Merge pull request #11649 from lafirest/fix/sso_running_authz

fix(sso): use the correct way to mark the API as authorization-free
2023-09-21 18:09:09 +08:00 · 2023-09-21 18:09:09 +08:00 · 1dce264243
parent d92a93d4b3 9a128517d8
commit 1dce264243
2 changed files with 9 additions and 37 deletions
--- a/apps/emqx_dashboard/src/emqx_dashboard.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard.erl
@ -217,31 +217,12 @@ authorize(Req) ->
                        <<"You don't have permission to access this resource">>}
            end;
        _ ->
-            case is_authorization_free(Req) of
-                true ->
-                    ok;
-                _ ->
-                    return_unauthorized(
-                        <<"AUTHORIZATION_HEADER_ERROR">>,
-                        <<"Support authorization: basic/bearer ">>
-                    )
-            end
+            return_unauthorized(
+                <<"AUTHORIZATION_HEADER_ERROR">>,
+                <<"Support authorization: basic/bearer ">>
+            )
    end.

-if(?EMQX_RELEASE_EDITION == ee).
-%% this is a temporary design to skip the authorization for some APIs,
-%% it will be removed future
-is_authorization_free(Req) ->
-    emqx_dashboard_sso_api:is_authorization_free(Req).
-
-else.
-
-dialyzer({no_match, [authorize/1]}).
-
-is_authorization_free(_Req) ->
-    false.
-endif.
-
 return_unauthorized(Code, Message) ->
    {401,
        #{
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
@ -31,7 +31,7 @@
    backend/2
 ]).

-export([sso_parameters/1, is_authorization_free/1]).
+-export([sso_parameters/1]).

 -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD').
 -define(BAD_REQUEST, 'BAD_REQUEST').
@ -59,7 +59,8 @@ schema("/sso/running") ->
            desc => ?DESC(list_running),
            responses => #{
                200 => array(enum(emqx_dashboard_sso:types()))
-            }
+            },
+            security => []
        }
    };
 schema("/sso") ->
@ -85,7 +86,8 @@ schema("/sso/login/:backend") ->
                200 => emqx_dashboard_api:fields([token, version, license]),
                401 => response_schema(401),
                404 => response_schema(404)
-            }
+            },
+            security => []
        }
    };
 schema("/sso/:backend") ->
@ -191,10 +193,6 @@ backend(delete, #{bindings := #{backend := Backend}}) ->
 sso_parameters(Params) ->
    backend_name_as_arg(query, [local], <<"local">>) ++ Params.

-is_authorization_free(Req) ->
-    Path = cowboy_req:path(Req),
-    is_path_authorization_free(Path).
-
 %% -------------------------------------------------------------------------------------------------
 %% internal
 response_schema(401) ->
@ -255,10 +253,3 @@ to_json(Data) ->
            {K, emqx_utils_maps:binary_string(V)}
        end
    ).
-
-is_path_authorization_free(<<"/api/v5/sso/running">>) ->
-    true;
-is_path_authorization_free(<<"/api/v5/sso/login", _/binary>>) ->
-    true;
-is_path_authorization_free(_) ->
-    false.