public Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
try
{
var pythonContext = new PythonDictionary
{
{ "endpoint", context.Endpoint },
{ "is_secure_connection", context.IsSecureConnection },
{ "client_id", context.ClientId },
{ "username", context.Username },
{ "password", context.Password },
{ "raw_password", new Bytes(context.RawPassword ?? new byte[0]) },
{ "clean_session", context.CleanSession },
{ "authentication_method", context.AuthenticationMethod },
{ "authentication_data", new Bytes(context.AuthenticationData ?? new byte[0]) },
{ "result", PythonConvert.Pythonfy(context.ReasonCode) }
};
_pythonScriptHostService.InvokeOptionalFunction("on_validate_client_connection", pythonContext);
context.ReasonCode = PythonConvert.ParseEnum <MqttConnectReasonCode>((string)pythonContext["result"]);
}
catch (Exception exception)
{
_logger.LogError(exception, "Error while validating client connection.");
context.ReasonCode = MqttConnectReasonCode.UnspecifiedError;
}
return(Task.CompletedTask);
}
/// <summary>
/// Check if JWT is enabled and validate the JWT if required.
/// If JWT is not enabled, authorization is granted if username & password are emtpy.
/// </summary>
private static void ValidateUserAndPassword(MqttConnectionValidatorContext mqttConnectionValidatorContext)
{
mqttConnectionValidatorContext.ReasonCode = MqttConnectReasonCode.Success;
Logger.Info($"Connection from client '{mqttConnectionValidatorContext.ClientId}'");
bool validateJWT = true;
if (string.IsNullOrEmpty(mqttConnectionValidatorContext.Username))
{
validateJWT = false;
Logger.Info("Connection request: username is null.");
}
else
{
Logger.Info($"Username: {mqttConnectionValidatorContext.Username}");
}
if (string.IsNullOrEmpty(mqttConnectionValidatorContext.Password))
{
validateJWT = false;
Logger.Info("Connection request: username is null.");
}
else
{
Logger.Info($"Password: {mqttConnectionValidatorContext.Password}");
}
if (validateJWT)
{
JSONWebToken tokenHandler = new JSONWebToken();
tokenHandler.IsValid(mqttConnectionValidatorContext.Password);
}
}
internal void Server_ClientConnectionValidator(object sender, MqttClientConnectionValidatorEventArgs e)
{
MqttConnectionValidatorContext obj = e.Context;
Uri uri = new Uri("mqtt://" + obj.Endpoint);
if (string.IsNullOrEmpty(obj.Username) && uri.IsLoopback)
{
obj.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionAccepted;
_logger.LogInformation($"Loopback {obj.Endpoint}, ConnectionAccepted");
}
else
{
_logger.LogInformation($"ClientId={obj.ClientId},Endpoint={obj.Endpoint},Username={obj.Username},Password={obj.Password},WillMessage={obj.WillMessage?.ConvertPayloadToString()}");
var mcr = _dbContext.DeviceIdentities.FirstOrDefault(mc => (mc.IdentityType == IdentityType.AccessToken && mc.IdentityId == obj.Username) ||
(mc.IdentityType == IdentityType.DevicePassword && mc.IdentityId == obj.Username && mc.IdentityValue == obj.Password));
if (mcr != null)
{
try
{
var device = mcr.Device;
Devices.Add(e.Context.ClientId, device);
}
catch (Exception ex)
{
_logger.LogError(ex, "ConnectionRefusedServerUnavailable {0}", ex.Message);
obj.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedServerUnavailable;
}
}
else
{
obj.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
_logger.LogInformation($"Bad username or password {obj.Username},connection {obj.Endpoint} refused");
}
}
}
async Task <MqttConnectionValidatorContext> ValidateConnection(MqttConnectPacket connectPacket,
IMqttChannelAdapter channelAdapter)
{
var context = new MqttConnectionValidatorContext(connectPacket, channelAdapter)
{
SessionItems = new ConcurrentDictionary <object, object>()
};
var connectionValidator = _options.ConnectionValidator;
if (connectionValidator == null)
{
context.ReasonCode = MqttConnectReasonCode.Success;
return(context);
}
await connectionValidator.ValidateConnectionAsync(context).ConfigureAwait(false);
// Check the client ID and set a random one if supported.
if (string.IsNullOrEmpty(connectPacket.ClientId) &&
channelAdapter.PacketFormatterAdapter.ProtocolVersion == MqttProtocolVersion.V500)
{
connectPacket.ClientId = context.AssignedClientIdentifier;
}
if (string.IsNullOrEmpty(connectPacket.ClientId))
{
context.ReasonCode = MqttConnectReasonCode.ClientIdentifierNotValid;
}
return(context);
}
public Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
try
{
var pythonContext = new PythonDictionary
{
{ "client_id", context.ClientId },
{ "endpoint", context.Endpoint },
{ "is_secure_connection", context.IsSecureConnection },
{ "username", context.Username },
{ "password", context.Password },
{ "result", PythonConvert.Pythonfy(context.ReturnCode) }
};
_pythonScriptHostService.InvokeOptionalFunction("on_validate_client_connection", pythonContext);
context.ReturnCode = PythonConvert.ParseEnum <MqttConnectReturnCode>((string)pythonContext["result"]);
}
catch (Exception exception)
{
_logger.LogError(exception, "Error while validating client connection.");
}
return(Task.CompletedTask);
}
public Task ValidateConnectionAsync(
MqttConnectionValidatorContext context)
{
var currentUser = _repo.GetUser(context.Username);
if (currentUser == null)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context);
return(Task.CompletedTask);
}
if (context.Username != currentUser.Username)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context);
return(Task.CompletedTask);
}
if (context.Password != currentUser.Password)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context);
return(Task.CompletedTask);
}
context.ReasonCode = MqttConnectReasonCode.Success;
LogMessage(context);
return(Task.CompletedTask);
}
public Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
try
{
if (!_mqttSettingsModel.RequireClientAuthentication)
{
context.ReasonCode = MqttConnectReasonCode.Success;
_logger.LogInformation($"New connection from Endpoint: {context.Endpoint}, ClientId: {context.ClientId}");
return(Task.CompletedTask);
}
// Search for matching credentials
foreach (var clientCredential in _mqttSettingsModel.ClientCredentials)
{
if (context.Username != null && context.Username.Equals(clientCredential.UserName,
StringComparison.OrdinalIgnoreCase) && context.Password == clientCredential.Password)
{
context.ReasonCode = MqttConnectReasonCode.Success;
_logger.LogInformation($"New validated connection from Endpoint: {context.Endpoint}, ClientId: {context.ClientId}");
return(Task.CompletedTask);
}
}
// Otherwise, reject connection
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
_logger.LogWarning($"Invalid connection attempt from Endpoint: {context.Endpoint}, ClientId: {context.ClientId}, Username: {context.Username}");
}
catch (Exception ex)
{
_logger.LogError(ex, "Error while validating client connection.");
context.ReasonCode = MqttConnectReasonCode.UnspecifiedError;
}
return(Task.CompletedTask);
}
private async Task ConnectionValidation(MqttConnectionValidatorContext context)
{
nlogger.Debug("connection validation.");
if (context.ClientId.Length < 10)
{
nlogger.Error("ClientId.Length < 10");
context.ReasonCode = MqttConnectReasonCode.ClientIdentifierNotValid;
return;
}
if (!context.Username.Equals(mqttUsername))
{
nlogger.Error("Username is not admin");
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
if (!context.Password.Equals(mqttPassword))
{
nlogger.Error("Password is not public");
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
nlogger.Debug("connection validation success.");
context.ReasonCode = MqttConnectReasonCode.Success;
}
/// <summary>
/// Logs the message from the MQTT connection validation context.
/// </summary>
/// <param name="context">The MQTT connection validation context.</param>
/// <param name="showPassword">A <see cref="bool"/> value indicating whether the password is written to the log or not.</param>
private static void LogMessage(MqttConnectionValidatorContext context, bool showPassword)
{
if (context == null)
{
return;
}
if (showPassword)
{
Logger.Information(
"New connection: ClientId = {@ClientId}, Endpoint = {@Endpoint}, Username = {@UserName}, Password = {@Password}, CleanSession = {@CleanSession}",
context.ClientId,
context.Endpoint,
context.Username,
context.Password,
context.CleanSession);
}
else
{
Logger.Information(
"New connection: ClientId = {@ClientId}, Endpoint = {@Endpoint}, Username = {@UserName}, CleanSession = {@CleanSession}",
context.ClientId,
context.Endpoint,
context.Username,
context.CleanSession);
}
}
public MqttConnAckPacket CreateConnAckPacket(MqttConnectionValidatorContext connectionValidatorContext)
{
if (connectionValidatorContext == null)
{
throw new ArgumentNullException(nameof(connectionValidatorContext));
}
return(new MqttConnAckPacket
{
ReasonCode = connectionValidatorContext.ReasonCode,
Properties = new MqttConnAckPacketProperties
{
RetainAvailable = true,
SubscriptionIdentifiersAvailable = true,
SharedSubscriptionAvailable = false,
TopicAliasMaximum = ushort.MaxValue,
WildcardSubscriptionAvailable = true,
UserProperties = connectionValidatorContext.ResponseUserProperties,
AuthenticationMethod = connectionValidatorContext.AuthenticationMethod,
AuthenticationData = connectionValidatorContext.ResponseAuthenticationData,
AssignedClientIdentifier = connectionValidatorContext.AssignedClientIdentifier,
ReasonString = connectionValidatorContext.ReasonString,
ServerReference = connectionValidatorContext.ServerReference
}
});
}
public async Task ValidateConnectionAsync(
MqttConnectionValidatorContext context)
{
var currentUser = _repo.GetUser(context.Username);
if (currentUser == null)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
await LogMessage(context);
return;
}
if (context.Username != currentUser.Username)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
await LogMessage(context);
return;
}
if (context.Password != currentUser.Password)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
await LogMessage(context);
return;
}
context.ReasonCode = MqttConnectReasonCode.Success;
//_repo.
await LogMessage(context, true);
return;
}
private void OnNewConnection(MqttConnectionValidatorContext context)
{
AppendLog($"Client connected: {context.ClientId} ");
//AppendText($"Timestamp: {DateTime.Now:O} | Topic: {x.ApplicationMessage.Topic} | Payload: {x.ApplicationMessage.ConvertPayloadToString()} | QoS: {x.ApplicationMessage.QualityOfServiceLevel}");
//AppendText( );
}
public Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
Handler.HandleClientConnectionValidatorAsync(new MqttServerClientConnectionValidatorEventArgs()
{
Context = context
});
return(Task.CompletedTask);
}
/// <summary>
/// Initializes a new instance of the <see cref="SimpleMqttConnectionValidatorContext"/> class.
/// </summary>
/// <param name="context">The context.</param>
public SimpleMqttConnectionValidatorContext(MqttConnectionValidatorContext context)
{
this.UserName = context.Username;
this.ClientId = context.ClientId;
this.Password = context.Password;
this.CleanSession = context.CleanSession;
this.Endpoint = context.Endpoint;
}
public Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
if (context.Username != _clientSettings.UserName || context.Password != _clientSettings.Password)
{
return(Task.FromResult(context.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.BadUserNameOrPassword));
}
return(Task.FromResult(context.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.Success));
}
/// <summary>
/// Validates the connection.
/// </summary>
/// <param name="context">The context.</param>
private async void ValidateConnection(MqttConnectionValidatorContext context)
{
var currentUser = await this.userRepository.GetUserByName(context.Username).ConfigureAwait(false);
if (currentUser == null)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context, true);
return;
}
if (context.Username != currentUser.UserName)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context, true);
return;
}
var hashingResult = Hasher.VerifyHashedPassword(
currentUser,
currentUser.PasswordHash,
context.Password);
if (hashingResult == PasswordVerificationResult.Failed)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context, true);
return;
}
if (!currentUser.ValidateClientId)
{
context.ReasonCode = MqttConnectReasonCode.Success;
context.SessionItems.Add(context.ClientId, currentUser);
LogMessage(context, false);
return;
}
if (string.IsNullOrWhiteSpace(currentUser.ClientIdPrefix))
{
if (context.ClientId != currentUser.ClientId)
{
context.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
LogMessage(context, true);
return;
}
context.SessionItems.Add(currentUser.ClientId, currentUser);
}
else
{
context.SessionItems.Add(currentUser.ClientIdPrefix, currentUser);
}
context.ReasonCode = MqttConnectReasonCode.Success;
LogMessage(context, false);
}
/// <summary>
/// Logs the message from the MQTT connection validation context.
/// </summary>
/// <param name="context">The MQTT connection validation context.</param>
private static void LogMessage(ILogger <MQTTService> logger, MqttConnectionValidatorContext context)
{
if (context == null)
{
return;
}
logger.LogInformation(
$"New connection: ClientId = {context.ClientId}, Endpoint = {context.Endpoint},"
+ $" Username = {context.Username}, CleanSession = {context.CleanSession}");
}
private void ConnectionValidationHandler(MqttConnectionValidatorContext eventArgs)
{
if (_connected.ContainsKey(eventArgs.ClientId))
{
eventArgs.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
_connected[eventArgs.ClientId] = true;
eventArgs.ReasonCode = MqttConnectReasonCode.Success;
return;
}
/// <summary>
/// 鉴权身份认证
/// </summary>
/// <param name="cxt"></param>
public void EH_ConnectionValidator(MqttConnectionValidatorContext cxt)
{
if (string.IsNullOrEmpty(ServerAuth_Username) || string.IsNullOrEmpty(ServerAuth_Password))
{
cxt.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.BadUserNameOrPassword;
}
else if (cxt.Username != ServerAuth_Username || cxt.Password != ServerAuth_Password)
{
cxt.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.BadUserNameOrPassword;
}
cxt.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.Success;
}
/// <summary>
/// Validates the connection.
/// </summary>
/// <param name="context">The context.</param>
private void ValidateConnection(MqttConnectionValidatorContext context)
{
if (this.cancellationToken.IsCancellationRequested)
{
return;
}
var repositoryGrain = this.clusterClient.GetGrain <IMqttRepositoryGrain>(0);
var connectionValid = repositoryGrain.ProceedConnect(new SimpleMqttConnectionValidatorContext(context)).Result;
context.ReasonCode = connectionValid ? MqttConnectReasonCode.Success : MqttConnectReasonCode.BadUserNameOrPassword;
}
public MqttConnAckPacket CreateConnAckPacket(MqttConnectionValidatorContext connectionValidatorContext)
{
if (connectionValidatorContext == null)
{
throw new ArgumentNullException(nameof(connectionValidatorContext));
}
return(new MqttConnAckPacket
{
ReturnCode = new MqttConnectReasonCodeConverter().ToConnectReturnCode(connectionValidatorContext.ReasonCode)
});
}
private void ConnectEventAction(MqttConnectionValidatorContext context)
{
if (!(context.Username == "admin"))
{
context.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;
}
if (context.Password != "123456")
{
context.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;
}
}
void ValidateClientConnection(MqttConnectionValidatorContext context)
{
context.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.Success;
if (_options.BlockedClients == null)
{
return;
}
if (_options.BlockedClients.Contains(context.ClientId ?? string.Empty))
{
context.ReasonCode = MQTTnet.Protocol.MqttConnectReasonCode.Banned;
}
}
public bool Validate(MqttConnectionValidatorContext context)
{
var optionsBuilder = new DbContextOptionsBuilder <HubDbContext>();
optionsBuilder.UseSqlServer(_configuration.GetConnectionString("HubDatabase"));
HubUser user;
using (var dbContext = new HubDbContext(optionsBuilder.Options))
{
user = dbContext.HubUser.SingleOrDefault(new Validator(context).Predicate);
}
return(user != null && "HUR-ACT" == user.StatusCode);
}
public bool Validate(MqttConnectionValidatorContext context)
{
var optionsBuilder = new DbContextOptionsBuilder <HubDbContext>();
optionsBuilder.UseSqlServer(_configuration.GetConnectionString("HubDatabase"));
Agent agent;
using (var dbContext = new HubDbContext(optionsBuilder.Options))
{
agent = dbContext.Agent.FirstOrDefault(new Validator(context).Predicate);
}
return(agent != null);
}
/// <summary>
/// Validates the MQTT connection.
/// </summary>
/// <param name="context">The context.</param>
/// <returns>A <see cref="Task"/> representing any asynchronous operation.</returns>
public async Task ValidateConnectionAsync(MqttConnectionValidatorContext context)
{
try
{
var repositoryGrain = clusterClient.GetGrain <IMqttRepositoryGrain>(0);
var connectionValid = await repositoryGrain.ProceedConnect(new SimpleMqttConnectionValidatorContext(context));
context.ReasonCode = connectionValid ? MqttConnectReasonCode.Success : MqttConnectReasonCode.BadUserNameOrPassword;
}
catch (Exception ex)
{
this.logger.Error("An error occurred: {@ex}.", ex);
}
}
public MqttConnAckPacket CreateConnAckPacket(MqttConnectionValidatorContext connectionValidatorContext)
{
return(new MqttConnAckPacket
{
ReasonCode = connectionValidatorContext.ReasonCode,
Properties = new MqttConnAckPacketProperties
{
UserProperties = connectionValidatorContext.ResponseUserProperties,
AuthenticationMethod = connectionValidatorContext.AuthenticationMethod,
AuthenticationData = connectionValidatorContext.ResponseAuthenticationData,
AssignedClientIdentifier = connectionValidatorContext.AssignedClientIdentifier,
ReasonString = connectionValidatorContext.ReasonString
}
});
}
private void AuthenticateUser(MqttConnectionValidatorContext c)
{
Logger.LogDebug(LogCategory.RestServe, $"Attempting to authenticate {EboEwsSettings.UserName} with password {EboEwsSettings.Password}");
try
{
var client = MongooseObjectFactory.Current.GetInstance <IManagedEwsClient>();
client.EwsVersionImplemented(EboEwsSettings);
c.ReturnCode = MqttConnectReturnCode.ConnectionAccepted;
}
catch (Exception ex)
{
Logger.LogError(LogCategory.RestServe, ex);
c.ReturnCode = MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
}
}
private Task ConnectEventFunc(MqttConnectionValidatorContext context)
{
return(Task.Run(() =>
{
if (!(context.Username == "admin"))
{
context.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;
}
if (context.Password != "123456")
{
context.ReturnCode = MQTTnet.Protocol.MqttConnectReturnCode.ConnectionRefusedBadUsernameOrPassword;
return;
}
}));
}
/// <summary>
/// Logs the message from the MQTT connection validation context.
/// </summary>
/// <param name="context">The MQTT connection validation context.</param>
/// <param name="showPassword">A <see cref="bool"/> value indicating whether the password is written to the log or not.</param>
private static void LogMessage(MqttConnectionValidatorContext context, bool showPassword)
{
if (showPassword)
{
Log.Information(
$"New connection: ClientId = {context.ClientId}, Endpoint = {context.Endpoint},"
+ $" Username = {context.Username}, Password = {context.Password},"
+ $" CleanSession = {context.CleanSession}");
}
else
{
Log.Information(
$"New connection: ClientId = {context.ClientId}, Endpoint = {context.Endpoint},"
+ $" Username = {context.Username}, CleanSession = {context.CleanSession}");
}
}
