From 0846939760f54257adda650da4dacef5f7722b0b Mon Sep 17 00:00:00 2001 From: firest Date: Fri, 15 Sep 2023 10:13:07 +0800 Subject: [PATCH] fix(ldap): remove unused code and mark sensitive field --- apps/emqx_ldap/src/emqx_ldap.erl | 1 + apps/emqx_ldap/src/emqx_ldap_bind_worker.erl | 4 ++-- apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl | 6 ------ apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl | 6 ------ apps/emqx_utils/src/emqx_utils.erl | 6 +++++- 5 files changed, 8 insertions(+), 15 deletions(-) diff --git a/apps/emqx_ldap/src/emqx_ldap.erl b/apps/emqx_ldap/src/emqx_ldap.erl index f07f76730..cdf6a9a4c 100644 --- a/apps/emqx_ldap/src/emqx_ldap.erl +++ b/apps/emqx_ldap/src/emqx_ldap.erl @@ -86,6 +86,7 @@ fields(bind_opts) -> desc => ?DESC(bind_password), default => <<"${password}">>, example => <<"${password}">>, + sensitive => true, validator => fun emqx_schema:non_empty_string/1 } )} diff --git a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl index 496d93ff2..e4e341002 100644 --- a/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl +++ b/apps/emqx_ldap/src/emqx_ldap_bind_worker.erl @@ -48,7 +48,7 @@ on_stop(InstId, _State) -> case emqx_resource:get_allocated_resources(InstId) of #{?MODULE := PoolName} -> ?SLOG(info, #{ - msg => "starting_ldap_bind_worker", + msg => "stopping_ldap_bind_worker", pool => PoolName }), emqx_resource_pool:stop(PoolName); @@ -69,7 +69,7 @@ on_query( Password = emqx_placeholder:proc_tmpl(PWTks, Data), LogMeta = #{connector => InstId, state => State}, - ?TRACE("QUERY", "ldap_connector_received", LogMeta), + ?TRACE("QUERY", "ldap_connector_about_to_bind", LogMeta), case ecpool:pick_and_do( PoolName, diff --git a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl index 40501456e..7b5220b04 100644 --- a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl @@ -250,9 +250,3 @@ ldap_server() -> ldap_config() -> emqx_ldap_SUITE:ldap_config([]). - -start_apps(Apps) -> - lists:foreach(fun application:ensure_all_started/1, Apps). - -stop_apps(Apps) -> - lists:foreach(fun application:stop/1, Apps). diff --git a/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl index 5159799b6..996416f52 100644 --- a/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl +++ b/apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl @@ -247,9 +247,3 @@ ldap_server() -> ldap_config() -> emqx_ldap_SUITE:ldap_config([]). - -start_apps(Apps) -> - lists:foreach(fun application:ensure_all_started/1, Apps). - -stop_apps(Apps) -> - lists:foreach(fun application:stop/1, Apps). diff --git a/apps/emqx_utils/src/emqx_utils.erl b/apps/emqx_utils/src/emqx_utils.erl index 80a9f8754..e21affce6 100644 --- a/apps/emqx_utils/src/emqx_utils.erl +++ b/apps/emqx_utils/src/emqx_utils.erl @@ -647,6 +647,9 @@ is_sensitive_key(<<"jwt">>) -> true; is_sensitive_key(authorization) -> true; is_sensitive_key("authorization") -> true; is_sensitive_key(<<"authorization">>) -> true; +is_sensitive_key(bind_password) -> true; +is_sensitive_key("bind_password") -> true; +is_sensitive_key(<<"bind_password">>) -> true; is_sensitive_key(Key) -> is_authorization(Key). redact(Term) -> @@ -777,7 +780,8 @@ redact_test_() -> secret, secret_key, security_token, - token + token, + bind_password ], [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].