From 6be79cbe88e6ff16cb63a3e183b9488fa5a11a94 Mon Sep 17 00:00:00 2001
From: turtletramp <turtletramp@users.noreply.github.com>
Date: Wed, 2 Dec 2020 03:05:46 +0100
Subject: [PATCH] Bugfix - authfile plugin did wrongly use username as IP and
 IP as username in ACL checks (#100)

* adding test + fix issue with wrong order in acl check

* reduce to featureset from original fork
---
 plugins/auth/authfile/acl.go      |  2 +-
 plugins/auth/authfile/acl_test.go | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 plugins/auth/authfile/acl_test.go

diff --git a/plugins/auth/authfile/acl.go b/plugins/auth/authfile/acl.go
index 81195c6..8a04d4b 100644
--- a/plugins/auth/authfile/acl.go
+++ b/plugins/auth/authfile/acl.go
@@ -19,5 +19,5 @@ func (a *aclAuth) CheckConnect(clientID, username, password string) bool {
 }
 
 func (a *aclAuth) CheckACL(action, clientID, username, ip, topic string) bool {
-	return checkTopicAuth(a.config, action, username, ip, clientID, topic)
+	return checkTopicAuth(a.config, action, ip, username, clientID, topic)
 }
diff --git a/plugins/auth/authfile/acl_test.go b/plugins/auth/authfile/acl_test.go
new file mode 100644
index 0000000..e422838
--- /dev/null
+++ b/plugins/auth/authfile/acl_test.go
@@ -0,0 +1,23 @@
+//+build test
+
+package acl
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOrigAcls(t *testing.T) {
+	pwd, _ := os.Getwd()
+	os.Chdir("../../../")
+	aclOrig := Init()
+	os.Chdir(pwd)
+
+	// rule: allow      ip          127.0.0.1      2         $SYS/#
+	origAllowed := aclOrig.CheckACL(PUB, "dummyClientID", "dummyUser", "127.0.0.1", "$SYS/something")
+	assert.True(t, origAllowed)
+	origAllowed = aclOrig.CheckACL(SUB, "dummyClientID", "dummyUser", "127.0.0.1", "$SYS/something")
+	assert.False(t, origAllowed)
+}