Skip to content

Commit

Permalink
EMQX 3.0 UT
Browse files Browse the repository at this point in the history
  • Loading branch information
@terry-xiaoyu
terry-xiaoyu committed Aug 29, 2018
1 parent f2a8ebd commit d9e635c
Show file tree
Hide file tree
Showing 5 changed files with 2,717 additions and 767 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Expand Up @@ -18,7 +18,7 @@ NO_AUTOPATCH = cuttlefish
ERLC_OPTS += +debug_info
ERLC_OPTS += +'{parse_transform, lager_transform}'

TEST_DEPS = emq_auth_username
TEST_DEPS = emqx_auth_username
dep_emqx_auth_username = git https://github.com/emqx/emqx-auth-username emqx30

TEST_ERLC_OPTS += +debug_info
Expand Down
193 changes: 36 additions & 157 deletions test/emqx_auth_pgsql_SUITE.erl
View file
Expand Up @@ -27,9 +27,9 @@
-include_lib("common_test/include/ct.hrl").

%%setp1 init table
-define(DROP_ACL_TABLE, "DROP TABLE IF EXISTS mqtt_acl").
-define(DROP_ACL_TABLE, "DROP TABLE IF EXISTS mqtt_acl_test").

-define(CREATE_ACL_TABLE, "CREATE TABLE mqtt_acl (
-define(CREATE_ACL_TABLE, "CREATE TABLE mqtt_acl_test (
id SERIAL primary key,
allow integer,
ipaddr character varying(60),
Expand All @@ -38,23 +38,23 @@
access integer,
topic character varying(100))").

-define(INIT_ACL, "INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-define(INIT_ACL, "INSERT INTO mqtt_acl_test (id, allow, ipaddr, username, clientid, access, topic)
VALUES
(1,1,'127.0.0.1','u1','c1',1,'t1'),
(2,0,'127.0.0.1','u2','c2',1,'t1'),
(3,1,'10.10.0.110','u1','c1',1,'t1'),
(4,1,'127.0.0.1','u3','c3',3,'t1')").

-define(DROP_AUTH_TABLE, "DROP TABLE IF EXISTS mqtt_user").
-define(DROP_AUTH_TABLE, "DROP TABLE IF EXISTS mqtt_user_test").

-define(CREATE_AUTH_TABLE, "CREATE TABLE mqtt_user (
-define(CREATE_AUTH_TABLE, "CREATE TABLE mqtt_user_test (
id SERIAL primary key,
is_superuser boolean,
username character varying(100),
password character varying(100),
salt character varying(40))").

-define(INIT_AUTH, "INSERT INTO mqtt_user (id, is_superuser, username, password, salt)
-define(INIT_AUTH, "INSERT INTO mqtt_user_test (id, is_superuser, username, password, salt)
VALUES
(1, true, 'plain', 'plain', 'salt'),
(2, false, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),
Expand All @@ -67,8 +67,8 @@
all() ->
[{group, emqx_auth_pgsql_auth},
{group, emqx_auth_pgsql_acl},
{group, emqx_auth_pgsql},
{group, auth_pgsql_config}
{group, emqx_auth_pgsql}
%{group, auth_pgsql_config}
].

groups() ->
Expand Down Expand Up @@ -98,157 +98,38 @@ comment_config(_) ->

check_auth(_) ->
init_auth_(),
Plain = #mqtt_client{client_id = <<"client1">>, username = <<"plain">>},
Md5 = #mqtt_client{client_id = <<"md5">>, username = <<"md5">>},
Sha = #mqtt_client{client_id = <<"sha">>, username = <<"sha">>},
Sha256 = #mqtt_client{client_id = <<"sha256">>, username = <<"sha256">>},
Pbkdf2 = #mqtt_client{client_id = <<"pbkdf2_password">>, username = <<"pbkdf2_password">>},
Bcrypt = #mqtt_client{client_id = <<"bcrypt_foo">>, username = <<"bcrypt_foo">>},
User1 = #mqtt_client{client_id = <<"bcrypt_foo">>, username = <<"user">>},
Plain = #{client_id => <<"client1">>, username => <<"plain">>},
Md5 = #{client_id => <<"md5">>, username => <<"md5">>},
Sha = #{client_id => <<"sha">>, username => <<"sha">>},
Sha256 = #{client_id => <<"sha256">>, username => <<"sha256">>},
Pbkdf2 = #{client_id => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>},
Bcrypt = #{client_id => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>},
User1 = #{client_id => <<"bcrypt_foo">>, username => <<"user">>},
reload([{password_hash, plain}]),
{ok, true} = emqx_access_control:auth(Plain, <<"plain">>),
{ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain, <<"plain">>),
reload([{password_hash, md5}]),
{ok, false} = emqx_access_control:auth(Md5, <<"md5">>),
{ok, #{is_superuser := false}} = emqx_access_control:authenticate(Md5, <<"md5">>),
reload([{password_hash, sha}]),
{ok, false} = emqx_access_control:auth(Sha, <<"sha">>),
{ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha, <<"sha">>),
reload([{password_hash, sha256}]),
{ok, false} = emqx_access_control:auth(Sha256, <<"sha256">>),
{ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha256, <<"sha256">>),
%%pbkdf2 sha
reload([{password_hash, {pbkdf2, sha, 1, 16}}, {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
{ok, false} = emqx_access_control:auth(Pbkdf2, <<"password">>),
reload([{password_hash, {pbkdf2, sha, 1, 16}}, {auth_query, "select password, salt from mqtt_user_test where username = '%u' limit 1"}]),
{ok, #{is_superuser := false}} = emqx_access_control:authenticate(Pbkdf2, <<"password">>),
reload([{password_hash, {salt, bcrypt}}]),
{ok, false} = emqx_access_control:auth(Bcrypt, <<"foo">>),
ok = emqx_access_control:auth(User1, <<"foo">>).
{ok, #{is_superuser := false}} = emqx_access_control:authenticate(Bcrypt, <<"foo">>),
{error, _} = emqx_access_control:authenticate(User1, <<"foo">>).

list_auth(_Config) ->
application:start(emqx_auth_username),
emqx_auth_username:add_user(<<"user1">>, <<"password1">>),
User1 = #mqtt_client{client_id = <<"client1">>, username = <<"user1">>},
ok = emqx_access_control:auth(User1, <<"password1">>),
reload([{password_hash, plain}, {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
Plain = #mqtt_client{client_id = <<"client1">>, username = <<"plain">>},
{ok, true} = emqx_access_control:auth(Plain, <<"plain">>),
User1 = #{client_id => <<"client1">>, username => <<"user1">>},
ok = emqx_access_control:authenticate(User1, <<"password1">>),
reload([{password_hash, plain}, {auth_query, "select password from mqtt_user_test where username = '%u' limit 1"}]),
Plain = #{client_id => <<"client1">>, username => <<"plain">>},
{ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain, <<"plain">>),
application:stop(emqx_auth_username).


init_auth_() ->
{ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?P).

-include_lib("emqx/include/emqx.hrl").

-include_lib("eunit/include/eunit.hrl").

-include_lib("common_test/include/ct.hrl").

%%setp1 init table
-define(DROP_ACL_TABLE, "DROP TABLE IF EXISTS mqtt_acl").

-define(CREATE_ACL_TABLE, "CREATE TABLE mqtt_acl (
id SERIAL primary key,
allow integer,
ipaddr character varying(60),
username character varying(100),
clientid character varying(100),
access integer,
topic character varying(100))").

-define(INIT_ACL, "INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
VALUES
(1,1,'127.0.0.1','u1','c1',1,'t1'),
(2,0,'127.0.0.1','u2','c2',1,'t1'),
(3,1,'10.10.0.110','u1','c1',1,'t1'),
(4,1,'127.0.0.1','u3','c3',3,'t1')").

-define(DROP_AUTH_TABLE, "DROP TABLE IF EXISTS mqtt_user").

-define(CREATE_AUTH_TABLE, "CREATE TABLE mqtt_user (
id SERIAL primary key,
is_superuser boolean,
username character varying(100),
password character varying(100),
salt character varying(40))").

-define(INIT_AUTH, "INSERT INTO mqtt_user (id, is_superuser, username, password, salt)
VALUES
(1, true, 'plain', 'plain', 'salt'),
(2, false, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),
(3, false, 'sha', 'd8f4590320e1343a915b6394170650a8f35d6926', 'salt'),
(4, false, 'sha256', '5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e', 'salt'),
(5, false, 'pbkdf2_password', 'cdedb5281bb2f801565a1122b2563515', 'ATHENA.MIT.EDUraeburn'),
(6, false, 'bcrypt_foo', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.')").


all() ->
[{group, emqx_auth_pgsql_auth},
{group, emqx_auth_pgsql_acl},
{group, emqx_auth_pgsql},
{group, auth_pgsql_config}
].

groups() ->
[{emqx_auth_pgsql_auth, [sequence],
[check_auth, list_auth]},
{emqx_auth_pgsql_acl, [sequence],
[check_acl, acl_super]},
{emqx_auth_pgsql, [sequence],
[comment_config]},
{auth_pgsql_config, [sequence], [server_config]}
].

init_per_suite(Config) ->
DataDir = proplists:get_value(data_dir, Config),
Apps = [start_apps(App, DataDir) || App <- [emqx, emqx_auth_pgsql]],
ct:log("Apps:~p~n", [Apps]),
Config.

end_per_suite(_Config) ->
drop_auth_(),
drop_acl_(),
application:stop(emqx_auth_pgsql),
application:stop(emqx).

comment_config(_) ->
application:stop(?APP),
[application:unset_env(?APP, Par) || Par <- [acl_query, auth_query]],
application:start(?APP),
?assertEqual([], emqx_access_control:lookup_mods(auth)),
?assertEqual([], emqx_access_control:lookup_mods(acl)).

check_auth(_) ->
init_auth_(),
Plain = #mqtt_client{client_id = <<"client1">>, username = <<"plain">>},
Md5 = #mqtt_client{client_id = <<"md5">>, username = <<"md5">>},
Sha = #mqtt_client{client_id = <<"sha">>, username = <<"sha">>},
Sha256 = #mqtt_client{client_id = <<"sha256">>, username = <<"sha256">>},
Pbkdf2 = #mqtt_client{client_id = <<"pbkdf2_password">>, username = <<"pbkdf2_password">>},
Bcrypt = #mqtt_client{client_id = <<"bcrypt_foo">>, username = <<"bcrypt_foo">>},
User1 = #mqtt_client{client_id = <<"bcrypt_foo">>, username = <<"user">>},
reload([{password_hash, plain}]),
{ok, true} = emqx_access_control:auth(Plain, <<"plain">>),
reload([{password_hash, md5}]),
{ok, false} = emqx_access_control:auth(Md5, <<"md5">>),
reload([{password_hash, sha}]),
{ok, false} = emqx_access_control:auth(Sha, <<"sha">>),
reload([{password_hash, sha256}]),
{ok, false} = emqx_access_control:auth(Sha256, <<"sha256">>),
%%pbkdf2 sha
reload([{password_hash, {pbkdf2, sha, 1, 16}}, {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
{ok, false} = emqx_access_control:auth(Pbkdf2, <<"password">>),
reload([{password_hash, {salt, bcrypt}}]),
{ok, false} = emqx_access_control:auth(Bcrypt, <<"foo">>),
ok = emqx_access_control:auth(User1, <<"foo">>).

list_auth(_Config) ->
application:start(emqx_auth_username),
emqx_auth_username:add_user(<<"user1">>, <<"password1">>),
User1 = #mqtt_client{client_id = <<"client1">>, username = <<"user1">>},
ok = emqx_access_control:auth(User1, <<"password1">>),
reload([{password_hash, plain}, {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
Plain = #mqtt_client{client_id = <<"client1">>, username = <<"plain">>},
{ok, true} = emqx_access_control:auth(Plain, <<"plain">>),
application:stop(emqx_auth_username).


init_auth_() ->
{ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
{ok, [], []} = epgsql:squery(Pid, ?DROP_AUTH_TABLE),
Expand All @@ -261,32 +142,32 @@ drop_auth_() ->

check_acl(_) ->
init_acl_(),
User1 = #mqtt_client{peername = {{127,0,0,1}, 1}, client_id = <<"c1">>, username = <<"u1">>},
User2 = #mqtt_client{peername = {{127,0,0,1}, 1}, client_id = <<"c2">>, username = <<"u2">>},
User1 = #{zone => external, peername => {{127,0,0,1}, 1}, client_id => <<"c1">>, username => <<"u1">>},
User2 = #{zone => external, peername => {{127,0,0,1}, 1}, client_id => <<"c2">>, username => <<"u2">>},
allow = emqx_access_control:check_acl(User1, subscribe, <<"t1">>),
deny = emqx_access_control:check_acl(User2, subscribe, <<"t1">>),

User3 = #mqtt_client{peername = {{10,10,0,110}, 1}, client_id = <<"c1">>, username = <<"u1">>},
User4 = #mqtt_client{peername = {{10,10,10,110}, 1}, client_id = <<"c1">>, username = <<"u1">>},
User3 = #{zone => external, peername => {{10,10,0,110}, 1}, client_id => <<"c1">>, username => <<"u1">>},
User4 = #{zone => external, peername => {{10,10,10,110}, 1}, client_id => <<"c1">>, username => <<"u1">>},
allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
allow = emqx_access_control:check_acl(User3, subscribe, <<"t2">>),%% nomatch -> ignore -> emqttd acl
allow = emqx_access_control:check_acl(User4, subscribe, <<"t1">>),%% nomatch -> ignore -> emqttd acl

User5 = #mqtt_client{peername = {{127,0,0,1}, 1}, client_id = <<"c3">>, username = <<"u3">>},
User5 = #{zone => external, peername => {{127,0,0,1}, 1}, client_id => <<"c3">>, username => <<"u3">>},
allow = emqx_access_control:check_acl(User5, subscribe, <<"t1">>),
allow = emqx_access_control:check_acl(User5, publish, <<"t1">>).

acl_super(_Config) ->
reload([{password_hash, plain}]),
{ok, C} = emqx_client:start_link([{host, "localhost"}, {client_id, <<"simpleClient">>},
{ok, C, _} = emqx_client:start_link([{host, "localhost"}, {client_id, <<"simpleClient">>},
{username, <<"plain">>}, {password, <<"plain">>}]),
timer:sleep(10),
emqx_client:subscribe(C, <<"TopicA">>, qos2),
emqx_client:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
timer:sleep(1000),
receive
{publish, Topic, Payload} ->
{publish, _Topic, Payload} ->
?assertEqual(<<"Payload">>, Payload)
after
1000 ->
Expand Down Expand Up @@ -324,7 +205,7 @@ server_config(_) ->
?assertEqual({salt,sha256}, Hash).

set_cmd(Key) ->
emqx_cli_config:run(["config", "set", string:join(["auth.pgsql", Key], "."), "--app=emqx_auth_pgsql"]).
emqx_cli_config:run(["config", "set", string:join(["authenticate.pgsql", Key], "."), "--app=emqx_auth_pgsql"]).

init_acl_() ->
{ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
Expand All @@ -348,5 +229,3 @@ reload(Config) when is_list(Config) ->
application:stop(?APP),
[application:set_env(?APP, K, V) || {K, V} <- Config],
application:start(?APP).


0 comments on commit d9e635c

Please sign in to comment.