Merge pull request #8924 from zhongwencool/authn-config-check

fix: authentication should be array, not struct
2022-10-17 09:14:05 +08:00 · 2022-10-17 09:14:05 +08:00 · bc0cc80d32
parent 6f899699ca bfc780f95b
commit bc0cc80d32
6 changed files with 33 additions and 21 deletions
--- a/CHANGES-5.0.md
+++ b/CHANGES-5.0.md
@ -16,6 +16,7 @@
 * Fix empty variable interpolation in authentication and authorization. Placeholders for undefined variables are rendered now as empty strings and do not cause errors anymore. [#8963](https://github.com/emqx/emqx/pull/8963)
 * Fix the latency statistics error of the slow subscription module when `stats_type` is `internal` or `response`. [#8986](https://github.com/emqx/emqx/pull/8986)
 * Redispatch shared subscription messages. [#9104](https://github.com/emqx/emqx/pull/9104)
+* Ensure authentication type is an array, not struct. [#8923](https://github.com/emqx/emqx/pull/8923)

 # 5.0.8

@ -27,6 +28,7 @@
 * Speed up dispatching of shared subscription messages in a cluster [#8893](https://github.com/emqx/emqx/pull/8893)
 * Fix the extra / prefix when CoAP gateway parsing client topics. [#8658](https://github.com/emqx/emqx/pull/8658)
 * Speed up updating the configuration, When some nodes in the cluster are down. [#8857](https://github.com/emqx/emqx/pull/8857)
+
 * Fix delayed publish inaccurate caused by os time change. [#8926](https://github.com/emqx/emqx/pull/8926)
 * Fix that EMQX can't start when the retainer is disabled [#8911](https://github.com/emqx/emqx/pull/8911)
 * Fix that redis authn will deny the unknown users [#8934](https://github.com/emqx/emqx/pull/8934)
--- a/apps/emqx/src/emqx_authentication_config.erl
+++ b/apps/emqx/src/emqx_authentication_config.erl
@ -64,7 +64,7 @@
 pre_config_update(_, UpdateReq, OldConfig) ->
    try do_pre_config_update(UpdateReq, to_list(OldConfig)) of
        {error, Reason} -> {error, Reason};
-        {ok, NewConfig} -> {ok, return_map(NewConfig)}
+        {ok, NewConfig} -> {ok, NewConfig}
    catch
        throw:Reason ->
            {error, Reason}
@ -225,9 +225,6 @@ do_check_config(Type, Config, Module) ->
            throw({bad_authenticator_config, #{type => Type, reason => E}})
    end.

-return_map([L]) -> L;
-return_map(L) -> L.
-
 to_list(undefined) -> [];
 to_list(M) when M =:= #{} -> [];
 to_list(M) when is_map(M) -> [M];
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@ -414,9 +414,9 @@ check_config(SchemaMod, RawConf) ->
 check_config(SchemaMod, RawConf, Opts0) ->
    Opts1 = #{
        return_plain => true,
-        %% TODO: evil, remove, required should be declared in schema
-        required => false,
-        format => map
+        format => map,
+        %% Don't check lazy types, such as authenticate
+        check_lazy => false
    },
    Opts = maps:merge(Opts0, Opts1),
    {AppEnvs, CheckedConf} =
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@ -2276,6 +2276,7 @@ validate_alarm_actions(Actions) ->
        Error -> {error, Error}
    end.

+parse_user_lookup_fun({Fun, _} = Lookup) when is_function(Fun, 3) -> Lookup;
 parse_user_lookup_fun(StrConf) ->
    [ModStr, FunStr] = string:tokens(str(StrConf), ": "),
    Mod = list_to_atom(ModStr),
--- a/apps/emqx_authn/src/emqx_authn.erl
+++ b/apps/emqx_authn/src/emqx_authn.erl
@ -70,7 +70,9 @@ do_check_config(#{<<"mechanism">> := Mec} = Config, Opts) ->
                #{?CONF_NS_BINARY => Config},
                Opts#{atom_key => true}
            )
-    end.
+    end;
+do_check_config(_Config, _Opts) ->
+    throw({invalid_config, "mechanism_field_required"}).

 atom(Bin) ->
    try
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@ -37,8 +37,10 @@
 start(_StartType, _StartArgs) ->
    ok = mria_rlog:wait_for_shards([?AUTH_SHARD], infinity),
    {ok, Sup} = emqx_authn_sup:start_link(),
-    ok = initialize(),
-    {ok, Sup}.
+    case initialize() of
+        ok -> {ok, Sup};
+        {error, Reason} -> {error, Reason}
+    end.

 stop(_State) ->
    ok = deinitialize(),
@ -49,18 +51,26 @@ stop(_State) ->
 %%------------------------------------------------------------------------------

 initialize() ->
-    ok = ?AUTHN:register_providers(emqx_authn:providers()),
+    try
+        ok = ?AUTHN:register_providers(emqx_authn:providers()),

-    lists:foreach(
-        fun({ChainName, RawAuthConfigs}) ->
-            AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
-            ?AUTHN:initialize_authentication(
-                ChainName,
-                AuthConfig
-            )
-        end,
-        chain_configs()
-    ).
+        lists:foreach(
+            fun({ChainName, RawAuthConfigs}) ->
+                AuthConfig = emqx_authn:check_configs(RawAuthConfigs),
+                ?AUTHN:initialize_authentication(
+                    ChainName,
+                    AuthConfig
+                )
+            end,
+            chain_configs()
+        )
+    of
+        ok -> ok
+    catch
+        throw:Reason ->
+            ?SLOG(error, #{msg => "failed_to_initialize_authentication", reason => Reason}),
+            {error, {failed_to_initialize_authentication, Reason}}
+    end.

 deinitialize() ->
    ok = ?AUTHN:deregister_providers(provider_types()),