Преглед на файлове

Fix wrong password handling (string -> byte[])

release/3.x.x
Christian Kratky преди 5 години
родител
ревизия
ccfe67e6a6
променени са 13 файла, в които са добавени 52 реда и са изтрити 25 реда
  1. +8
    -0
      Source/MQTTnet.Server/Mqtt/MqttConnectionValidator.cs
  2. +1
    -1
      Source/MQTTnet.Server/Scripts/00_sample.py
  3. +1
    -1
      Source/MQTTnet/Client/Options/IMqttClientCredentials.cs
  4. +1
    -1
      Source/MQTTnet/Client/Options/MqttClientCredentials.cs
  5. +13
    -0
      Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs
  6. +1
    -1
      Source/MQTTnet/Formatter/V3/MqttV310PacketFormatter.cs
  7. +1
    -1
      Source/MQTTnet/Formatter/V5/MqttV500PacketDecoder.cs
  8. +6
    -5
      Source/MQTTnet/Packets/MqttConnectPacket.cs
  9. +4
    -3
      Source/MQTTnet/Server/MqttConnectionValidatorContext.cs
  10. +5
    -5
      Tests/MQTTnet.Core.Tests/MqttPacketSerializer_Tests.cs
  11. +1
    -1
      Tests/MQTTnet.TestApp.NetCore/ManagedClientTest.cs
  12. +2
    -1
      Tests/MQTTnet.TestApp.NetCore/ServerTest.cs
  13. +8
    -5
      Tests/MQTTnet.TestApp.UniversalWindows/MainPage.xaml.cs

+ 8
- 0
Source/MQTTnet.Server/Mqtt/MqttConnectionValidator.cs Целия файл

@@ -1,4 +1,5 @@
using System;
using System.Text;
using System.Threading.Tasks;
using IronPython.Runtime;
using Microsoft.Extensions.Logging;
@@ -22,6 +23,12 @@ namespace MQTTnet.Server.Mqtt
{
try
{
string passwordString = null;
if (context.Password != null)
{
passwordString = Encoding.UTF8.GetString(context.Password);
}

var pythonContext = new PythonDictionary
{
{ "client_id", context.ClientId },
@@ -29,6 +36,7 @@ namespace MQTTnet.Server.Mqtt
{ "is_secure_connection", context.IsSecureConnection },
{ "username", context.Username },
{ "password", context.Password },
{ "password_string", passwordString },
{ "result", PythonConvert.Pythonfy(context.ReturnCode) }
};



+ 1
- 1
Source/MQTTnet.Server/Scripts/00_sample.py Целия файл

@@ -29,7 +29,7 @@ def on_validate_client_connection(context):
context["result"] = "connection_refused_not_authorized"
return

if context["password"] != "secret":
if context["password_string"] != "secret":
context["result"] = "connection_refused_not_authorized"

print(context)


+ 1
- 1
Source/MQTTnet/Client/Options/IMqttClientCredentials.cs Целия файл

@@ -2,7 +2,7 @@
{
public interface IMqttClientCredentials
{
string Password { get; }
string Username { get; }
byte[] Password { get; }
}
}

+ 1
- 1
Source/MQTTnet/Client/Options/MqttClientCredentials.cs Целия файл

@@ -4,6 +4,6 @@
{
public string Username { get; set; }

public string Password { get; set; }
public byte[] Password { get; set; }
}
}

+ 13
- 0
Source/MQTTnet/Client/Options/MqttClientOptionsBuilder.cs Целия файл

@@ -1,5 +1,6 @@
using System;
using System.Linq;
using System.Text;
using MQTTnet.Client.ExtendedAuthenticationExchange;
using MQTTnet.Formatter;

@@ -116,6 +117,18 @@ namespace MQTTnet.Client.Options
}

public MqttClientOptionsBuilder WithCredentials(string username, string password = null)
{
byte[] passwordBuffer = null;

if (password != null)
{
passwordBuffer = Encoding.UTF8.GetBytes(password);
}

return WithCredentials(username, passwordBuffer);
}

public MqttClientOptionsBuilder WithCredentials(string username, byte[] password = null)
{
_options.Credentials = new MqttClientCredentials
{


+ 1
- 1
Source/MQTTnet/Formatter/V3/MqttV310PacketFormatter.cs Целия файл

@@ -293,7 +293,7 @@ namespace MQTTnet.Formatter.V3

if (passwordFlag)
{
packet.Password = body.ReadStringWithLengthPrefix();
packet.Password = body.ReadWithLengthPrefix();
}

ValidateConnectPacket(packet);


+ 1
- 1
Source/MQTTnet/Formatter/V5/MqttV500PacketDecoder.cs Целия файл

@@ -208,7 +208,7 @@ namespace MQTTnet.Formatter.V5

if (passwordFlag)
{
packet.Password = body.ReadStringWithLengthPrefix();
packet.Password = body.ReadWithLengthPrefix();
}

return packet;


+ 6
- 5
Source/MQTTnet/Packets/MqttConnectPacket.cs Целия файл

@@ -6,7 +6,7 @@

public string Username { get; set; }

public string Password { get; set; }
public byte[] Password { get; set; }

public ushort KeepAlivePeriod { get; set; }

@@ -23,13 +23,14 @@

public override string ToString()
{
var password = Password;
if (!string.IsNullOrEmpty(password))
var passwordText = string.Empty;

if (Password != null)
{
password = "****";
passwordText = "****";
}

return string.Concat("Connect: [ClientId=", ClientId, "] [Username=", Username, "] [Password=", password, "] [KeepAlivePeriod=", KeepAlivePeriod, "] [CleanSession=", CleanSession, "]");
return string.Concat("Connect: [ClientId=", ClientId, "] [Username=", Username, "] [Password=", passwordText, "] [KeepAlivePeriod=", KeepAlivePeriod, "] [CleanSession=", CleanSession, "]");
}
}
}

+ 4
- 3
Source/MQTTnet/Server/MqttConnectionValidatorContext.cs Целия файл

@@ -1,10 +1,11 @@
using MQTTnet.Protocol;
using System.Text;
using MQTTnet.Protocol;

namespace MQTTnet.Server
{
public class MqttConnectionValidatorContext
{
public MqttConnectionValidatorContext(string clientId, string username, string password, MqttApplicationMessage willMessage, string endpoint, bool isSecureConnection)
public MqttConnectionValidatorContext(string clientId, string username, byte[] password, MqttApplicationMessage willMessage, string endpoint, bool isSecureConnection)
{
ClientId = clientId;
Username = username;
@@ -18,7 +19,7 @@ namespace MQTTnet.Server

public string Username { get; }

public string Password { get; }
public byte[] Password { get; }

public MqttApplicationMessage WillMessage { get; }



+ 5
- 5
Tests/MQTTnet.Core.Tests/MqttPacketSerializer_Tests.cs Целия файл

@@ -23,7 +23,7 @@ namespace MQTTnet.Tests
var p = new MqttConnectPacket
{
ClientId = "XYZ",
Password = "PASS",
Password = Encoding.UTF8.GetBytes("PASS"),
Username = "USER",
KeepAlivePeriod = 123,
CleanSession = true
@@ -38,7 +38,7 @@ namespace MQTTnet.Tests
var p = new MqttConnectPacket
{
ClientId = "XYZ",
Password = "PASS",
Password = Encoding.UTF8.GetBytes("PASS"),
Username = "USER",
KeepAlivePeriod = 123,
CleanSession = true
@@ -53,7 +53,7 @@ namespace MQTTnet.Tests
var p = new MqttConnectPacket
{
ClientId = "XYZ",
Password = "PASS",
Password = Encoding.UTF8.GetBytes("PASS"),
Username = "USER",
KeepAlivePeriod = 123,
CleanSession = true,
@@ -75,7 +75,7 @@ namespace MQTTnet.Tests
var p = new MqttConnectPacket
{
ClientId = "XYZ",
Password = "PASS",
Password = Encoding.UTF8.GetBytes("PASS"),
Username = "USER",
KeepAlivePeriod = 123,
CleanSession = true
@@ -90,7 +90,7 @@ namespace MQTTnet.Tests
var p = new MqttConnectPacket
{
ClientId = "XYZ",
Password = "PASS",
Password = Encoding.UTF8.GetBytes("PASS"),
Username = "USER",
KeepAlivePeriod = 123,
CleanSession = true,


+ 1
- 1
Tests/MQTTnet.TestApp.NetCore/ManagedClientTest.cs Целия файл

@@ -62,7 +62,7 @@ namespace MQTTnet.TestApp.NetCore

public class RandomPassword : IMqttClientCredentials
{
public string Password => Guid.NewGuid().ToString();
public byte[] Password => Guid.NewGuid().ToByteArray();

public string Username => "the_static_user";
}


+ 2
- 1
Tests/MQTTnet.TestApp.NetCore/ServerTest.cs Целия файл

@@ -28,7 +28,8 @@ namespace MQTTnet.TestApp.NetCore
{
if (p.ClientId == "SpecialClient")
{
if (p.Username != "USER" || p.Password != "PASS")
var password = Encoding.UTF8.GetString(p.Password);
if (p.Username != "USER" || password != "PASS")
{
p.ReturnCode = MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
}


+ 8
- 5
Tests/MQTTnet.TestApp.UniversalWindows/MainPage.xaml.cs Целия файл

@@ -138,7 +138,7 @@ namespace MQTTnet.TestApp.UniversalWindows
options.Credentials = new MqttClientCredentials
{
Username = User.Text,
Password = Password.Text
Password = Encoding.UTF8.GetBytes(Password.Text)
};
}
@@ -539,7 +539,7 @@ namespace MQTTnet.TestApp.UniversalWindows
//...
}
client.UseApplicationMessageReceivedHandler(Handler);
client.UseApplicationMessageReceivedHandler(e => Handler(e));

// Subscribe after connect

@@ -601,7 +601,7 @@ namespace MQTTnet.TestApp.UniversalWindows
Credentials = new MqttClientCredentials
{
Username = "bud",
Password = "%spencer%"
Password = Encoding.UTF8.GetBytes("%spencer%")
},
ChannelOptions = new MqttClientTcpOptions
{
@@ -633,7 +633,9 @@ namespace MQTTnet.TestApp.UniversalWindows
return;
}

if (c.Password != "mySecretPassword")
var password = Encoding.UTF8.GetString(c.Password);

if (password != "mySecretPassword")
{
c.ReturnCode = MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;
@@ -717,7 +719,8 @@ namespace MQTTnet.TestApp.UniversalWindows
return;
}

if (c.Password != "mySecretPassword")
var password = Encoding.UTF8.GetString(c.Password);
if (password != "mySecretPassword")
{
c.ReturnCode = MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;


Зареждане…
Отказ
Запис