fix(authn): fix cert_subject and cert_common_name placeholder

2022-07-21 11:43:58 +08:00 · 2022-07-21 11:43:58 +08:00 · f8f4ad3e5b
parent 7ad0dc7c73
commit f8f4ad3e5b
2 changed files with 54 additions and 3 deletions
--- a/apps/emqx_authn/src/emqx_authn_utils.erl
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@ -117,21 +117,21 @@ parse_sql(Template, ReplaceWith) ->
 render_deep(Template, Credential) ->
    emqx_placeholder:proc_tmpl_deep(
        Template,
-        Credential,
+        mapping_credential(Credential),
        #{return => full_binary, var_trans => fun handle_var/2}
    ).

 render_str(Template, Credential) ->
    emqx_placeholder:proc_tmpl(
        Template,
-        Credential,
+        mapping_credential(Credential),
        #{return => full_binary, var_trans => fun handle_var/2}
    ).

 render_sql_params(ParamList, Credential) ->
    emqx_placeholder:proc_tmpl(
        ParamList,
-        Credential,
+        mapping_credential(Credential),
        #{return => rawlist, var_trans => fun handle_sql_var/2}
    ).

@ -216,3 +216,8 @@ handle_sql_var({var, <<"peerhost">>}, PeerHost) ->
    emqx_placeholder:bin(inet:ntoa(PeerHost));
 handle_sql_var(_, Value) ->
    emqx_placeholder:sql_data(Value).
+
+mapping_credential(C = #{cn := CN, dn := DN}) ->
+    C#{cert_common_name => CN, cert_subject => DN};
+mapping_credential(C) ->
+    C.
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@ -475,6 +475,52 @@ user_seeds() ->
                }
            },
            result => {ok, #{is_superuser => true}}
+        },
+
+        #{
+            data => #{
+                password =>
+                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
+                is_superuser => <<"1">>
+            },
+            credentials => #{
+                clientid => <<"sha256_no_salt">>,
+                cn => <<"cert_common_name">>,
+                dn => <<"cert_subject_name">>,
+                password => <<"sha256_no_salt">>
+            },
+            key => <<"mqtt_user:cert_common_name">>,
+            config_params => #{
+                <<"cmd">> => <<"HMGET mqtt_user:${cert_common_name} password_hash is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"disable">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
+        },
+
+        #{
+            data => #{
+                password =>
+                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
+                is_superuser => <<"1">>
+            },
+            credentials => #{
+                clientid => <<"sha256_no_salt">>,
+                cn => <<"cert_common_name">>,
+                dn => <<"cert_subject_name">>,
+                password => <<"sha256_no_salt">>
+            },
+            key => <<"mqtt_user:cert_subject_name">>,
+            config_params => #{
+                <<"cmd">> => <<"HMGET mqtt_user:${cert_subject} password_hash is_superuser">>,
+                <<"password_hash_algorithm">> => #{
+                    <<"name">> => <<"sha256">>,
+                    <<"salt_position">> => <<"disable">>
+                }
+            },
+            result => {ok, #{is_superuser => true}}
        }
    ].