Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(conn): password can be set when username unset when mqttv5 #148

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(conn): password can be set when username unset when mqttv5 #148

wants to merge 2 commits into from

Conversation

JimMoen
Copy link

@JimMoen JimMoen commented Dec 19, 2023
edited

MQTT-v5 allows sending a password without username
Which means username flag set 0 and username not be present in CONNECT payload.
And there is no necessary relationship between Username flag and Password flag.

see also:

3.1.2.8 User Name Flag
Position: bit 7 of the Connect Flags.

If the User Name Flag is set to 0, a User Name MUST NOT be present in the Payload [MQTT-3.1.2-16]. If the User Name Flag is set to 1, a User Name MUST be present in the Payload [MQTT-3.1.2-17].

3.1.2.9 Password Flag
Position: bit 6 of the Connect Flags.

If the Password Flag is set to 0, a Password MUST NOT be present in the Payload [MQTT-3.1.2-18]. If the Password Flag is set to 1, a Password MUST be present in the Payload [MQTT-3.1.2-19].

Non-normative comment

This version of the protocol allows the sending of a Password with no User Name, where MQTT v3.1.1 did not. This reflects the common use of Password for credentials other than a password.

https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901044

robertsLando
robertsLando requested changes Dec 19, 2023
View reviewed changes
writeToStream.js Show resolved Hide resolved
@JimMoen
chore: comment mqtt-v5 username/password
65d1cdd 
Highlight:
This version of the protocol allows the sending of a Password with no User Name, where MQTT v3.1.1 did not.

refer:
https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901044

> 3.1.2.9 Password Flag
> Position: bit 6 of the Connect Flags.
>
> If the Password Flag is set to 0, a Password MUST NOT be present in the Payload [MQTT-3.1.2-18]. If the Password Flag is set to 1, a Password MUST be present in the Payload [MQTT-3.1.2-19].
>
> Non-normative comment
>
> This version of the protocol allows the sending of a Password with no User Name, where MQTT v3.1.1 did not. This reflects the common use of Password for credentials other than a password.
robertsLando
robertsLando requested changes Dec 19, 2023
View reviewed changes
writeToStream.js
Comment on lines +204 to +205
// `username` is not required when password is present in MQTT-v5
// see also: https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901044
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this comment above the if for consistency

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertsLando robertsLando robertsLando requested changes

@mcollina mcollina Awaiting requested review from mcollina

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JimMoen @robertsLando