fix(ldap): improve the LDAP `parse_config` function
This commit is contained in:
firest
parent
aae59f1efd
commit
0c33df3912
|
|
@ -86,19 +86,7 @@ destroy(#{resource_id := ResourceId}) ->
|
||||||
|
|
||||||
parse_config(Config0) ->
|
parse_config(Config0) ->
|
||||||
Config = ensure_bind_password(Config0),
|
Config = ensure_bind_password(Config0),
|
||||||
State = lists:foldl(
|
{Config, emqx_ldap:parse_config(Config, [query_timeout], [])}.
|
||||||
fun(Key, Acc) ->
|
|
||||||
case maps:find(Key, Config) of
|
|
||||||
{ok, Value} when is_binary(Value) ->
|
|
||||||
Acc#{Key := erlang:binary_to_list(Value)};
|
|
||||||
_ ->
|
|
||||||
Acc
|
|
||||||
end
|
|
||||||
end,
|
|
||||||
Config,
|
|
||||||
[query_timeout]
|
|
||||||
),
|
|
||||||
{Config, State}.
|
|
||||||
|
|
||||||
%% In this feature, the `bind_password` is fixed, so it should conceal from the swagger,
|
%% In this feature, the `bind_password` is fixed, so it should conceal from the swagger,
|
||||||
%% but the connector still needs it, hence we should add it back here
|
%% but the connector still needs it, hence we should add it back here
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@
|
||||||
|
|
||||||
-export([roots/0, fields/1, desc/1]).
|
-export([roots/0, fields/1, desc/1]).
|
||||||
|
|
||||||
-export([do_get_status/1]).
|
-export([do_get_status/1, parse_config/3]).
|
||||||
|
|
||||||
-define(LDAP_HOST_OPTIONS, #{
|
-define(LDAP_HOST_OPTIONS, #{
|
||||||
default_port => 389
|
default_port => 389
|
||||||
|
|
@ -114,6 +114,28 @@ ensure_username(required) ->
|
||||||
ensure_username(Field) ->
|
ensure_username(Field) ->
|
||||||
?ECS:username(Field).
|
?ECS:username(Field).
|
||||||
|
|
||||||
|
parse_config(Config, ToKeep, ToString) ->
|
||||||
|
Convert = fun(Value) ->
|
||||||
|
case lists:member(Value, ToString) of
|
||||||
|
true ->
|
||||||
|
erlang:binary_to_list(Value);
|
||||||
|
_ ->
|
||||||
|
Value
|
||||||
|
end
|
||||||
|
end,
|
||||||
|
lists:foldl(
|
||||||
|
fun(Key, Acc) ->
|
||||||
|
case maps:find(Key, Config) of
|
||||||
|
{ok, Value} ->
|
||||||
|
Acc#{Key => Convert(Value)};
|
||||||
|
_ ->
|
||||||
|
Acc
|
||||||
|
end
|
||||||
|
end,
|
||||||
|
#{},
|
||||||
|
ToKeep ++ ToString
|
||||||
|
).
|
||||||
|
|
||||||
%% ===================================================================
|
%% ===================================================================
|
||||||
callback_mode() -> always_sync.
|
callback_mode() -> always_sync.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -91,14 +91,14 @@ refs() ->
|
||||||
create(_AuthenticatorID, Config) ->
|
create(_AuthenticatorID, Config) ->
|
||||||
do_create(?MODULE, Config).
|
do_create(?MODULE, Config).
|
||||||
|
|
||||||
do_create(Module, Config0) ->
|
do_create(Module, Config) ->
|
||||||
ResourceId = emqx_authn_utils:make_resource_id(Module),
|
ResourceId = emqx_authn_utils:make_resource_id(Module),
|
||||||
{Config, State} = parse_config(Config0),
|
State = parse_config(Config),
|
||||||
{ok, _Data} = emqx_authn_utils:create_resource(ResourceId, emqx_ldap, Config),
|
{ok, _Data} = emqx_authn_utils:create_resource(ResourceId, emqx_ldap, Config),
|
||||||
{ok, State#{resource_id => ResourceId}}.
|
{ok, State#{resource_id => ResourceId}}.
|
||||||
|
|
||||||
update(Config0, #{resource_id := ResourceId} = _State) ->
|
update(Config, #{resource_id := ResourceId} = _State) ->
|
||||||
{Config, NState} = parse_config(Config0),
|
NState = parse_config(Config),
|
||||||
case emqx_authn_utils:update_resource(emqx_ldap, Config, ResourceId) of
|
case emqx_authn_utils:update_resource(emqx_ldap, Config, ResourceId) of
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
error({load_config_error, Reason});
|
error({load_config_error, Reason});
|
||||||
|
|
@ -143,19 +143,7 @@ authenticate(
|
||||||
end.
|
end.
|
||||||
|
|
||||||
parse_config(Config) ->
|
parse_config(Config) ->
|
||||||
State = lists:foldl(
|
emqx_ldap:parse_config(Config, [query_timeout], [password_attribute, is_superuser_attribute]).
|
||||||
fun(Key, Acc) ->
|
|
||||||
case maps:find(Key, Config) of
|
|
||||||
{ok, Value} when is_binary(Value) ->
|
|
||||||
Acc#{Key := erlang:binary_to_list(Value)};
|
|
||||||
_ ->
|
|
||||||
Acc
|
|
||||||
end
|
|
||||||
end,
|
|
||||||
Config,
|
|
||||||
[password_attribute, is_superuser_attribute, query_timeout]
|
|
||||||
),
|
|
||||||
{Config, State}.
|
|
||||||
|
|
||||||
%% To compatible v4.x
|
%% To compatible v4.x
|
||||||
is_enabled(Password, #eldap_entry{attributes = Attributes} = Entry, State) ->
|
is_enabled(Password, #eldap_entry{attributes = Attributes} = Entry, State) ->
|
||||||
|
|
|
||||||
|
|
@ -134,21 +134,10 @@ do_authorize(_Action, _Topic, [], _Entry) ->
|
||||||
nomatch.
|
nomatch.
|
||||||
|
|
||||||
new_annotations(Init, Source) ->
|
new_annotations(Init, Source) ->
|
||||||
lists:foldl(
|
State = emqx_ldap:parse_config(Source, [query_timeout], [
|
||||||
fun(Attr, Acc) ->
|
publish_attribute, subscribe_attribute, all_attribute
|
||||||
Acc#{
|
]),
|
||||||
Attr =>
|
maps:merge(Init, State).
|
||||||
case maps:get(Attr, Source) of
|
|
||||||
Value when is_binary(Value) ->
|
|
||||||
erlang:binary_to_list(Value);
|
|
||||||
Value ->
|
|
||||||
Value
|
|
||||||
end
|
|
||||||
}
|
|
||||||
end,
|
|
||||||
Init,
|
|
||||||
[publish_attribute, subscribe_attribute, all_attribute]
|
|
||||||
).
|
|
||||||
|
|
||||||
select_attrs(#{action_type := publish}, #{publish_attribute := Pub, all_attribute := All}) ->
|
select_attrs(#{action_type := publish}, #{publish_attribute := Pub, all_attribute := All}) ->
|
||||||
[Pub, All];
|
[Pub, All];
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue