yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(jwt): fix the jwt ACL will return a wrong result when the token is expired

This commit is contained in:
firest 2022-11-10 13:16:02 +08:00
parent e9490654ae
commit ebfaecfa91
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
View File

@ -67,7 +67,7 @@ check_acl(ClientInfo = #{jwt_claims := Claims},
case is_expired(Exp) of case is_expired(Exp) of
true -> true ->
?DEBUG("acl_deny_due_to_jwt_expired", []), ?DEBUG("acl_deny_due_to_jwt_expired", []),
deny; {stop, deny};
false -> false ->
verify_acl(ClientInfo, Acl, PubSub, Topic) verify_acl(ClientInfo, Acl, PubSub, Topic)
end; end;

10
apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
View File

@ -462,6 +462,16 @@ t_check_jwt_acl_expire(_Config) ->
{ok, #{}, [?RC_NOT_AUTHORIZED]}, {ok, #{}, [?RC_NOT_AUTHORIZED]},
emqtt:subscribe(C, <<"a/b">>, 0)), emqtt:subscribe(C, <<"a/b">>, 0)),
Default = emqx_zone:get_env(external, acl_nomatch, deny),
emqx_zone:set_env(external, acl_nomatch, allow),
try
?assertMatch(
{ok, #{}, [?RC_NOT_AUTHORIZED]},
emqtt:subscribe(C, <<"a/b">>, 0))
after
emqx_zone:set_env(external, acl_nomatch, Default)
end,
ok = emqtt:disconnect(C). ok = emqtt:disconnect(C).
t_check_jwt_acl_no_exp(init, _Config) -> t_check_jwt_acl_no_exp(init, _Config) ->