From 074c0bd2cc3db367b71ad61d7c2617f2c66cba1d Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Wed, 9 Jun 2021 11:40:52 +0200
Subject: [PATCH] fix(auth_ldap): Handle missing attributes

Fixes: #4953
---
 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl        | 11 +++--------
 apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src   |  2 +-
 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src |  8 ++++++++
 3 files changed, 12 insertions(+), 9 deletions(-)
 create mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src

diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
index 25287052c..8324f6414 100644
--- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
+++ b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
@@ -27,10 +27,6 @@
         , description/0
         ]).
 
--import(proplists, [get_value/2]).
-
--import(emqx_auth_ldap_cli, [search/4]).
-
 -spec(register_metrics() -> ok).
 register_metrics() ->
     lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
@@ -70,14 +66,14 @@ do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
 
     BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
 
-    case search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
+    case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
         {error, noSuchObject} ->
             ok;
         {ok, #eldap_search_result{entries = []}} ->
             ok;
         {ok, #eldap_search_result{entries = [Entry]}} ->
-            Topics = get_value(Attribute, Entry#eldap_entry.attributes)
-                ++ get_value(Attribute1, Entry#eldap_entry.attributes),
+            Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, [])
+                ++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []),
             match(Topic, Topics);
         Error ->
             ?LOG(error, "[LDAP] search error:~p", [Error]),
@@ -95,4 +91,3 @@ match(Topic, [Filter | Topics]) ->
 
 description() ->
     "ACL with LDAP".
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
index 8635c4834..119434aba 100644
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
@@ -1,6 +1,6 @@
 {application, emqx_auth_ldap,
  [{description, "EMQ X Authentication/ACL with LDAP"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "4.3.1"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_auth_ldap_sup]},
   {applications, [kernel,stdlib,eldap2,ecpool]},
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
new file mode 100644
index 000000000..8b70bf484
--- /dev/null
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
@@ -0,0 +1,8 @@
+%% -*- mode: erlang -*-
+{VSN,
+  [{"4.3.0",
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+   {<<".*">>,[]}],
+  [{"4.3.0",
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+   {<<".*">>,[]}]}.