Merge pull request #13041 from zmstone/0513-http-authn-header-missing-should-result-in-meaningful-error-message

0513 http authn header missing should result in meaningful error message
2024-05-16 13:17:20 +02:00 · 2024-05-16 13:17:20 +02:00 · 0be1249bbe
parent 71b393be89 5983b7c6f2
commit 0be1249bbe
4 changed files with 25 additions and 19 deletions
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -93,7 +93,6 @@
    validate_heap_size/1,
    validate_packet_size/1,
    user_lookup_fun_tr/2,
-    validate_alarm_actions/1,
    validate_keepalive_multiplier/1,
    non_empty_string/1,
    validations/0,
@ -1617,10 +1616,9 @@ fields("alarm") ->
    [
        {"actions",
            sc(
-                hoconsc:array(atom()),
+                hoconsc:array(hoconsc:enum([log, publish])),
                #{
                    default => [log, publish],
-                    validator => fun ?MODULE:validate_alarm_actions/1,
                    example => [log, publish],
                    desc => ?DESC(alarm_actions)
                }
@ -2761,15 +2759,6 @@ validate_keepalive_multiplier(Multiplier) when
 validate_keepalive_multiplier(_Multiplier) ->
    {error, #{reason => keepalive_multiplier_out_of_range, min => 1, max => 65535}}.

-validate_alarm_actions(Actions) ->
-    UnSupported = lists:filter(
-        fun(Action) -> Action =/= log andalso Action =/= publish end, Actions
-    ),
-    case UnSupported of
-        [] -> ok;
-        Error -> {error, Error}
-    end.
-
 validate_tcp_keepalive(Value) ->
    case iolist_to_binary(Value) of
        <<"none">> ->
--- a/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl
+++ b/apps/emqx_auth/src/emqx_authn/emqx_authn_chains.erl
@ -678,16 +678,28 @@ do_authenticate(
            {stop, Result}
    catch
        Class:Reason:Stacktrace ->
-            ?TRACE_AUTHN(warning, "authenticator_error", #{
+            ?TRACE_AUTHN(
+                warning,
+                "authenticator_error",
+                maybe_add_stacktrace(
+                    Class,
+                    #{
                        exception => Class,
                        reason => Reason,
-                stacktrace => Stacktrace,
                        authenticator => ID
-            }),
+                    },
+                    Stacktrace
+                )
+            ),
            emqx_metrics_worker:inc(authn_metrics, MetricsID, nomatch),
            do_authenticate(ChainName, More, Credential)
    end.

+maybe_add_stacktrace('throw', Data, _Stacktrace) ->
+    Data;
+maybe_add_stacktrace(_, Data, Stacktrace) ->
+    Data#{stacktrace => Stacktrace}.
+
 authenticate_with_provider(#authenticator{id = ID, provider = Provider, state = State}, Credential) ->
    AuthnResult = Provider:authenticate(Credential, State),
    ?TRACE_AUTHN("authenticator_result", #{
--- a/apps/emqx_auth_http/src/emqx_authn_http.erl
+++ b/apps/emqx_auth_http/src/emqx_authn_http.erl
@ -189,7 +189,9 @@ qs([{K, V} | More], Acc) ->
 serialize_body(<<"application/json">>, Body) ->
    emqx_utils_json:encode(Body);
 serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
-    qs(maps:to_list(Body)).
+    qs(maps:to_list(Body));
+serialize_body(undefined, _) ->
+    throw("missing_content_type_header").

 handle_response(Headers, Body) ->
    ContentType = proplists:get_value(<<"content-type">>, Headers),
--- a/changes/ce/fix-13041.en.md
+++ b/changes/ce/fix-13041.en.md
@ -0,0 +1,3 @@
+Improve HTTP authentication error log message.
+
+If HTTP content-type header is missing for POST method, it now emits a meaningful error message instead of a less readable exception with stack trace.