3 lat temu · d7c21020f6
--- a/apps/emqx_authn/src/emqx_authn_utils.erl
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@@ -72,13 +72,18 @@ start_resource_if_enabled(Result, _ResourceId, _Config) ->
 
				 
			
 
				 check_password_from_selected_map(_Algorithm, _Selected, undefined) ->
			
 
				     {error, bad_username_or_password};
			
 
				-check_password_from_selected_map(
			
 
				-    Algorithm, #{<<"password_hash">> := Hash} = Selected, Password
			
 
				-) ->
			
 
				-    Salt = maps:get(<<"salt">>, Selected, <<>>),
			
 
				-    case emqx_authn_password_hashing:check_password(Algorithm, Salt, Hash, Password) of
			
 
				-        true -> ok;
			
 
				-        false -> {error, bad_username_or_password}
			
 
				+check_password_from_selected_map(Algorithm, Selected, Password) ->
			
 
				+    Hash = maps:get(<<"password_hash">>, Selected,
			
 
				+                    maps:get(<<"password">>>, Selected, undefined)),
			
 
				+    case Hash of
			
 
				+        undefined -> {error, bad_username_or_password};
			
 
				+        _ ->
			
 
				+            Salt = maps:get(<<"salt">>, Selected, <<>>),
			
 
				+            case emqx_authn_password_hashing:check_password(
			
 
				+                   Algorithm, Salt, Hash, Password) of
			
 
				+                true -> ok;
			
 
				+                false -> {error, bad_username_or_password}
			
 
				+            end
			
 
				     end.
			
 
				 
			
 
				 parse_deep(Template) ->
			
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@@ -453,6 +453,28 @@ user_seeds() ->
 
				                 <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
			
 
				             },
			
 
				             result => {error, bad_username_or_password}
			
 
				+        },
			
 
				+
			
 
				+        #{
			
 
				+            data => #{
			
 
				+                password =>
			
 
				+                    <<"a3c7f6b085c3e5897ffb9b86f18a9d905063f8550a74444b5892e193c1b50428">>,
			
 
				+                is_superuser => <<"1">>
			
 
				+            },
			
 
				+            credentials => #{
			
 
				+                clientid => <<"sha256_no_salt">>,
			
 
				+                password => <<"sha256_no_salt">>
			
 
				+            },
			
 
				+            key => <<"mqtt_user:sha256_no_salt">>,
			
 
				+            config_params => #{
			
 
				+                %% Needs to be compatible with emqx 4.x auth data
			
 
				+                <<"cmd">> => <<"HMGET mqtt_user:${clientid} password is_superuser">>,
			
 
				+                <<"password_hash_algorithm">> => #{
			
 
				+                    <<"name">> => <<"sha256">>,
			
 
				+                    <<"salt_position">> => <<"disable">>
			
 
				+                }
			
 
				+            },
			
 
				+            result => {ok, #{is_superuser => true}}
			
 
				         }
			
 
				     ].