Authenticate against a Joomla database

Question

Authenticate against a Joomla database

emqplus opened this issue 7 years ago · 5 comments

Feng. I cannot seem to find any help that works anywhere. Please maybe you know what I am doing wrong? Do you know Jooma? I am trying to authenticate against a Joomla database on the same server I have EMQ Deshboard on. Can I share the emq_auth_mysql config queries with you, maybe you can see immediately what I migh do wrong?

I use the latest Joomla version which uses bcrypt as password hash.
then auth.mysql.auth_query as: select password from c3tnr_users where username = '%u' limit 1 then auth.mysql.acl_query as: select allow, ipaddr, username, clientid, access, topic from c3tnr_mqtt_acl where username = '%u' limit 1 then auth.mysql.super_query as: select if(c3tnr_user_usergroup_map.group_id is null,0,1) as 'is_superuser' from c3tnr_users left join c3tnr_user_usergroup_mapon c3tnr_users.id = c3tnr_user_usergroup_map.user_id and group_id in(SELECT id FROMc3tnr_usergroups` where title = 'Super Users')
where c3tnr_users.username = '%u' limit 1

when I try to connect with the EMQ Dashboard websocket client I get error message: "connect failed on iot.getafix.biz:8083

Kind Regards, Chris

Answer 1 · 2018-09-20T07:38:59.000Z

Currently, bcrypt is not supported to be used isolately. It must be used together with salt. And the user must store the salt in the database and retrieve it in the auth.mysql.auth.query

auth.mysql.password_hash = salt,bcrypt
auth.mysql.auth_query = select password,salt from c3tnr_users where username = '%u' limit 1

Do you think auth.mysql.password_hash = bcrypt should be supported?

Answer 2 · 2018-09-27T07:53:38.000Z

#98
PR to support auth.mysql.password_hash = bcrypt

Answer 3 · 2018-09-27T08:03:55.000Z

According to Bcrypt wiki#Versioning history , there are version updates at 2011 and 2014 to support $2x$, $2y$, $2b$. Our bcrypt support is based on https://github.com/smarkets/erlang-bcrypt. Currently, it only supports $2a$. Unfortunately, Joomla and most PHP applications use $2y$ algorithm which is still not supported.
Do you think we should support $2x$, $2y$, $2b$? I can't find any erlang lib which supports them. I only find a elixir project https://github.com/riverrun/bcrypt_elixir.

Answer 4 · 2018-10-17T20:03:13.000Z

I am thinking of a solution. Since one have more than one device to connect to the emq broker each with its own username and password (for security reasons one dont give one username for all your devices), I suggest writing a joomla emq device manager component to rather list and spec the units with each own username and e.g. md5 or other supported encryption that will be written to the joomla component's table. Then emq can auth against that table. I will be working on this solution soon.

Answer 5 · 2018-10-18T02:01:48.000Z

I am thinking of a solution. Since one have more than one device to connect to the emq broker each with its own username and password (for security reasons one dont give one username for all your devices), I suggest writing a joomla emq device manager component to rather list and spec the units with each own username and e.g. md5 or other supported encryption that will be written to the joomla component's table. Then emq can auth against that table. I will be working on this solution soon.

bcrypt of $2y$ prefix has been supported since EMQX 3.0 beta 4 so the original problem should have been resolved now, please have a try.
Regarding your thinking, if your new table has stored the username, password and salt (only required for some hash type, check the doc for detail), it is reasonable to let emq auth against it.