fix(ldap): remove unused code and mark sensitive field

2023-09-15 10:13:07 +08:00 · 2023-09-15 10:13:07 +08:00 · 0846939760
parent d0636dee7a
commit 0846939760
5 changed files with 8 additions and 15 deletions
--- a/apps/emqx_ldap/src/emqx_ldap.erl
+++ b/apps/emqx_ldap/src/emqx_ldap.erl
@ -86,6 +86,7 @@ fields(bind_opts) ->
                    desc => ?DESC(bind_password),
                    default => <<"${password}">>,
                    example => <<"${password}">>,
+                    sensitive => true,
                    validator => fun emqx_schema:non_empty_string/1
                }
            )}
--- a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl
+++ b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl
@ -48,7 +48,7 @@ on_stop(InstId, _State) ->
    case emqx_resource:get_allocated_resources(InstId) of
        #{?MODULE := PoolName} ->
            ?SLOG(info, #{
-                msg => "starting_ldap_bind_worker",
+                msg => "stopping_ldap_bind_worker",
                pool => PoolName
            }),
            emqx_resource_pool:stop(PoolName);
@ -69,7 +69,7 @@ on_query(
    Password = emqx_placeholder:proc_tmpl(PWTks, Data),

    LogMeta = #{connector => InstId, state => State},
-    ?TRACE("QUERY", "ldap_connector_received", LogMeta),
+    ?TRACE("QUERY", "ldap_connector_about_to_bind", LogMeta),
    case
        ecpool:pick_and_do(
            PoolName,
--- a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
+++ b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
@ -250,9 +250,3 @@ ldap_server() ->

 ldap_config() ->
    emqx_ldap_SUITE:ldap_config([]).
-
-start_apps(Apps) ->
-    lists:foreach(fun application:ensure_all_started/1, Apps).
-
-stop_apps(Apps) ->
-    lists:foreach(fun application:stop/1, Apps).
--- a/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl
+++ b/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl
@ -247,9 +247,3 @@ ldap_server() ->

 ldap_config() ->
    emqx_ldap_SUITE:ldap_config([]).
-
-start_apps(Apps) ->
-    lists:foreach(fun application:ensure_all_started/1, Apps).
-
-stop_apps(Apps) ->
-    lists:foreach(fun application:stop/1, Apps).
--- a/apps/emqx_utils/src/emqx_utils.erl
+++ b/apps/emqx_utils/src/emqx_utils.erl
@ -647,6 +647,9 @@ is_sensitive_key(<<"jwt">>) -> true;
 is_sensitive_key(authorization) -> true;
 is_sensitive_key("authorization") -> true;
 is_sensitive_key(<<"authorization">>) -> true;
+is_sensitive_key(bind_password) -> true;
+is_sensitive_key("bind_password") -> true;
+is_sensitive_key(<<"bind_password">>) -> true;
 is_sensitive_key(Key) -> is_authorization(Key).

 redact(Term) ->
@ -777,7 +780,8 @@ redact_test_() ->
        secret,
        secret_key,
        security_token,
-        token
+        token,
+        bind_password
    ],
    [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].