search

siksterkashop / hivemq-test

Apache License 2.0
0 stars 0 forks source link

Wrong default password type #1

Open siksterkashop opened 1 year ago

siksterkashop commented 1 year ago

According to documentation for extension configuration the default password type should be "HASHED". Currently it is set to "PLAIN".

Default password type setting can be found: com/hivemq/extensions/rbac/configuration/entities/ExtensionConfig.java:42

@NotNull
@XmlElement(name = "password-type", defaultValue = "HASHED")
private PasswordType passwordType = PasswordType.PLAIN;

Documentation:

Configuration Default Description
credentials-reload-interval 60 Regular interval in seconds, in which the credentials.xml configuration file is checked for changes and reloaded.
listener-names null List of names of listeners, this extension will be used for. See {hivemq-listener}[HiveMQ config details^].
password-type HASHED How passwords are stored in the credentials.xml configuration file. Can either bei PLAIN for plain text passwords, or HASHED for a salted password hash.
siksterkashop commented 1 year ago

Pull request with test for the bug:https://github.com/siksterkashop/hiveMQTask/pull/2

MicWalter commented 1 year ago

Nice! You are the first one that found it :) I'm curious how did you find it?

Oh, and hi 👋 I'm Michael

siksterkashop commented 1 year ago

Hi! 👋 I've looked on test coverage (for extension config was one of the lowest) and through the code (like doing code review) when I was stuck at first and comparing it to the README.