yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(ldap): remove unused code and mark sensitive field

This commit is contained in:
firest 2023-09-15 10:13:07 +08:00
parent d0636dee7a
commit 0846939760
5 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/emqx_ldap/src/emqx_ldap.erl
View File

@ -86,6 +86,7 @@ fields(bind_opts) ->
desc => ?DESC(bind_password), desc => ?DESC(bind_password),
default => <<"${password}">>, default => <<"${password}">>,
example => <<"${password}">>, example => <<"${password}">>,
sensitive => true,
validator => fun emqx_schema:non_empty_string/1 validator => fun emqx_schema:non_empty_string/1
} }
)} )}

4
apps/emqx_ldap/src/emqx_ldap_bind_worker.erl
View File

@ -48,7 +48,7 @@ on_stop(InstId, _State) ->
case emqx_resource:get_allocated_resources(InstId) of case emqx_resource:get_allocated_resources(InstId) of
#{?MODULE := PoolName} -> #{?MODULE := PoolName} ->
?SLOG(info, #{ ?SLOG(info, #{
msg => "starting_ldap_bind_worker", msg => "stopping_ldap_bind_worker",
pool => PoolName pool => PoolName
}), }),
emqx_resource_pool:stop(PoolName); emqx_resource_pool:stop(PoolName);
@ -69,7 +69,7 @@ on_query(
Password = emqx_placeholder:proc_tmpl(PWTks, Data), Password = emqx_placeholder:proc_tmpl(PWTks, Data),
LogMeta = #{connector => InstId, state => State}, LogMeta = #{connector => InstId, state => State},
?TRACE("QUERY", "ldap_connector_received", LogMeta), ?TRACE("QUERY", "ldap_connector_about_to_bind", LogMeta),
case case
ecpool:pick_and_do( ecpool:pick_and_do(
PoolName, PoolName,

6
apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
View File

@ -250,9 +250,3 @@ ldap_server() ->
ldap_config() -> ldap_config() ->
emqx_ldap_SUITE:ldap_config([]). emqx_ldap_SUITE:ldap_config([]).
start_apps(Apps) ->
lists:foreach(fun application:ensure_all_started/1, Apps).
stop_apps(Apps) ->
lists:foreach(fun application:stop/1, Apps).

6
apps/emqx_ldap/test/emqx_ldap_authn_bind_SUITE.erl
View File

@ -247,9 +247,3 @@ ldap_server() ->
ldap_config() -> ldap_config() ->
emqx_ldap_SUITE:ldap_config([]). emqx_ldap_SUITE:ldap_config([]).
start_apps(Apps) ->
lists:foreach(fun application:ensure_all_started/1, Apps).
stop_apps(Apps) ->
lists:foreach(fun application:stop/1, Apps).

6
apps/emqx_utils/src/emqx_utils.erl
View File

@ -647,6 +647,9 @@ is_sensitive_key(<<"jwt">>) -> true;
is_sensitive_key(authorization) -> true; is_sensitive_key(authorization) -> true;
is_sensitive_key("authorization") -> true; is_sensitive_key("authorization") -> true;
is_sensitive_key(<<"authorization">>) -> true; is_sensitive_key(<<"authorization">>) -> true;
is_sensitive_key(bind_password) -> true;
is_sensitive_key("bind_password") -> true;
is_sensitive_key(<<"bind_password">>) -> true;
is_sensitive_key(Key) -> is_authorization(Key). is_sensitive_key(Key) -> is_authorization(Key).
redact(Term) -> redact(Term) ->
@ -777,7 +780,8 @@ redact_test_() ->
secret, secret,
secret_key, secret_key,
security_token, security_token,
token token,
bind_password
], ],
[{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types]. [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].