_idx('client.check_acl') -> 205; -reserved_idx('client.subscribe') -> 206; -reserved_idx('client.unsubscribe') -> 207; -reserved_idx('client.disconnected') -> 208; +reserved_idx('client.enhanced_authenticate') -> 204; +reserved_idx('client.auth.anonymous') -> 205; +reserved_idx('client.check_acl') -> 206; +reserved_idx('client.subscribe') -> 207; +reserved_idx('client.unsubscribe') -> 208; +reserved_idx('client.disconnected') -> 209; reserved_idx('session.created') -> 220; reserved_idx('session.resumed') -> 221; diff --git a/test/emqx_channel_SUITE.erl b/test/emqx_channel_SUITE.erl index a94095b2b..0bddae09d 100644 --- a/test/emqx_channel_SUITE.erl +++ b/test/emqx_channel_SUITE.erl @@ -120,7 +120,7 @@ t_handle_in_connect_auth_failed(_) -> clean_start = true, keepalive = 30, properties = #{ - 'Authentication-Method' => "failed_auth_method", + 'Authentication-Method' => <<"failed_auth_method">>, 'Authentication-Data' => <<"failed_auth_data">> }, clientid = <<"clientid">>, @@ -131,7 +131,7 @@ t_handle_in_connect_auth_failed(_) -> t_handle_in_continue_auth(_) -> Properties = #{ - 'Authentication-Method' => "failed_auth_method", + 'Authentication-Method' => <<"failed_auth_method">>, 'Authentication-Data' => <<"failed_auth_data">> }, {shutdown, bad_authentication_method, ?CONNACK_PACKET(?RC_BAD_AUTHENTICATION_METHOD), _} = @@ -141,7 +141,7 @@ t_handle_in_continue_auth(_) -> t_handle_in_re_auth(_) -> Properties = #{ - 'Authentication-Method' => "failed_auth_method", + 'Authentication-Method' => <<"failed_auth_method">>, 'Authentication-Data' => <<"failed_auth_data">> }, {ok, [{outgoing, ?DISCONNECT_PACKET(?RC_BAD_AUTHENTICATION_METHOD)}, {close, bad_authentication_method}], _} =