[activemq-artemis] branch main updated: ARTEMIS-3678 return proper CONNACK code when MQTT 3.x auth fails

[jbertram]

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 27d0183  ARTEMIS-3678 return proper CONNACK code when MQTT 3.x auth 
fails
     new d2e31a6  This closes #3949
27d0183 is described below

commit 27d018327a292d78e8d8a88692ec345565775647
Author: Justin Bertram <jbert...@apache.org>
AuthorDate: Wed Feb 9 21:06:28 2022 -0600

    ARTEMIS-3678 return proper CONNACK code when MQTT 3.x auth fails
---
 .../artemis/core/protocol/mqtt/MQTTProtocolHandler.java      |  2 ++
 .../artemis/tests/integration/mqtt/MQTTSecurityTest.java     | 12 +++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git 
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
 
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
index 599f1a7..03728fa 100644
--- 
a/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
+++ 
b/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
@@ -234,6 +234,8 @@ public class MQTTProtocolHandler extends 
ChannelInboundHandlerAdapter {
       } catch (ActiveMQSecurityException e) {
          if (session.is5()) {
             
session.getProtocolHandler().sendConnack(MQTTReasonCodes.BAD_USER_NAME_OR_PASSWORD);
+         } else {
+            
session.getProtocolHandler().sendConnack(MQTTReasonCodes.NOT_AUTHORIZED_3);
          }
          disconnect(true);
          return;
diff --git 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/MQTTSecurityTest.java
 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/MQTTSecurityTest.java
index 3535a9c..3938aab 100644
--- 
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/MQTTSecurityTest.java
+++ 
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/MQTTSecurityTest.java
@@ -16,12 +16,13 @@
  */
 package org.apache.activemq.artemis.tests.integration.mqtt;
 
-import java.io.EOFException;
 import java.util.Arrays;
 
 import org.apache.activemq.artemis.tests.util.Wait;
 import org.fusesource.mqtt.client.BlockingConnection;
 import org.fusesource.mqtt.client.MQTT;
+import org.fusesource.mqtt.client.MQTTException;
+import org.fusesource.mqtt.codec.CONNACK;
 import org.junit.Test;
 
 public class MQTTSecurityTest extends MQTTTestSupport {
@@ -52,7 +53,7 @@ public class MQTTSecurityTest extends MQTTTestSupport {
       }
    }
 
-   @Test(timeout = 30000, expected = EOFException.class)
+   @Test(timeout = 30000)
    public void testConnectionWithNullPassword() throws Exception {
       for (String version : Arrays.asList("3.1", "3.1.1")) {
 
@@ -66,8 +67,13 @@ public class MQTTSecurityTest extends MQTTTestSupport {
             connection = mqtt.blockingConnection();
             connection.connect();
             fail("Connect should fail");
+         } catch (MQTTException e) {
+            assertEquals(CONNACK.Code.CONNECTION_REFUSED_NOT_AUTHORIZED, 
e.connack.code());
+         } catch (Exception e) {
+            fail("Should have caught an MQTTException");
          } finally {
-            if (connection != null && connection.isConnected()) 
connection.disconnect();
+            if (connection != null && connection.isConnected())
+               connection.disconnect();
          }
       }
    }