fix(authn): fix cert_subject and cert_common_name placeholder

2022-07-21 11:43:58 +08:00 · 2022-07-21 11:43:58 +08:00 · f8f4ad3e5b
parent 7ad0dc7c73
commit f8f4ad3e5b
2 changed files with 54 additions and 3 deletions
--- a/apps/emqx_authn/src/emqx_authn_utils.erl
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@ -117,21 +117,21 @@ parse_sql(Template, ReplaceWith) ->
 render_deep(Template, Credential) ->
    emqx_placeholder:proc_tmpl_deep(
        Template,
-        Credential,
+        mapping_credential(Credential),
        #{return => full_binary, var_trans => fun handle_var/2}
    ).
 render_str(Template, Credential) ->
    emqx_placeholder:proc_tmpl(
        Template,
-        Credential,
+        mapping_credential(Credential),
        #{return => full_binary, var_trans => fun handle_var/2}
    ).
 render_sql_params(ParamList, Credential) ->
    emqx_placeholder:proc_tmpl(
        ParamList,
-        Credential,
+        mapping_credential(Credential),
        #{return => rawlist, var_trans => fun handle_sql_var/2}
    ).
@ -216,3 +216,8 @@ handle_sql_var({var, <<"peerhost">>}, PeerHost) ->
    emqx_placeholder:bin(inet:ntoa(PeerHost));
 handle_sql_var(_, Value) ->
    emqx_placeholder:sql_data(Value).
 mapping_credential(C = #{cn := CN, dn := DN}) ->
    C#{cert_common_name => CN, cert_subject => DN};
 mapping_credential(C) ->
    C.
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@ -475,6 +475,52 @@ user_seeds() ->
                }
            },
            result => {ok, #{is_superuser => true}}
        },
        #{
            data => #{
                password =>
                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
                is_superuser => <<"1">>
            },
            credentials => #{
                clientid => <<"sha256_no_salt">>,
                cn => <<"cert_common_name">>,
                dn => <<"cert_subject_name">>,
                password => <<"sha256_no_salt">>
            },
            key => <<"mqtt_user:cert_common_name">>,
            config_params => #{
                <<"cmd">> => <<"HMGET mqtt_user:${cert_common_name} password_hash is_superuser">>,
                <<"password_hash_algorithm">> => #{
                    <<"name">> => <<"sha256">>,
                    <<"salt_position">> => <<"disable">>
                }
            },
            result => {ok, #{is_superuser => true}}
        },
        #{
            data => #{
                password =>
                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
                is_superuser => <<"1">>
            },
            credentials => #{
                clientid => <<"sha256_no_salt">>,
                cn => <<"cert_common_name">>,
                dn => <<"cert_subject_name">>,
                password => <<"sha256_no_salt">>
            },
            key => <<"mqtt_user:cert_subject_name">>,
            config_params => #{
                <<"cmd">> => <<"HMGET mqtt_user:${cert_subject} password_hash is_superuser">>,
                <<"password_hash_algorithm">> => #{
                    <<"name">> => <<"sha256">>,
                    <<"salt_position">> => <<"disable">>
                }
            },
            result => {ok, #{is_superuser => true}}
        }
    ].