yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
22,125 Commits 393 Branches 684 Tags 74 MiB
Commit Graph

36 Commits

Author SHA1 Message Date
firest 878b218692 feat(authn): added a HTTP backend for the authentication mechanism scram 2024-07-23 16:07:32 +08:00
JimMoen ae3b8fe146
test: create jwt authenticator with bad public key 2024-07-08 16:52:18 +08:00
zhongwencool 059baf9ea5 test: add authz test case 2024-07-03 09:49:13 +08:00
Thales Macedo Garitezi f64bd313aa
Merge pull request #13263 from thalesmg/mix-umbrella-m-20240612 
perf: "mixify" project to improve release speed (part 1)
 2024-07-02 11:36:09 -03:00
zhongwencool 4d912516c8 fix: don't override authn users when import_user from authn.boostrap_file 2024-07-02 21:18:37 +08:00
Thales Macedo Garitezi 19f3b030f9 chore: preparing to run common tests / eunit with mix 2024-07-02 09:45:45 -03:00
zmstone 2771a10d39 test: fix a flaky one 2024-05-27 20:59:50 +02:00
zmstone 01923147a2 fix(variform and authz): do not initialize empty client_attrs field 
when client_attrs_init expression renders to empty string,
do not initialize the attribute.

also fixed an ACL error: a template render failure for a topic
would stop the ACL checks for the following topics if more
than one topic is configured.
 2024-04-25 17:32:07 +02:00
zmstone ab763fe665 test: fix test case flakyness 2024-04-18 09:32:05 +02:00
zmstone b76b6fbe63 feat(variform): initialize client_attrs with variform 
Moved regular expression extraction as a variform function.
 2024-04-14 10:13:24 +02:00
zmstone da5b01aa46 refactor(client_attr): allow more than one initial extraction 2024-04-13 01:00:25 +02:00
zmstone 2fd0a2cd4d feat: support extracting initial client attrs from clientinfo 2024-03-23 10:16:02 +01:00
zmstone 9ec99fef4a feat: allow client_attr used in authz rules 2024-03-23 10:16:02 +01:00
Zaiming (Stone) Shi 46877e979b chore: update copyright-year 2024-02-23 08:21:06 +01:00
JimMoen ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration' 2024-02-18 02:32:25 +08:00
Serge Tupchii 7272ef25d4 feat(emqx_auth): implement API to re-order all authenticators/authz sources 
Fixes: EMQX-11770
 2024-02-14 14:35:46 +02:00
Ilya Averyanov 90fd2b26d3 feat(banned): allow ban by clientid/username regexps, peerhost cidrs 2024-02-10 17:59:22 +03:00
JianBo He aedfc8e8c0 fix(user_import): ensure the last record overwrites previous one 2024-01-30 14:14:20 +08:00
JianBo He 8fc8106819 test: cover password_type and new data format 2024-01-29 10:49:07 +08:00
Zaiming (Stone) Shi 9e8a67fd68 feat: support authz cache exclusion config 
now one can configure a list of topic-filters to avoid
caching ACL check results

for example

authorization.cache.excludes = ["nocache/#"]

this means ACL check results for topics having 'nocache/' prefix
will not be cached
 2024-01-10 13:52:00 +01:00
Zaiming (Stone) Shi a9963e043b refactor(authz): improve logging 
Move authz result logging to common place.

Prior to this change, the final result is not logged when
fallback to the default authorization.no_match config value.

Aso, if the result is provided by a hook callback,
it's also not logged.

After this change, only the final result is logged.
The authz chain resutls can be traced (or logged at debug level).
 2023-12-17 22:32:26 +01:00
Stefan Strigler 8ba116d378 fix(emqx_auth): check authenticator exists in /authenticator/:id/users 2023-11-23 16:15:03 +01:00
Zaiming (Stone) Shi d9f964a44f test: fix test cases after schema type namespace change 2023-11-22 16:58:05 +01:00
Zaiming (Stone) Shi f1de0aa176 fix(schema): add namespace to authn schemas 2023-11-10 13:41:51 +01:00
Zaiming (Stone) Shi 86110824eb feat: upgrade hocon to 0.40.0 which supports union type display name 2023-11-10 13:41:51 +01:00
Zaiming (Stone) Shi b24b66081a refactor(authn/authz_http_schema): use typerefl alias 2023-11-10 13:41:51 +01:00
Andrew Mayorov 910e81bc41
Merge pull request #10442 from keynslug/ft/EMQX-9257/placeholder 
feat(tpl): split `emqx_placeholder` into a couple of modules
 2023-11-02 22:50:05 +07:00
Andrew Mayorov 8e4585d64f
chore: move template modules to `emqx_utils` 
Even though most of the time these modules will be used by
connectors, there are exceptions (namely, `emqx_rule_engine`).
Besides, they are general enough to land there, more so given
that `emqx_placeholder` is already there.
 2023-11-02 17:11:12 +07:00
Andrew Mayorov 49f5325c67
feat(tpl): unify validations / errors var representations 2023-11-02 17:11:10 +07:00
Andrew Mayorov 0538a77700
feat(tpl): use `emqx_connector_template` in `emqx_authn`, `emqx_authz` 
This slightly changes semantics: now the attempt to create authenticator
with illegal bindings in templates will fail, instead of treating them
as literals. The runtime behaviour on the other hand should be the same.
 2023-11-02 17:11:10 +07:00
Ilya Averyanov edde661da3 fix(authn): fix pbkdf2 option validation 2023-10-23 10:26:11 +03:00
Ilya Averyanov 6354f3b04f feat(authn): allow authn providers to define a separate schama for API 2023-10-17 13:19:11 +03:00
Ilya Averyanov 03ae5bf3c8 chore(auth): cleanup code 2023-10-11 13:13:50 +03:00
Ilya Averyanov 5dff36474d chore(auth): get rid of hardcoded schema modules in auth 2023-10-05 13:41:50 +03:00
Ilya Averyanov c2c56ba481 chore(auth): update tests 2023-10-05 13:41:50 +03:00
Ilya Averyanov 1eb75b43c4 chore(auth): split emqx_authn and emqx_authz apps 2023-10-05 13:41:50 +03:00