Startsida Utforska Hjälp
Logga in
kennyh
/
emqx4.3
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

chore(authn): rename superuser to is_superuser

zhouzb 4 år sedan
förälder
be38bcc5cc
incheckning
8531e9ce11
19 ändrade filer med 82 tillägg och 82 borttagningar
Delad Vy Visa Diff Statistik
  1. 2 2
      apps/emqx/src/emqx_access_control.erl
  2. 1 1
      apps/emqx/src/emqx_authentication.erl
  3. 3 3
      apps/emqx/src/emqx_channel.erl
  4. 3 3
      apps/emqx/test/emqx_authentication_SUITE.erl
  5. 1 1
      apps/emqx/test/emqx_channel_SUITE.erl
  6. 1 1
      apps/emqx_authn/data/user-credentials.csv
  7. 2 2
      apps/emqx_authn/data/user-credentials.json
  8. 9 9
      apps/emqx_authn/src/emqx_authn_api.erl
  9. 12 12
      apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
  10. 3 3
      apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
  11. 1 1
      apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
  12. 17 17
      apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
  13. 3 3
      apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
  14. 1 1
      apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
  15. 1 1
      apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
  16. 1 1
      apps/emqx_authn/test/data/user-credentials.csv
  17. 2 2
      apps/emqx_authn/test/data/user-credentials.json
  18. 9 9
      apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
  19. 10 10
      apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl

+ 2 - 2
apps/emqx/src/emqx_access_control.erl
Visa fil 

@@ -29,9 +29,9 @@
 
 -spec(authenticate(emqx_types:clientinfo()) ->
 
     {ok, map()} | {ok, map(), binary()} | {continue, map()} | {continue, binary(), map()} | {error, term()}).
 
 authenticate(Credential) ->
 
-    case run_hooks('client.authenticate', [Credential], {ok, #{superuser => false}}) of
 
+    case run_hooks('client.authenticate', [Credential], {ok, #{is_superuser => false}}) of
 
         ok ->
 
-            {ok, #{superuser => false}};
 
+            {ok, #{is_superuser => false}};
 
         Other ->
 
             Other
 
     end.

+ 1 - 1
apps/emqx/src/emqx_authentication.erl
Visa fil 

@@ -80,7 +80,7 @@
 
 
 -type config() :: #{atom() => term()}.
 
 -type state() :: #{atom() => term()}.
 
--type extra() :: #{superuser := boolean(),
 
+-type extra() :: #{is_superuser := boolean(),
 
                    atom() => term()}.
 
 -type user_info() :: #{user_id := binary(),
 
                        atom() => term()}.

+ 3 - 3
apps/emqx/src/emqx_channel.erl
Visa fil 

@@ -1303,11 +1303,11 @@ do_authenticate(#{auth_method := AuthMethod} = Credential, #channel{clientinfo =
 
     case emqx_access_control:authenticate(Credential) of
 
         {ok, Result} ->
 
             {ok, Properties,
 
-             Channel#channel{clientinfo = ClientInfo#{is_superuser => maps:get(superuser, Result, false)},
 
+             Channel#channel{clientinfo = ClientInfo#{is_superuser => maps:get(is_superuser, Result, false)},
 
                              auth_cache = #{}}};
 
         {ok, Result, AuthData} ->
 
             {ok, Properties#{'Authentication-Data' => AuthData},
 
-             Channel#channel{clientinfo = ClientInfo#{is_superuser => maps:get(superuser, Result, false)},
 
+             Channel#channel{clientinfo = ClientInfo#{is_superuser => maps:get(is_superuser, Result, false)},
 
                              auth_cache = #{}}};
 
         {continue, AuthCache} ->
 
             {continue, Properties, Channel#channel{auth_cache = AuthCache}};
 
@@ -1320,7 +1320,7 @@ do_authenticate(#{auth_method := AuthMethod} = Credential, #channel{clientinfo =
 
 
 do_authenticate(Credential, #channel{clientinfo = ClientInfo} = Channel) ->
 
     case emqx_access_control:authenticate(Credential) of
 
-        {ok, #{superuser := Superuser}} ->
 
+        {ok, #{is_superuser := Superuser}} ->
 
             {ok, #{}, Channel#channel{clientinfo = ClientInfo#{is_superuser => Superuser}}};
 
         {error, Reason} ->
 
             {error, emqx_reason_codes:connack_error(Reason)}

+ 3 - 3
apps/emqx/test/emqx_authentication_SUITE.erl
Visa fil 

@@ -73,7 +73,7 @@ update(_Config, _State) ->
 
     {ok, #{mark => 2}}.
 
 
 authenticate(#{username := <<"good">>}, _State) ->
 
-    {ok, #{superuser => true}};
 
+    {ok, #{is_superuser => true}};
 
 authenticate(#{username := _}, _State) ->
 
     {error, bad_username_or_password}.
 
 
@@ -161,7 +161,7 @@ t_authenticate(_) ->
 
                    protocol => mqtt,
 
                    username => <<"good">>,
 
 			       password => <<"any">>},
 
-    ?assertEqual({ok, #{superuser => false}}, emqx_access_control:authenticate(ClientInfo)),
 
+    ?assertEqual({ok, #{is_superuser => false}}, emqx_access_control:authenticate(ClientInfo)),
 
 
     AuthNType = {'password-based', 'built-in-database'},
 
     ?AUTHN:add_provider(AuthNType, ?MODULE),
 
@@ -171,7 +171,7 @@ t_authenticate(_) ->
 
                             enable => true},
 
     ?AUTHN:create_chain(ListenerID),
 
     ?assertMatch({ok, _}, ?AUTHN:create_authenticator(ListenerID, AuthenticatorConfig)),
 
-    ?assertEqual({ok, #{superuser => true}}, emqx_access_control:authenticate(ClientInfo)),
 
+    ?assertEqual({ok, #{is_superuser => true}}, emqx_access_control:authenticate(ClientInfo)),
 
     ?assertEqual({error, bad_username_or_password}, emqx_access_control:authenticate(ClientInfo#{username => <<"bad">>})),
 
 
     ?AUTHN:delete_chain(ListenerID),

+ 1 - 1
apps/emqx/test/emqx_channel_SUITE.erl
Visa fil 

@@ -144,7 +144,7 @@ init_per_suite(Config) ->
 
     %% Access Control Meck
 
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
 
     ok = meck:expect(emqx_access_control, authenticate,
 
-                     fun(_) -> {ok, #{superuser => false}} end),
 
+                     fun(_) -> {ok, #{is_superuser => false}} end),
 
     ok = meck:expect(emqx_access_control, authorize, fun(_, _, _) -> allow end),
 
     %% Broker Meck
 
     ok = meck:new(emqx_broker, [passthrough, no_history, no_link]),

+ 1 - 1
apps/emqx_authn/data/user-credentials.csv
Visa fil 

@@ -1,3 +1,3 @@
 
-user_id,password_hash,salt,superuser
 
+user_id,password_hash,salt,is_superuser
 
 myuser3,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true
 
 myuser4,ee68c985a69208b6eda8c6c9b4c7c2d2b15ee2352cdd64a903171710a99182e8,ad773b5be9dd0613fe6c2f4d8c403139,false

+ 2 - 2
apps/emqx_authn/data/user-credentials.json
Visa fil 

@@ -3,12 +3,12 @@
 
         "user_id":"myuser1",
 
         "password_hash":"c5e46903df45e5dc096dc74657610dbee8deaacae656df88a1788f1847390242",
 
         "salt": "e378187547bf2d6f0545a3f441aa4d8a",
 
-        "superuser": true
 
+        "is_superuser": true
 
     },
 
     {
 
         "user_id":"myuser2",
 
         "password_hash":"f4d17f300b11e522fd33f497c11b126ef1ea5149c74d2220f9a16dc876d4567b",
 
         "salt": "6d3f9bd5b54d94b98adbcfe10b6d181f",
 
-        "superuser": false
 
+        "is_superuser": false
 
     }
 
 ]

+ 9 - 9
apps/emqx_authn/src/emqx_authn_api.erl
Visa fil 

@@ -765,7 +765,7 @@ create_user_api_spec() ->
 
                             password => #{
 
                                 type => string
 
                             },
 
-                            superuser => #{
 
+                            is_superuser => #{
 
                                 type => boolean,
 
                                 default => false
 
                             }
 
@@ -785,7 +785,7 @@ create_user_api_spec() ->
 
                                 user_id => #{
 
                                     type => string
 
                                 },
 
-                                superuser => #{
 
+                                is_superuser => #{
 
                                     type => boolean
 
                                 }
 
                             }
 
@@ -850,7 +850,7 @@ list_users_api_spec() ->
 
                                     user_id => #{
 
                                         type => string
 
                                     },
 
-                                    superuser => #{
 
+                                    is_superuser => #{
 
                                         type => boolean
 
                                     }
 
                                 }
 
@@ -920,7 +920,7 @@ update_user_api_spec() ->
 
                             password => #{
 
                                 type => string
 
                             },
 
-                            superuser => #{
 
+                            is_superuser => #{
 
                                 type => boolean
 
                             }
 
                         }
 
@@ -941,7 +941,7 @@ update_user_api_spec() ->
 
                                     user_id => #{
 
                                         type => string
 
                                     },
 
-                                    superuser => #{
 
+                                    is_superuser => #{
 
                                         type => boolean
 
                                     }
 
                                 }
 
@@ -1025,7 +1025,7 @@ find_user_api_spec() ->
 
                                     user_id => #{
 
                                         type => string
 
                                     },
 
-                                    superuser => #{
 
+                                    is_superuser => #{
 
                                         type => boolean
 
                                     }
 
                                 }
 
@@ -1882,10 +1882,10 @@ move_authenitcator(ConfKeyPath, ChainName0, AuthenticatorID, Position) ->
 
 
 add_user(ChainName0, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
 
     ChainName = to_atom(ChainName0),
 
-    Superuser = maps:get(<<"superuser">>, UserInfo, false),
 
+    Superuser = maps:get(<<"is_superuser">>, UserInfo, false),
 
     case ?AUTHN:add_user(ChainName, AuthenticatorID, #{ user_id => UserID
 
                                                       , password => Password
 
-                                                      , superuser => Superuser}) of
 
+                                                      , is_superuser => Superuser}) of
 
         {ok, User} ->
 
             {201, User};
 
         {error, Reason} ->
 
@@ -1898,7 +1898,7 @@ add_user(_, _, _) ->
 
 
 update_user(ChainName0, AuthenticatorID, UserID, UserInfo) ->
 
     ChainName = to_atom(ChainName0),
 
-    case maps:with([<<"password">>, <<"superuser">>], UserInfo) =:= #{} of
 
+    case maps:with([<<"password">>, <<"is_superuser">>], UserInfo) =:= #{} of
 
         true ->
 
             serialize_error({missing_parameter, password});
 
         false ->

+ 12 - 12
apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
Visa fil 

@@ -53,7 +53,7 @@
 
         , stored_key
 
         , server_key
 
         , salt
 
-        , superuser
 
+        , is_superuser
 
         }).
 
 
 %%------------------------------------------------------------------------------
 
@@ -147,9 +147,9 @@ add_user(#{user_id := UserID,
 
         fun() ->
 
             case mnesia:read(?TAB, {UserGroup, UserID}, write) of
 
                 [] ->
 
-                    Superuser = maps:get(superuser, UserInfo, false),
 
+                    Superuser = maps:get(is_superuser, UserInfo, false),
 
                     add_user(UserID, Password, Superuser, State),
 
-                    {ok, #{user_id => UserID, superuser => Superuser}};
 
+                    {ok, #{user_id => UserID, is_superuser => Superuser}};
 
                 [_] ->
 
                     {error, already_exist}
 
             end
 
@@ -173,8 +173,8 @@ update_user(UserID, User,
 
             case mnesia:read(?TAB, {UserGroup, UserID}, write) of
 
                 [] ->
 
                     {error, not_found};
 
-                [#user_info{superuser = Superuser} = UserInfo] ->
 
-                    UserInfo1 = UserInfo#user_info{superuser = maps:get(superuser, User, Superuser)},
 
+                [#user_info{is_superuser = Superuser} = UserInfo] ->
 
+                    UserInfo1 = UserInfo#user_info{is_superuser = maps:get(is_superuser, User, Superuser)},
 
                     UserInfo2 = case maps:get(password, User, undefined) of
 
                                     undefined ->
 
                                         UserInfo1;
 
@@ -229,13 +229,13 @@ check_client_first_message(Bin, _Cache, #{iteration_count := IterationCount} = S
 
             {error, not_authorized}
 
     end.
 
 
-check_client_final_message(Bin, #{superuser := Superuser} = Cache, #{algorithm := Alg}) ->
 
+check_client_final_message(Bin, #{is_superuser := Superuser} = Cache, #{algorithm := Alg}) ->
 
     case esasl_scram:check_client_final_message(
 
              Bin,
 
              Cache#{algorithm => Alg}
 
          ) of
 
         {ok, ServerFinalMessage} ->
 
-            {ok, #{superuser => Superuser}, ServerFinalMessage};
 
+            {ok, #{is_superuser => Superuser}, ServerFinalMessage};
 
         {error, _Reason} ->
 
             {error, not_authorized}
 
     end.
 
@@ -246,7 +246,7 @@ add_user(UserID, Password, Superuser, State) ->
 
                           stored_key = StoredKey,
 
                           server_key = ServerKey,
 
                           salt       = Salt,
 
-                          superuser  = Superuser},
 
+                          is_superuser  = Superuser},
 
     mnesia:write(?TAB, UserInfo, write).
 
 
 retrieve(UserID, #{user_group := UserGroup}) ->
 
@@ -254,11 +254,11 @@ retrieve(UserID, #{user_group := UserGroup}) ->
 
         [#user_info{stored_key = StoredKey,
 
                     server_key = ServerKey,
 
                     salt       = Salt,
 
-                    superuser  = Superuser}] ->
 
+                    is_superuser  = Superuser}] ->
 
             {ok, #{stored_key => StoredKey,
 
                    server_key => ServerKey,
 
                    salt => Salt,
 
-                   superuser => Superuser}};
 
+                   is_superuser => Superuser}};
 
         [] ->
 
             {error, not_found}
 
     end.
 
@@ -273,5 +273,5 @@ trans(Fun, Args) ->
 
         {aborted, Reason} -> {error, Reason}
 
     end.
 
 
-serialize_user_info(#user_info{user_id = {_, UserID}, superuser = Superuser}) ->
 
-    #{user_id => UserID, superuser => Superuser}.
 
+serialize_user_info(#user_info{user_id = {_, UserID}, is_superuser = Superuser}) ->
 
+    #{user_id => UserID, is_superuser => Superuser}.

+ 3 - 3
apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
Visa fil 

@@ -161,16 +161,16 @@ authenticate(Credential, #{'_unique' := Unique,
 
     try
 
         Request = generate_request(Credential, State),
 
         case emqx_resource:query(Unique, {Method, Request, RequestTimeout}) of
 
-            {ok, 204, _Headers} -> {ok, #{superuser => false}};
 
+            {ok, 204, _Headers} -> {ok, #{is_superuser => false}};
 
             {ok, 200, Headers, Body} ->
 
                 ContentType = proplists:get_value(<<"content-type">>, Headers, <<"application/json">>),
 
                 case safely_parse_body(ContentType, Body) of
 
                     {ok, NBody} ->
 
                         %% TODO: Return by user property
 
-                        {ok, #{superuser => maps:get(<<"superuser">>, NBody, false),
 
+                        {ok, #{is_superuser => maps:get(<<"is_superuser">>, NBody, false),
 
                                user_property => NBody}};
 
                     {error, _Reason} ->
 
-                        {ok, #{superuser => false}}
 
+                        {ok, #{is_superuser => false}}
 
                 end;
 
             {error, _Reason} ->
 
                 ignore

+ 1 - 1
apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
Visa fil 

@@ -249,7 +249,7 @@ verify(JWS, [JWK | More], VerifyClaims) ->
 
             Claims = emqx_json:decode(Payload, [return_maps]),
 
             case verify_claims(Claims, VerifyClaims) of
 
                 ok ->
 
-                    {ok, #{superuser => maps:get(<<"superuser">>, Claims, false)}};
 
+                    {ok, #{is_superuser => maps:get(<<"is_superuser">>, Claims, false)}};
 
                 {error, Reason} ->
 
                     {error, Reason}
 
             end;

+ 17 - 17
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
Visa fil 

@@ -51,7 +51,7 @@
 
         { user_id :: {user_group(), user_id()}
 
         , password_hash :: binary()
 
         , salt :: binary()
 
-        , superuser :: boolean()
 
+        , is_superuser :: boolean()
 
         }).
 
 
 -reflect_type([ user_id_type/0 ]).
 
@@ -158,13 +158,13 @@ authenticate(#{password := Password} = Credential,
 
     case mnesia:dirty_read(?TAB, {UserGroup, UserID}) of
 
         [] ->
 
             ignore;
 
-        [#user_info{password_hash = PasswordHash, salt = Salt0, superuser = Superuser}] ->
 
+        [#user_info{password_hash = PasswordHash, salt = Salt0, is_superuser = Superuser}] ->
 
             Salt = case Algorithm of
 
                        bcrypt -> PasswordHash;
 
                        _ -> Salt0
 
                    end,
 
             case PasswordHash =:= hash(Algorithm, Password, Salt) of
 
-                true -> {ok, #{superuser => Superuser}};
 
+                true -> {ok, #{is_superuser => Superuser}};
 
                 false -> {error, bad_username_or_password}
 
             end
 
     end.
 
@@ -197,9 +197,9 @@ add_user(#{user_id := UserID,
 
             case mnesia:read(?TAB, {UserGroup, UserID}, write) of
 
                 [] ->
 
                     {PasswordHash, Salt} = hash(Password, State),
 
-                    Superuser = maps:get(superuser, UserInfo, false),
 
+                    Superuser = maps:get(is_superuser, UserInfo, false),
 
                     insert_user(UserGroup, UserID, PasswordHash, Salt, Superuser),
 
-                    {ok, #{user_id => UserID, superuser => Superuser}};
 
+                    {ok, #{user_id => UserID, is_superuser => Superuser}};
 
                 [_] ->
 
                     {error, already_exist}
 
             end
 
@@ -225,8 +225,8 @@ update_user(UserID, UserInfo,
 
                     {error, not_found};
 
                 [#user_info{ password_hash = PasswordHash
 
                            , salt = Salt
 
-                           , superuser = Superuser}] ->
 
-                    NSuperuser = maps:get(superuser, UserInfo, Superuser),
 
+                           , is_superuser = Superuser}] ->
 
+                    NSuperuser = maps:get(is_superuser, UserInfo, Superuser),
 
                     {NPasswordHash, NSalt} = case maps:get(password, UserInfo, undefined) of
 
                                                  undefined ->
 
                                                      {PasswordHash, Salt};
 
@@ -234,7 +234,7 @@ update_user(UserID, UserInfo,
 
                                                      hash(Password, State)
 
                                              end,
 
                     insert_user(UserGroup, UserID, NPasswordHash, NSalt, NSuperuser),
 
-                    {ok, #{user_id => UserID, superuser => NSuperuser}}
 
+                    {ok, #{user_id => UserID, is_superuser => NSuperuser}}
 
             end
 
         end).
 
 
@@ -290,7 +290,7 @@ import(UserGroup, [#{<<"user_id">> := UserID,
 
                      <<"password_hash">> := PasswordHash} = UserInfo | More])
 
   when is_binary(UserID) andalso is_binary(PasswordHash) ->
 
     Salt = maps:get(<<"salt">>, UserInfo, <<>>),
 
-    Superuser = maps:get(<<"superuser">>, UserInfo, false),
 
+    Superuser = maps:get(<<"is_superuser">>, UserInfo, false),
 
     insert_user(UserGroup, UserID, PasswordHash, Salt, Superuser),
 
     import(UserGroup, More);
 
 import(_UserGroup, [_ | _More]) ->
 
@@ -305,7 +305,7 @@ import(UserGroup, File, Seq) ->
 
                 {ok, #{user_id := UserID,
 
                        password_hash := PasswordHash} = UserInfo} ->
 
                     Salt = maps:get(salt, UserInfo, <<>>),
 
-                    Superuser = maps:get(superuser, UserInfo, false),
 
+                    Superuser = maps:get(is_superuser, UserInfo, false),
 
                     insert_user(UserGroup, UserID, PasswordHash, Salt, Superuser),
 
                     import(UserGroup, File, Seq);
 
                 {error, Reason} ->
 
@@ -341,10 +341,10 @@ get_user_info_by_seq([PasswordHash | More1], [<<"password_hash">> | More2], Acc)
 
     get_user_info_by_seq(More1, More2, Acc#{password_hash => PasswordHash});
 
 get_user_info_by_seq([Salt | More1], [<<"salt">> | More2], Acc) ->
 
     get_user_info_by_seq(More1, More2, Acc#{salt => Salt});
 
-get_user_info_by_seq([<<"true">> | More1], [<<"superuser">> | More2], Acc) ->
 
-    get_user_info_by_seq(More1, More2, Acc#{superuser => true});
 
-get_user_info_by_seq([<<"false">> | More1], [<<"superuser">> | More2], Acc) ->
 
-    get_user_info_by_seq(More1, More2, Acc#{superuser => false});
 
+get_user_info_by_seq([<<"true">> | More1], [<<"is_superuser">> | More2], Acc) ->
 
+    get_user_info_by_seq(More1, More2, Acc#{is_superuser => true});
 
+get_user_info_by_seq([<<"false">> | More1], [<<"is_superuser">> | More2], Acc) ->
 
+    get_user_info_by_seq(More1, More2, Acc#{is_superuser => false});
 
 get_user_info_by_seq(_, _, _) ->
 
     {error, bad_format}.
 
 
@@ -372,7 +372,7 @@ insert_user(UserGroup, UserID, PasswordHash, Salt, Superuser) ->
 
      UserInfo = #user_info{user_id = {UserGroup, UserID},
 
                            password_hash = PasswordHash,
 
                            salt = Salt,
 
-                           superuser = Superuser},
 
+                           is_superuser = Superuser},
 
     mnesia:write(?TAB, UserInfo, write).
 
 
 delete_user2(UserInfo) ->
 
@@ -400,5 +400,5 @@ to_binary(B) when is_binary(B) ->
 
 to_binary(L) when is_list(L) ->
 
     iolist_to_binary(L).
 
 
-serialize_user_info(#user_info{user_id = {_, UserID}, superuser = Superuser}) ->
 
-    #{user_id => UserID, superuser => Superuser}.
 
+serialize_user_info(#user_info{user_id = {_, UserID}, is_superuser = Superuser}) ->
 
+    #{user_id => UserID, is_superuser => Superuser}.

+ 3 - 3
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
Visa fil 

@@ -149,7 +149,7 @@ authenticate(#{password := Password} = Credential,
 
             Doc ->
 
                 case check_password(Password, Doc, State) of
 
                     ok ->
 
-                        {ok, #{superuser => superuser(Doc, State)}};
 
+                        {ok, #{is_superuser => is_superuser(Doc, State)}};
 
                     {error, {cannot_find_password_hash_field, PasswordHashField}} ->
 
                         ?LOG(error, "['~s'] Can't find password hash field: ~s", [Unique, PasswordHashField]),
 
                         {error, bad_username_or_password};
 
@@ -230,9 +230,9 @@ check_password(Password,
 
             end
 
     end.
 
 
-superuser(Doc, #{superuser_field := SuperuserField}) ->
 
+is_superuser(Doc, #{superuser_field := SuperuserField}) ->
 
     maps:get(SuperuserField, Doc, false);
 
-superuser(_, _) ->
 
+is_superuser(_, _) ->
 
     false.
 
 
 hash(Algorithm, Password, Salt, prefix) ->

+ 1 - 1
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
Visa fil 

@@ -123,7 +123,7 @@ authenticate(#{password := Password} = Credential,
 
                 Selected = maps:from_list(lists:zip(Columns, Rows)),
 
                 case check_password(Password, Selected, State) of
 
                     ok ->
 
-                        {ok, #{superuser => maps:get(<<"superuser">>, Selected, false)}};
 
+                        {ok, #{is_superuser => maps:get(<<"is_superuser">>, Selected, false)}};
 
                     {error, Reason} ->
 
                         {error, Reason}
 
                 end;

+ 1 - 1
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
Visa fil 

@@ -113,7 +113,7 @@ authenticate(#{password := Password} = Credential,
 
                 Selected = maps:from_list(lists:zip(NColumns, Rows)),
 
                 case check_password(Password, Selected, State) of
 
                     ok ->
 
-                        {ok, #{superuser => maps:get(<<"superuser">>, Selected, false)}};
 
+                        {ok, #{is_superuser => maps:get(<<"is_superuser">>, Selected, false)}};
 
                     {error, Reason} ->
 
                         {error, Reason}
 
                 end;

+ 1 - 1
apps/emqx_authn/test/data/user-credentials.csv
Visa fil 

@@ -1,3 +1,3 @@
 
-user_id,password_hash,salt,superuser
 
+user_id,password_hash,salt,is_superuser
 
 myuser3,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true
 
 myuser4,ee68c985a69208b6eda8c6c9b4c7c2d2b15ee2352cdd64a903171710a99182e8,ad773b5be9dd0613fe6c2f4d8c403139,false

+ 2 - 2
apps/emqx_authn/test/data/user-credentials.json
Visa fil 

@@ -3,12 +3,12 @@
 
         "user_id":"myuser1",
 
         "password_hash":"c5e46903df45e5dc096dc74657610dbee8deaacae656df88a1788f1847390242",
 
         "salt": "e378187547bf2d6f0545a3f441aa4d8a",
 
-        "superuser": true
 
+        "is_superuser": true
 
     },
 
     {
 
         "user_id":"myuser2",
 
         "password_hash":"f4d17f300b11e522fd33f497c11b126ef1ea5149c74d2220f9a16dc876d4567b",
 
         "salt": "6d3f9bd5b54d94b98adbcfe10b6d181f",
 
-        "superuser": false
 
+        "is_superuser": false
 
     }
 
 ]

+ 9 - 9
apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
Visa fil 

@@ -52,13 +52,13 @@ all() ->
 
 %     JWS = generate_jws('hmac-based', Payload, <<"abcdef">>),
 
 %     ClientInfo = #{username => <<"myuser">>,
 
 % 			       password => JWS},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
 
-%     Payload1 = #{<<"username">> => <<"myuser">>, <<"superuser">> => true},
 
+%     Payload1 = #{<<"username">> => <<"myuser">>, <<"is_superuser">> => true},
 
 %     JWS1 = generate_jws('hmac-based', Payload1, <<"abcdef">>),
 
 %     ClientInfo1 = #{username => <<"myuser">>,
 
 % 			        password => JWS1},
 
-%     ?assertEqual({stop, {ok, #{superuser => true}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => true}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
 
 %     BadJWS = generate_jws('hmac-based', Payload, <<"bad_secret">>),
 
 %     ClientInfo2 = ClientInfo#{password => BadJWS},
 
@@ -68,11 +68,11 @@ all() ->
 
 %     Config2 = Config#{secret => base64:encode(<<"abcdef">>),
 
 %                       secret_base64_encoded => true},
 
 %     ?assertMatch({ok, _}, ?AUTH:update_authenticator(?CHAIN, ID, Config2)),
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
 
 %     Config3 = Config#{verify_claims => [{<<"username">>, <<"${mqtt-username}">>}]},
 
 %     ?assertMatch({ok, _}, ?AUTH:update_authenticator(?CHAIN, ID, Config3)),
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
 %     ?assertEqual({stop, {error, bad_username_or_password}}, ?AUTH:authenticate(ClientInfo#{username => <<"otheruser">>}, ok)),
 
 
 %     %% Expiration
 
@@ -86,14 +86,14 @@ all() ->
 
 %                 , <<"exp">> => erlang:system_time(second) + 60},
 
 %     JWS4 = generate_jws('hmac-based', Payload4, <<"abcdef">>),
 
 %     ClientInfo4 = ClientInfo#{password => JWS4},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
 
 %     %% Issued At
 
 %     Payload5 = #{ <<"username">> => <<"myuser">>
 
 %                 , <<"iat">> => erlang:system_time(second) - 60},
 
 %     JWS5 = generate_jws('hmac-based', Payload5, <<"abcdef">>),
 
 %     ClientInfo5 = ClientInfo#{password => JWS5},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo5, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo5, ignored)),
 
 
 %     Payload6 = #{ <<"username">> => <<"myuser">>
 
 %                 , <<"iat">> => erlang:system_time(second) + 60},
 
@@ -106,7 +106,7 @@ all() ->
 
 %                 , <<"nbf">> => erlang:system_time(second) - 60},
 
 %     JWS7 = generate_jws('hmac-based', Payload7, <<"abcdef">>),
 
 %     ClientInfo7 = ClientInfo#{password => JWS7},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo7, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo7, ignored)),
 
 
 %     Payload8 = #{ <<"username">> => <<"myuser">>
 
 %                 , <<"nbf">> => erlang:system_time(second) + 60},
 
@@ -134,7 +134,7 @@ all() ->
 
 %     JWS = generate_jws('public-key', Payload, PrivateKey),
 
 %     ClientInfo = #{username => <<"myuser">>,
 
 % 			       password => JWS},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
 %     ?assertEqual({stop, {error, not_authorized}}, ?AUTH:authenticate(ClientInfo#{password => <<"badpassword">>}, ignored)),
 
 
 %     ?assertEqual(ok, ?AUTH:delete_authenticator(?CHAIN, ID)),

+ 10 - 10
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
Visa fil 

@@ -56,9 +56,9 @@ all() ->
 
 %     ClientInfo = #{zone => external,
 
 %                    username => <<"myuser">>,
 
 % 			       password => <<"mypass">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo, ignored)),
 
 %     ?AUTH:enable(),
 
-%     ?assertEqual({ok, #{superuser => false}}, emqx_access_control:authenticate(ClientInfo)),
 
+%     ?assertEqual({ok, #{is_superuser => false}}, emqx_access_control:authenticate(ClientInfo)),
 
 
 %     ClientInfo2 = ClientInfo#{username => <<"baduser">>},
 
 %     ?assertEqual({stop, {error, not_authorized}}, ?AUTH:authenticate(ClientInfo2, ignored)),
 
@@ -71,10 +71,10 @@ all() ->
 
 %     UserInfo2 = UserInfo#{password => <<"mypass2">>},
 
 %     ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:update_user(?CHAIN, ID, <<"myuser">>, UserInfo2)),
 
 %     ClientInfo4 = ClientInfo#{password => <<"mypass2">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
 
-%     ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:update_user(?CHAIN, ID, <<"myuser">>, #{superuser => true})),
 
-%     ?assertEqual({stop, {ok, #{superuser => true}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
+%     ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:update_user(?CHAIN, ID, <<"myuser">>, #{is_superuser => true})),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => true}}}, ?AUTH:authenticate(ClientInfo4, ignored)),
 
 
 %     ?assertEqual(ok, ?AUTH:delete_user(?CHAIN, ID, <<"myuser">>)),
 
 %     ?assertEqual({error, not_found}, ?AUTH:lookup_user(?CHAIN, ID, <<"myuser">>)),
 
@@ -107,15 +107,15 @@ all() ->
 
 
 %     ClientInfo1 = #{username => <<"myuser1">>,
 
 % 			        password => <<"mypassword1">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => true}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => true}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
 
 %     ClientInfo2 = ClientInfo1#{username => <<"myuser2">>,
 
 %                                password => <<"mypassword2">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo2, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo2, ignored)),
 
 
 %     ClientInfo3 = ClientInfo1#{username => <<"myuser3">>,
 
 %                                password => <<"mypassword3">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => true}}}, ?AUTH:authenticate(ClientInfo3, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => true}}}, ?AUTH:authenticate(ClientInfo3, ignored)),
 
 
 %     ?assertEqual(ok, ?AUTH:delete_authenticator(?CHAIN, ID)),
 
 %     ok.
 
@@ -152,12 +152,12 @@ all() ->
 
 %     ClientInfo1 = #{username => <<"myuser">>,
 
 %                     clientid => <<"myclient">>,
 
 % 			        password => <<"mypass1">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
 %     ?assertEqual(ok, ?AUTH:move_authenticator(?CHAIN, ID2, top)),
 
 
 %     ?assertEqual({stop, {error, bad_username_or_password}}, ?AUTH:authenticate(ClientInfo1, ignored)),
 
 %     ClientInfo2 = ClientInfo1#{password => <<"mypass2">>},
 
-%     ?assertEqual({stop, {ok, #{superuser => false}}}, ?AUTH:authenticate(ClientInfo2, ignored)),
 
+%     ?assertEqual({stop, {ok, #{is_superuser => false}}}, ?AUTH:authenticate(ClientInfo2, ignored)),
 
 
 %     ?assertEqual(ok, ?AUTH:delete_authenticator(?CHAIN, ID1)),
 
 %     ?assertEqual(ok, ?AUTH:delete_authenticator(?CHAIN, ID2)),