From 9a128517d89d660471c4dd55876a5f99a8d6dcdd Mon Sep 17 00:00:00 2001
From: firest <enlanubo@gmail.com>
Date: Thu, 21 Sep 2023 15:52:05 +0800
Subject: [PATCH] fix(sso): use the correct way to mark the API as
 authorization-free

---
 apps/emqx_dashboard/src/emqx_dashboard.erl    | 27 +++----------------
 .../src/emqx_dashboard_sso_api.erl            | 19 ++++---------
 2 files changed, 9 insertions(+), 37 deletions(-)

diff --git a/apps/emqx_dashboard/src/emqx_dashboard.erl b/apps/emqx_dashboard/src/emqx_dashboard.erl
index 9599eb567..e6a9a2fd1 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard.erl
@@ -217,31 +217,12 @@ authorize(Req) ->
                         <<"You don't have permission to access this resource">>}
             end;
         _ ->
-            case is_authorization_free(Req) of
-                true ->
-                    ok;
-                _ ->
-                    return_unauthorized(
-                        <<"AUTHORIZATION_HEADER_ERROR">>,
-                        <<"Support authorization: basic/bearer ">>
-                    )
-            end
+            return_unauthorized(
+                <<"AUTHORIZATION_HEADER_ERROR">>,
+                <<"Support authorization: basic/bearer ">>
+            )
     end.
 
--if(?EMQX_RELEASE_EDITION == ee).
-%% this is a temporary design to skip the authorization for some APIs,
-%% it will be removed future
-is_authorization_free(Req) ->
-    emqx_dashboard_sso_api:is_authorization_free(Req).
-
--else.
-
--dialyzer({no_match, [authorize/1]}).
-
-is_authorization_free(_Req) ->
-    false.
--endif.
-
 return_unauthorized(Code, Message) ->
     {401,
         #{
diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
index 9e348e4d2..26e2f132f 100644
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_api.erl
@@ -31,7 +31,7 @@
     backend/2
 ]).
 
--export([sso_parameters/1, is_authorization_free/1]).
+-export([sso_parameters/1]).
 
 -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD').
 -define(BAD_REQUEST, 'BAD_REQUEST').
@@ -59,7 +59,8 @@ schema("/sso/running") ->
             desc => ?DESC(list_running),
             responses => #{
                 200 => array(enum(emqx_dashboard_sso:types()))
-            }
+            },
+            security => []
         }
     };
 schema("/sso") ->
@@ -85,7 +86,8 @@ schema("/sso/login/:backend") ->
                 200 => emqx_dashboard_api:fields([token, version, license]),
                 401 => response_schema(401),
                 404 => response_schema(404)
-            }
+            },
+            security => []
         }
     };
 schema("/sso/:backend") ->
@@ -191,10 +193,6 @@ backend(delete, #{bindings := #{backend := Backend}}) ->
 sso_parameters(Params) ->
     backend_name_as_arg(query, [local], <<"local">>) ++ Params.
 
-is_authorization_free(Req) ->
-    Path = cowboy_req:path(Req),
-    is_path_authorization_free(Path).
-
 %% -------------------------------------------------------------------------------------------------
 %% internal
 response_schema(401) ->
@@ -255,10 +253,3 @@ to_json(Data) ->
             {K, emqx_utils_maps:binary_string(V)}
         end
     ).
-
-is_path_authorization_free(<<"/api/v5/sso/running">>) ->
-    true;
-is_path_authorization_free(<<"/api/v5/sso/login", _/binary>>) ->
-    true;
-is_path_authorization_free(_) ->
-    false.