From 7faf73e0f456141204a4bb8ecc9bad5e36f52b37 Mon Sep 17 00:00:00 2001
From: zmstone <zmstone@gmail.com>
Date: Mon, 13 May 2024 10:54:33 +0200
Subject: [PATCH 1/3] chore(emqx_schema): change atom array to enum array for
 alarm.actions

---
 apps/emqx/src/emqx_schema.erl | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 4727ae3c8..f9466874d 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -93,7 +93,6 @@
     validate_heap_size/1,
     validate_packet_size/1,
     user_lookup_fun_tr/2,
-    validate_alarm_actions/1,
     validate_keepalive_multiplier/1,
     non_empty_string/1,
     validations/0,
@@ -1617,10 +1616,9 @@ fields("alarm") ->
     [
         {"actions",
             sc(
-                hoconsc:array(atom()),
+                hoconsc:array(hoconsc:enum([log, publish])),
                 #{
                     default => [log, publish],
-                    validator => fun ?MODULE:validate_alarm_actions/1,
                     example => [log, publish],
                     desc => ?DESC(alarm_actions)
                 }
@@ -2761,15 +2759,6 @@ validate_keepalive_multiplier(Multiplier) when
 validate_keepalive_multiplier(_Multiplier) ->
     {error, #{reason => keepalive_multiplier_out_of_range, min => 1, max => 65535}}.
 
-validate_alarm_actions(Actions) ->
-    UnSupported = lists:filter(
-        fun(Action) -> Action =/= log andalso Action =/= publish end, Actions
-    ),
-    case UnSupported of
-        [] -> ok;
-        Error -> {error, Error}
-    end.
-
 validate_tcp_keepalive(Value) ->
     case iolist_to_binary(Value) of
         <<"none">> ->

From 93232d425371b5d0ee51af34138fcc37ede2eff8 Mon Sep 17 00:00:00 2001
From: zmstone <zmstone@gmail.com>
Date: Tue, 14 May 2024 10:22:07 +0200
Subject: [PATCH 2/3] fix(authn/http): log meaningful error message if http
 header is missing

---
 .../src/emqx_authn/emqx_authn_chains.erl      | 24 ++++++++++++++-----
 apps/emqx_auth_http/src/emqx_authn_http.erl   |  4 +++-
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl b/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl
index 946ef9ff3..27fc19ca7 100644
--- a/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl
+++ b/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl
@@ -678,16 +678,28 @@ do_authenticate(
             {stop, Result}
     catch
         Class:Reason:Stacktrace ->
-            ?TRACE_AUTHN(warning, "authenticator_error", #{
-                exception => Class,
-                reason => Reason,
-                stacktrace => Stacktrace,
-                authenticator => ID
-            }),
+            ?TRACE_AUTHN(
+                warning,
+                "authenticator_error",
+                maybe_add_stacktrace(
+                    Class,
+                    #{
+                        exception => Class,
+                        reason => Reason,
+                        authenticator => ID
+                    },
+                    Stacktrace
+                )
+            ),
             emqx_metrics_worker:inc(authn_metrics, MetricsID, nomatch),
             do_authenticate(ChainName, More, Credential)
     end.
 
+maybe_add_stacktrace('throw', Data, _Stacktrace) ->
+    Data;
+maybe_add_stacktrace(_, Data, Stacktrace) ->
+    Data#{stacktrace => Stacktrace}.
+
 authenticate_with_provider(#authenticator{id = ID, provider = Provider, state = State}, Credential) ->
     AuthnResult = Provider:authenticate(Credential, State),
     ?TRACE_AUTHN("authenticator_result", #{
diff --git a/apps/emqx_auth_http/src/emqx_authn_http.erl b/apps/emqx_auth_http/src/emqx_authn_http.erl
index 5cbffb394..96eb1215a 100644
--- a/apps/emqx_auth_http/src/emqx_authn_http.erl
+++ b/apps/emqx_auth_http/src/emqx_authn_http.erl
@@ -189,7 +189,9 @@ qs([{K, V} | More], Acc) ->
 serialize_body(<<"application/json">>, Body) ->
     emqx_utils_json:encode(Body);
 serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
-    qs(maps:to_list(Body)).
+    qs(maps:to_list(Body));
+serialize_body(undefined, _) ->
+    throw("missing_content_type_header").
 
 handle_response(Headers, Body) ->
     ContentType = proplists:get_value(<<"content-type">>, Headers),

From 5983b7c6f263f55d2e1390978beba48bc63c0858 Mon Sep 17 00:00:00 2001
From: zmstone <zmstone@gmail.com>
Date: Tue, 14 May 2024 10:26:35 +0200
Subject: [PATCH 3/3] docs: add changelog for PR 13041

---
 changes/ce/fix-13041.en.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changes/ce/fix-13041.en.md

diff --git a/changes/ce/fix-13041.en.md b/changes/ce/fix-13041.en.md
new file mode 100644
index 000000000..56dcf0bc1
--- /dev/null
+++ b/changes/ce/fix-13041.en.md
@@ -0,0 +1,3 @@
+Improve HTTP authentication error log message.
+
+If HTTP content-type header is missing for POST method, it now emits a meaningful error message instead of a less readable exception with stack trace.