From b333d304a73c06eebf2591fbc54dafaca945d14c Mon Sep 17 00:00:00 2001 From: Nelson Vides Date: Wed, 26 May 2021 19:08:13 +0200 Subject: [PATCH 1/3] Make dummy auth delays configurable --- doc/authentication-methods/dummy.md | 38 +++++++++++++++++++++++------ src/auth/ejabberd_auth_dummy.erl | 5 +++- src/config/mongoose_config_spec.erl | 14 ++++++++++- 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/doc/authentication-methods/dummy.md b/doc/authentication-methods/dummy.md index 15a96a824a1..4d223a611ef 100644 --- a/doc/authentication-methods/dummy.md +++ b/doc/authentication-methods/dummy.md @@ -2,12 +2,36 @@ The purpose of this method is to make it possible to authenticate a user without the need for real authentication. In other words, using this module allows to -connect any user to the server without providing any password, -certificate, etc. +connect any user to the server without providing any password, certificate, etc. -From a more detailed perspective, the backend just accepts every -authentication attempt and introduces a random delay (50-500ms) to -an authorization response. +This kind of authorization sometimes really comes in handy, especially during development and testing. + +The backend just accepts every authentication attempt and introduces a random delay (50-500ms) to an authorization response. The delay works like +```erlang + timer:sleep(Base + rand:uniform(Variance)), +``` +where `Base` is `base_time` and `Variance` is `variance`, as configured below. + +## Configuration + +### `auth.dummy.base_time` +* **Scope:** local +* **Syntax:** integer +* **Default:** 50 +* **Example:** `base_time = 5` + +### `auth.dummy.variance` +* **Scope:** local +* **Syntax:** integer +* **Default:** 450 +* **Example:** `variance = 10` + +### Example + +```toml +[auth] + methods = ["dummy"] + dummy.base = 5 + dummy.variance = 10 +``` -This kind of authorization sometimes really comes in handy, especially during -development and testing. diff --git a/src/auth/ejabberd_auth_dummy.erl b/src/auth/ejabberd_auth_dummy.erl index bfc98d3ea15..68c0604afe1 100644 --- a/src/auth/ejabberd_auth_dummy.erl +++ b/src/auth/ejabberd_auth_dummy.erl @@ -36,7 +36,10 @@ stop(_HostType) -> ok. authorize(Creds) -> - timer:sleep(50 + rand:uniform(450)), + HostType = mongoose_credentials:host_type(Creds), + Base = ejabberd_auth:get_opt(HostType, dummy_base_timeout, 50), + Variance = ejabberd_auth:get_opt(HostType, dummy_variance, 450), + timer:sleep(Base + rand:uniform(Variance)), {ok, mongoose_credentials:set(Creds, auth_module, ?MODULE)}. check_password(_HostType, _User, _Server, _Password) -> diff --git a/src/config/mongoose_config_spec.erl b/src/config/mongoose_config_spec.erl index 6c99c11b0c6..ef5b9b8917b 100644 --- a/src/config/mongoose_config_spec.erl +++ b/src/config/mongoose_config_spec.erl @@ -490,7 +490,8 @@ auth() -> <<"jwt">> => auth_jwt(), <<"ldap">> => auth_ldap(), <<"riak">> => auth_riak(), - <<"rdbms">> => auth_rdbms()}, + <<"rdbms">> => auth_rdbms(), + <<"dummy">> => auth_dummy()}, process = fun ?MODULE:process_auth/1, format = {foreach, host_local_config} }. @@ -646,6 +647,17 @@ auth_rdbms() -> format = none }. +%% path: (host_config[].)auth.dummy +auth_dummy() -> + #section{ + items = #{<<"base_time">> => #option{type = integer, + format = {kv, dummy_base_timeout}}, + <<"variance">> => #option{type = integer, + format = {kv, dummy_variance}} + }, + format = none + }. + %% path: outgoing_pools outgoing_pools() -> PoolTypes = [<<"cassandra">>, <<"elastic">>, <<"http">>, <<"ldap">>, From 932f117fd1b9ad21a67f11bbf1e7f3373046babf Mon Sep 17 00:00:00 2001 From: Nelson Vides Date: Wed, 26 May 2021 21:35:36 +0200 Subject: [PATCH 2/3] fix tests --- test/auth_dummy_SUITE.erl | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/test/auth_dummy_SUITE.erl b/test/auth_dummy_SUITE.erl index 3b261c0e648..a1032f6cdae 100644 --- a/test/auth_dummy_SUITE.erl +++ b/test/auth_dummy_SUITE.erl @@ -33,12 +33,26 @@ all() -> [ supports_dynamic_domains ]. +init_per_suite(C) -> + {ok, _} = application:ensure_all_started(jid), + meck:new(ejabberd_config, [no_link]), + meck:expect(ejabberd_config, get_local_option, + fun({auth_method, ?HOST_TYPE}) -> dummy end), + meck:expect(ejabberd_config, get_local_option, + fun(auth_opts, _Host) -> + [{dummy_base_timeout, 5}, {dummy_variance, 10}] + end), + C. + +end_per_suite(C) -> + meck:unload(), + C. + %%-------------------------------------------------------------------- %% Authentication tests %%-------------------------------------------------------------------- authorize(_Config) -> - {ok, _} = application:ensure_all_started(jid), Creds = mongoose_credentials:new(?DOMAIN, ?HOST_TYPE), {ok, Creds2} = ejabberd_auth_dummy:authorize(Creds), ejabberd_auth_dummy = mongoose_credentials:get(Creds2, auth_module). @@ -46,12 +60,10 @@ authorize(_Config) -> ejabberd_auth_interfaces(_Config) -> [meck:new(M, Opts) || {M, Opts} <- [{mongoose_domain_api, []}, {ejabberd_auth_dummy, [passthrough]}, - {ejabberd_config, []}, {mongoose_metrics, []}]], + {mongoose_metrics, []}]], meck:expect(mongoose_domain_api, get_domain_host_type, fun(?DOMAIN) -> {ok, ?HOST_TYPE} end), - meck:expect(ejabberd_config, get_local_option, - fun({auth_method, ?HOST_TYPE}) -> dummy end), meck:expect(mongoose_metrics, update, fun(_, _, _) -> ok end), Creds = mongoose_credentials:new(?DOMAIN, ?HOST_TYPE), @@ -67,9 +79,7 @@ ejabberd_auth_interfaces(_Config) -> Digest = <<"any_digest">>, DigestGen = fun(_) -> <<"">> end, false = ejabberd_auth:check_password(JID, Password, Digest, DigestGen), Args2 = [?HOST_TYPE, UserName, ?DOMAIN, Password, Digest, DigestGen], - 1 = meck:num_calls(ejabberd_auth_dummy, check_password, Args2), - - meck:unload(). + 1 = meck:num_calls(ejabberd_auth_dummy, check_password, Args2). supports_dynamic_domains(_) -> true = ejabberd_auth:does_method_support(dummy, dynamic_domains), From c239f44388edbe68c2deb96253727c5aa3e24c43 Mon Sep 17 00:00:00 2001 From: Nelson Vides Date: Thu, 27 May 2021 11:07:19 +0200 Subject: [PATCH 3/3] Use the new values in host_type="test type" --- rel/mim1.vars-toml.config | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rel/mim1.vars-toml.config b/rel/mim1.vars-toml.config index 3b1377237db..01bd3eb235a 100644 --- a/rel/mim1.vars-toml.config +++ b/rel/mim1.vars-toml.config @@ -19,7 +19,9 @@ [[host_config]] host_type = \"test type\" - auth = { methods = [\"dummy\"] } + auth.methods = [\"dummy\"] + auth.dummy.base_time = 1 + auth.dummy.variance = 5 [host_config.modules.mod_carboncopy]"}. {password_format, "password.format = \"scram\" password.hash = [\"sha256\"]"}.