Merge pull request #11690 from lafirest/fix/ldap_parse_cfg

fix(ldap): improve the LDAP `parse_config` function
2023-09-28 10:24:52 +08:00 · 2023-09-28 10:24:52 +08:00 · ece7d5b52a
parent b0d86eecd6 57781d0544
commit ece7d5b52a
4 changed files with 11 additions and 45 deletions
--- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
+++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_ldap.erl
@ -87,19 +87,7 @@ destroy(#{resource_id := ResourceId}) ->

 parse_config(Config0) ->
    Config = ensure_bind_password(Config0),
-    State = lists:foldl(
-        fun(Key, Acc) ->
-            case maps:find(Key, Config) of
-                {ok, Value} when is_binary(Value) ->
-                    Acc#{Key := erlang:binary_to_list(Value)};
-                _ ->
-                    Acc
-            end
-        end,
-        Config,
-        [query_timeout]
-    ),
-    {Config, State}.
+    {Config, maps:with([query_timeout], Config0)}.

 %% In this feature, the `bind_password` is fixed, so it should conceal from the swagger,
 %% but the connector still needs it, hence we should add it back here
--- a/apps/emqx_ldap/src/emqx_ldap_authn.erl
+++ b/apps/emqx_ldap/src/emqx_ldap_authn.erl
@ -91,14 +91,14 @@ refs() ->
 create(_AuthenticatorID, Config) ->
    do_create(?MODULE, Config).

-do_create(Module, Config0) ->
+do_create(Module, Config) ->
    ResourceId = emqx_authn_utils:make_resource_id(Module),
-    {Config, State} = parse_config(Config0),
+    State = parse_config(Config),
    {ok, _Data} = emqx_authn_utils:create_resource(ResourceId, emqx_ldap, Config),
    {ok, State#{resource_id => ResourceId}}.

-update(Config0, #{resource_id := ResourceId} = _State) ->
-    {Config, NState} = parse_config(Config0),
+update(Config, #{resource_id := ResourceId} = _State) ->
+    NState = parse_config(Config),
    case emqx_authn_utils:update_resource(emqx_ldap, Config, ResourceId) of
        {error, Reason} ->
            error({load_config_error, Reason});
@ -143,19 +143,7 @@ authenticate(
    end.

 parse_config(Config) ->
-    State = lists:foldl(
-        fun(Key, Acc) ->
-            case maps:find(Key, Config) of
-                {ok, Value} when is_binary(Value) ->
-                    Acc#{Key := erlang:binary_to_list(Value)};
-                _ ->
-                    Acc
-            end
-        end,
-        Config,
-        [password_attribute, is_superuser_attribute, query_timeout]
-    ),
-    {Config, State}.
+    maps:with([query_timeout, password_attribute, is_superuser_attribute], Config).

 %% To compatible v4.x
 is_enabled(Password, #eldap_entry{attributes = Attributes} = Entry, State) ->
--- a/apps/emqx_ldap/src/emqx_ldap_authz.erl
+++ b/apps/emqx_ldap/src/emqx_ldap_authz.erl
@ -134,21 +134,10 @@ do_authorize(_Action, _Topic, [], _Entry) ->
    nomatch.

 new_annotations(Init, Source) ->
-    lists:foldl(
-        fun(Attr, Acc) ->
-            Acc#{
-                Attr =>
-                    case maps:get(Attr, Source) of
-                        Value when is_binary(Value) ->
-                            erlang:binary_to_list(Value);
-                        Value ->
-                            Value
-                    end
-            }
-        end,
-        Init,
-        [publish_attribute, subscribe_attribute, all_attribute]
-    ).
+    State = maps:with(
+        [query_timeout, publish_attribute, subscribe_attribute, all_attribute], Source
+    ),
+    maps:merge(Init, State).

 select_attrs(#{action_type := publish}, #{publish_attribute := Pub, all_attribute := All}) ->
    [Pub, All];
--- a/changes/ce/fix-11667.en.md
+++ b/changes/ce/fix-11667.en.md
@ -0,0 +1 @@
+Disable access to the `logout` endpoint by the API key, this endpoint is for the Dashboard only.
				`@ -0,0 +1 @@`
				Disable access to the `logout` endpoint by the API key, this endpoint is for the Dashboard only.