New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: always check authn_http's header and ssl_option #10449
Conversation
36c5bac
to
27d8eec
Compare
Pull Request Test Coverage Report for Build 4741588951
馃挍 - Coveralls |
@@ -207,3 +209,27 @@ array(Name) -> | |||
|
|||
array(Name, DescId) -> | |||
{Name, ?HOCON(?R_REF(Name), #{desc => ?DESC(DescId)})}. | |||
|
|||
validations() -> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will these validations be called for listener-specific authentications?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No.
Right now, hocon can't do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But we will deprecated listener-specific authentications in the future.
0100295
to
1c25a1a
Compare
@@ -46,6 +46,103 @@ array_nodes_test() -> | |||
), | |||
ok. | |||
|
|||
authn_validations_test() -> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to put the unit tests of authn in emqx_conf instead of the authn application?
"", | ||
Conf = <<BaseConf/binary, (list_to_binary(DisableSSLWithHttps))/binary>>, | ||
{ok, ConfMap} = hocon:binary(Conf, #{format => richmap}), | ||
?assertThrow( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also need a test to cover all cases where the checks have passed.
Co-authored-by: JianBo He <heeejianbo@163.com>
e5314ad
to
d288327
Compare
d288327
to
fdf9b2a
Compare
<<"get">> -> | ||
case maps:is_key(<<"content-type">>, Headers) of | ||
false -> ok; | ||
true -> <<"HTTP GET requests cannot include content-type header.">> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we add this restriction, i guess Kjell fixed an issue for nothing in ehttpc ?
Fixes EMQX-9631
If the ssl_options and header configurations are set incorrectly when creating
authn_http
, it could result in the entire authn being unusable.Before
we can create an
authn_http
with{ssl_options.enable=false, url = "https://xxx"}
, but https must enable ssl_options.enable.After
Summary
馃 Generated by Copilot at dfb7bbf
Added and improved validation functions and tests for the http authentication backend in
emqx_authn
. Fixed some minor issues and updated the version number.PR Checklist
Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:
changes/{ce,ee}/(feat|perf|fix)-<PR-id>.en.md
filesChecklist for CI (.github/workflows) changes
changes/
dir for user-facing artifacts update