Support bcrypt

emqx · Apr 11, 2017 · df5b52d · df5b52d
1 parent 9b68067
commit df5b52d
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -37,9 +37,12 @@ auth.mysql.database = mqtt
 ## Authentication Query: select password or password,salt
 auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
 
-## Password hash: plain, md5, sha, sha256, pbkdf2
+## Password hash: plain, md5, sha, sha256, pbkdf2, bcrypt
 auth.mysql.passwd_hash = sha256
 
+## bcrypt with salt only prefix
+## auth.mysql.password_hash = salt bcrypt
+
 ## pbkdf2 with macfun iterations dklen
 ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
 auth.mysql.password_hash = pbkdf2 sha256 1000 20
@@ -71,7 +74,7 @@ CREATE TABLE `mqtt_user` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
   `username` varchar(100) DEFAULT NULL,
   `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(20) DEFAULT NULL,
+  `salt` varchar(35) DEFAULT NULL,
   `is_superuser` tinyint(1) DEFAULT 0,
   `created` datetime DEFAULT NULL,
   PRIMARY KEY (`id`),

diff --git a/etc/emq_auth_mysql.conf b/etc/emq_auth_mysql.conf
@@ -22,12 +22,15 @@ auth.mysql.database = mqtt
 ## Authentication Query: select password or password,salt
 auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
 
-## Password hash: plain, md5, sha, sha256
+## Password hash: plain, md5, sha, sha256 bcrypt
 auth.mysql.password_hash = sha256
 
 ## sha256 with salt prefix
 ## auth.mysql.password_hash = salt sha256
 
+## bcrypt with salt only prefix
+## auth.mysql.password_hash = salt bcrypt
+
 ## sha256 with salt suffix
 ## auth.mysql.password_hash = sha256 salt
 

diff --git a/mqtt.sql b/mqtt.sql
@@ -32,7 +32,7 @@ CREATE TABLE `mqtt_user` (
   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
   `username` varchar(100) DEFAULT NULL,
   `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(20) DEFAULT NULL,
+  `salt` varchar(35) DEFAULT NULL,
   `is_superuser` tinyint(1) DEFAULT 0,
   `created` datetime DEFAULT NULL,
   PRIMARY KEY (`id`),

diff --git a/src/emq_auth_mysql.erl b/src/emq_auth_mysql.erl
@@ -55,6 +55,8 @@ check_pass(PassHash, Password, HashType) ->
     check_pass(PassHash, hash(HashType, Password)).
 check_pass(PassHash, Salt, Password, {pbkdf2, Macfun, Iterations, Dklen}) ->
     check_pass(PassHash,hash(pbkdf2,{Salt,Password, Macfun, Iterations, Dklen}));
+check_pass(PassHash, Salt, Password, {salt, bcrypt}) ->
+    check_pass(PassHash, hash(bcrypt, {Salt, Password}));
 check_pass(PassHash, Salt, Password, {salt, HashType}) ->
     check_pass(PassHash, hash(HashType, <<Salt/binary, Password/binary>>));
 check_pass(PassHash, Salt, Password, {HashType, salt}) ->