yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11490 from lafirest/fix/absent_pw 

fix(authn): quickly return when the password is absent in password-based authentication
This commit is contained in:
lafirest 2023-08-22 18:52:58 +08:00 committed by GitHub
parent d0c29acb3b e20b804e6b
commit f8f39bf223
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -173,6 +173,8 @@ update(Config, _State) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

2
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
View File

@ -160,6 +160,8 @@ destroy(#{resource_id := ResourceId}) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

2
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
View File

@ -110,6 +110,8 @@ destroy(#{resource_id := ResourceId}) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

2
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
View File

@ -113,6 +113,8 @@ destroy(#{resource_id := ResourceId}) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

2
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -148,6 +148,8 @@ destroy(#{resource_id := ResourceId}) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

4
apps/emqx_authn/test/emqx_authn_SUITE.erl
View File

@ -102,7 +102,7 @@ t_will_message_connection_denied(Config) when is_list(Config) ->
{error, _} = emqtt:connect(Publisher), {error, _} = emqtt:connect(Publisher),
receive receive
{'DOWN', Ref, process, Publisher, Reason} -> {'DOWN', Ref, process, Publisher, Reason} ->
?assertEqual({shutdown, unauthorized_client}, Reason) ?assertEqual({shutdown, malformed_username_or_password}, Reason)
after 2000 -> after 2000 ->
error(timeout) error(timeout)
end, end,
@ -151,7 +151,7 @@ t_password_undefined(Config) when is_list(Config) ->
header = #mqtt_packet_header{type = ?CONNACK}, header = #mqtt_packet_header{type = ?CONNACK},
variable = #mqtt_packet_connack{ variable = #mqtt_packet_connack{
ack_flags = 0, ack_flags = 0,
reason_code = ?CONNACK_AUTH reason_code = ?CONNACK_CREDENTIALS
}, },
payload = undefined payload = undefined
}, },

4
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -359,7 +359,7 @@ test_authenticator_users(PathPrefix) ->
<<"metrics">> := #{ <<"metrics">> := #{
<<"total">> := 1, <<"total">> := 1,
<<"success">> := 0, <<"success">> := 0,
<<"nomatch">> := 1 <<"failed">> := 1
} }
} = emqx_utils_json:decode(PageData0, [return_maps]); } = emqx_utils_json:decode(PageData0, [return_maps]);
["listeners", 'tcp:default'] -> ["listeners", 'tcp:default'] ->
@ -417,7 +417,7 @@ test_authenticator_users(PathPrefix) ->
<<"metrics">> := #{ <<"metrics">> := #{
<<"total">> := 2, <<"total">> := 2,
<<"success">> := 1, <<"success">> := 1,
<<"nomatch">> := 1 <<"failed">> := 1
} }
} = emqx_utils_json:decode(PageData01, [return_maps]); } = emqx_utils_json:decode(PageData01, [return_maps]);
["listeners", 'tcp:default'] -> ["listeners", 'tcp:default'] ->

2
apps/emqx_authn/test/emqx_authn_enable_flag_SUITE.erl
View File

@ -102,7 +102,7 @@ t_enable_authn(_Config) ->
%% enable_authn set to true, we go to the set up authn and fail %% enable_authn set to true, we go to the set up authn and fail
{ok, ConnPid1} = emqtt:start_link([{port, 18830}, {clientid, <<"clientid">>}]), {ok, ConnPid1} = emqtt:start_link([{port, 18830}, {clientid, <<"clientid">>}]),
?assertMatch( ?assertMatch(
{error, {unauthorized_client, _}}, {error, {malformed_username_or_password, _}},
emqtt:connect(ConnPid1) emqtt:connect(ConnPid1)
), ),
ok. ok.

2
apps/emqx_ldap/src/emqx_ldap_authn.erl
View File

@ -109,6 +109,8 @@ destroy(#{resource_id := ResourceId}) ->
authenticate(#{auth_method := _}, _) -> authenticate(#{auth_method := _}, _) ->
ignore; ignore;
authenticate(#{password := undefined}, _) ->
{error, bad_username_or_password};
authenticate( authenticate(
#{password := Password} = Credential, #{password := Password} = Credential,
#{ #{

1
changes/ce/perf-11490.en.md Normal file
View File

@ -0,0 +1 @@
Quickly return the result when the password is absent in password-based authentication.