fix: check authn's mechanism field

2022-09-14 10:44:36 +08:00 · 2022-09-14 10:44:36 +08:00 · 6bd72fe5a1
parent 0ca89da1a7
commit 6bd72fe5a1
3 changed files with 28 additions and 15 deletions
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@ -415,7 +415,8 @@ check_config(SchemaMod, RawConf, Opts0) ->
    Opts1 = #{
        return_plain => true,
        format => map,
-        check_lazy => true
+        %% Don't check lazy types, such as authenticate
+        check_lazy => false
    },
    Opts = maps:merge(Opts0, Opts1),
    {AppEnvs, CheckedConf} =
--- a/apps/emqx_authn/src/emqx_authn.erl
+++ b/apps/emqx_authn/src/emqx_authn.erl
@ -70,7 +70,9 @@ do_check_config(#{<<"mechanism">> := Mec} = Config, Opts) ->
                #{?CONF_NS_BINARY => Config},
                Opts#{atom_key => true}
            )
-    end.
+    end;
+do_check_config(_Config, _Opts) ->
+    throw({invalid_config, "mechanism_field_required"}).

 atom(Bin) ->
    try
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@ -37,8 +37,10 @@
 start(_StartType, _StartArgs) ->
    ok = mria_rlog:wait_for_shards([?AUTH_SHARD], infinity),
    {ok, Sup} = emqx_authn_sup:start_link(),
-    ok = initialize(),
-    {ok, Sup}.
+    case initialize() of
+        ok -> {ok, Sup};
+        {error, Reason} -> {error, Reason}
+    end.

 stop(_State) ->
    ok = deinitialize(),
@ -49,18 +51,26 @@ stop(_State) ->
 %%------------------------------------------------------------------------------

 initialize() ->
-    ok = ?AUTHN:register_providers(emqx_authn:providers()),
+    try
+        ok = ?AUTHN:register_providers(emqx_authn:providers()),

-    lists:foreach(
-        fun({ChainName, RawAuthConfigs}) ->
-            AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
-            ?AUTHN:initialize_authentication(
-                ChainName,
-                AuthConfig
-            )
-        end,
-        chain_configs()
-    ).
+        lists:foreach(
+            fun({ChainName, RawAuthConfigs}) ->
+                AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
+                ?AUTHN:initialize_authentication(
+                    ChainName,
+                    AuthConfig
+                )
+            end,
+            chain_configs()
+        )
+    of
+        ok -> ok
+    catch
+        throw:Reason ->
+            ?SLOG(error, #{msg => "Failed to initialize authentication", reason => Reason}),
+            {error, {failed_to_initialize_authentication, Reason}}
+    end.

 deinitialize() ->
    ok = ?AUTHN:deregister_providers(provider_types()),