I am trying to use Mosquitto MQTT Broker v1.5.8.
I am using mosquitto_auth_plugin for User Authentication. (https://github.com/jpmens/mosquitto-auth-plug)
I created a mysql server with users and acls tables.
I want to setup a user that can subscribe to topic test/#.
So I setup the rw = 5 in the acls table for that user
However the user is not able to subscribe to any test/# but can subscribe to test/123
I looked at one of the issue posted https://github.com/jpmens/mosquitto-auth-plug/issues/356
but since the Repo is archived, I cant ask questions there.
mysql> select * from acls;
+----+--------------+--------------------+----+
| id | username | topic | rw |
+----+--------------+--------------------+----+
| 1 | test | test/# | 5 |
+----+--------------+--------------------+----+
Related
I am currently using the mosquitto broker to see if I can build something interesting with it and I came across this plugin for authentication called mosquitto-auth-plugin.
I followed the documentation of the plugin and I am using postgres as the back-end table. It seems to be working with respect to user authentication. When it comes to ACL I find the publish ACL is on spot but the subscription ACL is something I am not able to wrap my mind around.
|-- GETTING USERS: karthik
1546887525: |-- getuser(karthik) AUTHENTICATED=1 by postgres
1546887525: New client connected from 127.0.0.1 as karthik (c1, k60, u'karthik').
1546887525: No will message specified.
1546887525: Sending CONNACK to karthik (0, 0)
1546887525: Received SUBSCRIBE from karthik
1546887525: test/test (QoS 0)
1546887525: |-- mosquitto_auth_acl_check(..., client id not available, karthik, test/test, MOSQ_ACL_WRITE)
1546887525: |-- SUPERUSER: karthik
1546887525: |-- user is 0
1546887525: |-- USERNAME: karthik, TOPIC: test/test, acc: 4
1546887525: |-- aclcheck(karthik, test/test, 4) AUTHORIZED=0 by none
1546887525: Sending SUBACK to karthik
As you can see my doubt is what the '4' in 'acc:4' signify? I did not find that in the documentation of the plugin. If I create another username entry in the database with the read/write access set to 4 (in addition to the read/write access initially set), I find the ACL for subscription works properly and checks for an authentication.
I am wondering if I should make changes to the mosquitto configuration to resolve this issue? I suppose I am missing out on a simple yet key detail... any assistance is appreciated! Also, I've attached the config file
auth_plugin /home/auth-plug.so
auth_opt_backends postgres
auth_opt_host localhost
auth_opt_port 5432
auth_opt_dbname test_db
auth_opt_user postgres
auth_opt_pass lolol
auth_opt_userquery SELECT password FROM clients WHERE username = $1 limit 1
auth_opt_superquery SELECT COALESCE(COUNT(*),0) FROM clients WHERE username = $1 AND super = 1
auth_opt_aclquery SELECT topic FROM mqttacl WHERE (username = $1) AND (rw & $2) > 0
Solved the issue. In the new mosquitto 1.5 release the MOSQ_ACL_SUBSCRIBE is an additional enhancement that has been introduced and an additional bit has been introduced in the ACL check. The value now varies from 0 to 7 (because of 3 bits) instead of 0-3 (owing to 2 bits).
So now the read/write value on your ACL table in the database must vary from 0 to 7.
0: no access
1: read
2: write
3: read and write
4: subscribe
5: read & subscribe
6: write & subscribe
7: read, write and subscribe
Hope it helps for people who are facing the same issue as I was :D!
i have the following specflow test:
#done
#succesfulladdbeforewhen
Scenario Outline: Admin adds an alternate numbers entry with a phonenumber successfully
Given the BW User is logged in with a <userlevel> Level Account
And the AddAlternateNumbersEntry query parameter contains an existing userid within the scope of the BW User
And the AddAlternateNumbersEntry post body contains an available phonenumber
When the BW User submits the AddAlternateNumbersEntry request
Then HTTP 201 should be returned
And a new alternate numbers entry should be added
Examples: User Levels
| userlevel |
| System |
| Service Provider |
| Group |
However i want a hook between before the second "and" (And the AddAlternateNumbersEntry post body contains an available phonenumber)
How can i do this ??? i can't find the propper kind of code/hook to do it with. thnx for the advice
thnx
Query: I want to login with different user for that I am parametrizing the Usertype and will verify the respective element w.r.t there access.
Now In Step file suppose eg: I have written
#Then ("^User logged in with \"([^\"]*)\"$)
Public void User_logged_in_with_Usertype() {
If (Usertype= Admin){
...
So in above code in how I will get value of admin or any other user(Can we get same value from feature file or I need to write a code separately for each user)
Feature: As a user I would like to login in FMJ-Redesign application with different users
Story : User is logging in FMJ application
Scenario Outline: User is logged in with Admin user credentials
Given Navigating BU to "<Browser>"
When User clicks on Location
And ForevermarkJewellerWebsite element should be present on login page
Then User logged in with "<Usertype>"
And User will check visibility of "<Element>"
Then User Logout Successfully
Examples:
|Browser | UserType | Element |
|Chrome | Admin | |
|Chrome | Market | |
|Chrome | Jeweller | |
|Chrome | Store | |
The way to get the value for Usertype is to have it as a parameter in the method.
Your code looks like this:
#Then ("^User logged in with \"([^\"]*)\"$)
Public void User_logged_in_with_Usertype() {
If (Usertype= Admin){
...
I rewrote your Scenario outline a bit and ended up with this version
Scenario Outline: User is logged in with Admin user credentials
Given Navigating BU to <Browser>
When User clicks on Location
And ForevermarkJewellerWebsite element should be present on login page
Then User logged in with <UserType>
And User will check visibility of <Element>
Then User Logout Successfully
Examples:
| Browser | UserType | Element |
| Chrome | Admin | |
| Chrome | Market | |
| Chrome | Jeweller | |
| Chrome | Store | |
This allowed me to write the step like this:
#Then("^User logged in with (.*)$")
public void user_logged_in_with(String userType) throws Throwable {
if (userType.equals("Admin")) {
// implement our behaviour here
}
}
There are a few differences to notice here:
I removed the quotes around the parameters in the example
I added the value of UsertType as a parameter to the method user_logged_in_with
These changes simplified the regular expression needed and allows you to implement different behaviour for different UserTypes.
I would probably implement four different steps for the user types you have. This would give me simpler steps, I could avoid the condition. The price would be four methods.
If I did that, the resulting implementation would look like this instead:
#Then("^User logged in with Admin$")
public void user_logged_in_with_Admin() throws Throwable {
// implement our behaviour here
}
This simplified the regular expression even more and removed the need for a capture group.
show grants for charm#'localhost';
---------------------+
| Grants for charm#localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'charm'#'localhost' IDENTIFIED BY PASSWORD '*EDD1CD76B1331E363B2BAED3F0B7EAF28559FBEWD' |
| GRANT ALL PRIVILEGES ON `charmstyle_com`.`charmstyle_com` TO 'charm'#'localhost'
i used
grant all on charmstyle_com to charm#'localhost' IDENTIFIED BY 't1q4gytrur';
flush privileges;
then i import the database,it shows an error:
ERROR 1142 (42000) at line 29: CREATE command denied to user 'charm'#'localhost' for table 'adminnotification_inbox'
You granted the user permissions only to the 'charmstyle_com' table inside the 'charmstyle_com' database. What you probably want is to grant permissions to all the tables in 'charmstyle_com' (or at least the 'adminnotification_inbox' table)
GRANT ALL PRIVILEGES ON `charmstyle_com`.* TO 'charm'#'localhost'
alternatively
GRANT ALL PRIVILEGES ON `charmstyle_com`.`adminnotification_inbox`
TO 'charm'#'localhost'
This is my first test case with cucumber and I am having tough time to figure out one thing. So I already have a test which check user creation. I want to add more steps like on user create create account and create product and set some attributes to these objects.
Here is the user create feature file
#no-database-cleaner
Feature: Creating an user account
In order to use Recdns portal
I need to create an user account
Scenario: Successful user account creation
Given the database contains no test data
And I am on the homepage
When I attempt to create the following user account:
| email address | password | confirm password |
| abc#company1.com | password | password |
# User is automatically logged in
Then I should see "Welcome!" message on page
And an ar_id is set for the user
And
When I click "Sign Out"
Then I should see "Signed out"
When I attempt to sign in with following user account:
| email address | password |
| abc#company1.com | password |
Then I should see "Welcome!" message on page
Scenario Outline: Verify error message when user failed to sign in
Given there is a user
And I am on the homepage
And I try to login with email "<email address>", password "<password>"
Then I should see "<error message>" message on page
Examples:
| email address | password | error message |
| testuser#company1.com | abc1234 | Invalid email or password |
| testuserdoesnotexist#company1.com | password | Invalid email or password |
Scenario Outline: Verify error message when user failed to sign up
Given I am on the homepage
And I click "Sign Up"
And I try to create user with email "<email address>", password "<password>", confirm password "<confirm password>"
Then I should see "<error message>" message on page
Examples:
| email address | password | confirm password | error message |
| abc#company1.com | abc123 | abc123 | Email has already been taken |
| xyz#test | abc123 | abc123 | Email is invalid |
| | abc123 | abc123 | Email can't be blank |
| abc#company1.com | | abc123 | Password can't be blank |
| abc#company1.com | abc123 | | Password doesn't match confirmation |
| abc#company1.com | abc1 | abc1 | Password is too short |
So where exactly I can add steps saying create account table and product table. Thanks
Is your 'create user account' method something that you need for each test to run? If so, I'd just create a helper that you can call before your scenario. ..something like #needs_new_account. One of the best parts about cucumber is the ability to reuse environments. You probably shouldn't create a new account for each scenario. Instead, have cucumber remember that it needs to keep that new account (ie., dont delete it) and reuse for the rest of your scenarios, if possible. Let me know if this helps. ..not quite sure I'm understanding your question completely.
Also, you don't need your extra "and" between "and" and "when"...Gherkin syntax treats And/When/Then the same.