From 0b07561e9bf598dda7a13ade2323cbf7f4dc671f Mon Sep 17 00:00:00 2001
From: Zhongwen Deng <zhongwencool@gmail.com>
Date: Thu, 8 Sep 2022 14:26:49 +0800
Subject: [PATCH 1/5] fix: ensure authentication is array, not struct

---
 apps/emqx/src/emqx_authentication_config.erl | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/apps/emqx/src/emqx_authentication_config.erl b/apps/emqx/src/emqx_authentication_config.erl
index 681ed1394..b867800ae 100644
--- a/apps/emqx/src/emqx_authentication_config.erl
+++ b/apps/emqx/src/emqx_authentication_config.erl
@@ -64,7 +64,7 @@
 pre_config_update(_, UpdateReq, OldConfig) ->
     try do_pre_config_update(UpdateReq, to_list(OldConfig)) of
         {error, Reason} -> {error, Reason};
-        {ok, NewConfig} -> {ok, return_map(NewConfig)}
+        {ok, NewConfig} -> {ok, NewConfig}
     catch
         throw:Reason ->
             {error, Reason}
@@ -225,9 +225,6 @@ do_check_config(Type, Config, Module) ->
             throw({bad_authenticator_config, #{type => Type, reason => E}})
     end.
 
-return_map([L]) -> L;
-return_map(L) -> L.
-
 to_list(undefined) -> [];
 to_list(M) when M =:= #{} -> [];
 to_list(M) when is_map(M) -> [M];

From 49829caaa0da32d464bf716f8c4b734b2c562fd5 Mon Sep 17 00:00:00 2001
From: Zhongwen Deng <zhongwencool@gmail.com>
Date: Thu, 8 Sep 2022 14:27:50 +0800
Subject: [PATCH 2/5] fix: check authn(lazy type) config when boot

---
 apps/emqx/src/emqx_config.erl | 5 ++---
 apps/emqx/src/emqx_schema.erl | 1 +
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index 3d602349d..9bf098ec4 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -414,9 +414,8 @@ check_config(SchemaMod, RawConf) ->
 check_config(SchemaMod, RawConf, Opts0) ->
     Opts1 = #{
         return_plain => true,
-        %% TODO: evil, remove, required should be declared in schema
-        required => false,
-        format => map
+        format => map,
+        check_lazy => true
     },
     Opts = maps:merge(Opts0, Opts1),
     {AppEnvs, CheckedConf} =
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 35550d4e2..0bc028ec8 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -2245,6 +2245,7 @@ validate_alarm_actions(Actions) ->
         Error -> {error, Error}
     end.
 
+parse_user_lookup_fun({Fun, _} = Lookup) when is_function(Fun, 3) -> Lookup;
 parse_user_lookup_fun(StrConf) ->
     [ModStr, FunStr] = string:tokens(str(StrConf), ": "),
     Mod = list_to_atom(ModStr),

From 0ca89da1a715e382dbd15864087b6e85e1185a54 Mon Sep 17 00:00:00 2001
From: Zhongwen Deng <zhongwencool@gmail.com>
Date: Thu, 8 Sep 2022 14:44:25 +0800
Subject: [PATCH 3/5] chore: add authn changelog

---
 CHANGES-5.0.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES-5.0.md b/CHANGES-5.0.md
index 13a2fbb30..d2721b5bb 100644
--- a/CHANGES-5.0.md
+++ b/CHANGES-5.0.md
@@ -1,3 +1,8 @@
+# 5.0.9
+## Bug fixes
+
+* Ensure authentication type is an array, not struct. [#8923](https://github.com/emqx/emqx/pull/8923)
+
 # 5.0.8
 
 ## Bug fixes
@@ -8,6 +13,7 @@
 * Speed up dispatching of shared subscription messages in a cluster [#8893](https://github.com/emqx/emqx/pull/8893)
 * Fix the extra / prefix when CoAP gateway parsing client topics. [#8658](https://github.com/emqx/emqx/pull/8658)
 * Speed up updating the configuration, When some nodes in the cluster are down. [#8857](https://github.com/emqx/emqx/pull/8857)
+
 * Fix delayed publish inaccurate caused by os time change. [#8926](https://github.com/emqx/emqx/pull/8926)
 * Fix that EMQX can't start when the retainer is disabled [#8911](https://github.com/emqx/emqx/pull/8911)
 

From 6bd72fe5a14f8e3f7776fa4b50a228513c9e8fd3 Mon Sep 17 00:00:00 2001
From: Zhongwen Deng <zhongwencool@gmail.com>
Date: Wed, 14 Sep 2022 10:44:36 +0800
Subject: [PATCH 4/5] fix: check authn's mechanism field

---
 apps/emqx/src/emqx_config.erl          |  3 ++-
 apps/emqx_authn/src/emqx_authn.erl     |  4 ++-
 apps/emqx_authn/src/emqx_authn_app.erl | 36 ++++++++++++++++----------
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index 9bf098ec4..c5c67c7a5 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -415,7 +415,8 @@ check_config(SchemaMod, RawConf, Opts0) ->
     Opts1 = #{
         return_plain => true,
         format => map,
-        check_lazy => true
+        %% Don't check lazy types, such as authenticate
+        check_lazy => false
     },
     Opts = maps:merge(Opts0, Opts1),
     {AppEnvs, CheckedConf} =
diff --git a/apps/emqx_authn/src/emqx_authn.erl b/apps/emqx_authn/src/emqx_authn.erl
index 79d269a55..1f986e016 100644
--- a/apps/emqx_authn/src/emqx_authn.erl
+++ b/apps/emqx_authn/src/emqx_authn.erl
@@ -70,7 +70,9 @@ do_check_config(#{<<"mechanism">> := Mec} = Config, Opts) ->
                 #{?CONF_NS_BINARY => Config},
                 Opts#{atom_key => true}
             )
-    end.
+    end;
+do_check_config(_Config, _Opts) ->
+    throw({invalid_config, "mechanism_field_required"}).
 
 atom(Bin) ->
     try
diff --git a/apps/emqx_authn/src/emqx_authn_app.erl b/apps/emqx_authn/src/emqx_authn_app.erl
index f761bfe33..6823d8694 100644
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@@ -37,8 +37,10 @@
 start(_StartType, _StartArgs) ->
     ok = mria_rlog:wait_for_shards([?AUTH_SHARD], infinity),
     {ok, Sup} = emqx_authn_sup:start_link(),
-    ok = initialize(),
-    {ok, Sup}.
+    case initialize() of
+        ok -> {ok, Sup};
+        {error, Reason} -> {error, Reason}
+    end.
 
 stop(_State) ->
     ok = deinitialize(),
@@ -49,18 +51,26 @@ stop(_State) ->
 %%------------------------------------------------------------------------------
 
 initialize() ->
-    ok = ?AUTHN:register_providers(emqx_authn:providers()),
+    try
+        ok = ?AUTHN:register_providers(emqx_authn:providers()),
 
-    lists:foreach(
-        fun({ChainName, RawAuthConfigs}) ->
-            AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
-            ?AUTHN:initialize_authentication(
-                ChainName,
-                AuthConfig
-            )
-        end,
-        chain_configs()
-    ).
+        lists:foreach(
+            fun({ChainName, RawAuthConfigs}) ->
+                AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
+                ?AUTHN:initialize_authentication(
+                    ChainName,
+                    AuthConfig
+                )
+            end,
+            chain_configs()
+        )
+    of
+        ok -> ok
+    catch
+        throw:Reason ->
+            ?SLOG(error, #{msg => "Failed to initialize authentication", reason => Reason}),
+            {error, {failed_to_initialize_authentication, Reason}}
+    end.
 
 deinitialize() ->
     ok = ?AUTHN:deregister_providers(provider_types()),

From 5056cbebf4c04bd381482b51fc44d68c1db0535c Mon Sep 17 00:00:00 2001
From: zhongwencool <zhongwencool@gmail.com>
Date: Thu, 15 Sep 2022 18:04:41 +0800
Subject: [PATCH 5/5] chore: update apps/emqx_authn/src/emqx_authn_app.erl

Co-authored-by: Zaiming (Stone) Shi <zmstone@gmail.com>
---
 apps/emqx_authn/src/emqx_authn_app.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx_authn/src/emqx_authn_app.erl b/apps/emqx_authn/src/emqx_authn_app.erl
index 6823d8694..5adf067b4 100644
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@@ -68,7 +68,7 @@ initialize() ->
         ok -> ok
     catch
         throw:Reason ->
-            ?SLOG(error, #{msg => "Failed to initialize authentication", reason => Reason}),
+            ?SLOG(error, #{msg => "failed_to_initialize_authentication", reason => Reason}),
             {error, {failed_to_initialize_authentication, Reason}}
     end.