LDAP: allow tagged values to be used for sensitive settings

Plus a drive-by Dialyzer improvement.
2024-08-14 11:57:12 -04:00 · 2024-08-14 11:57:12 -04:00 · 15fe108cc3
parent 23ad641d9a
commit 15fe108cc3
2 changed files with 3 additions and 2 deletions
--- a/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema
+++ b/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema
@ -120,7 +120,7 @@ end}.
    [{datatype, [string]}]}.

 {mapping, "auth_ldap.dn_lookup_bind.password", "rabbitmq_auth_backend_ldap.dn_lookup_bind",
-    [{datatype, [string]}]}.
+    [{datatype, [tagged_binary, binary]}]}.

 %%  - as_user (to bind as the authenticated user - requires a password)
 %%  - anon    (to bind anonymously)
@ -161,7 +161,7 @@ end}.
    [{datatype, string}]}.

 {mapping, "auth_ldap.other_bind.password", "rabbitmq_auth_backend_ldap.other_bind",
-    [{datatype, string}]}.
+    [{datatype, [tagged_binary, binary]}]}.

 {translation, "rabbitmq_auth_backend_ldap.other_bind",
 fun(Conf) ->
--- a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl
+++ b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl
@ -85,6 +85,7 @@ user_login_authentication(Username, _AuthProps) ->
 %% Credentials (i.e. password) maybe directly in the password attribute in AuthProps
 %% or as a Function with the attribute rabbit_auth_backend_ldap if the user was already authenticated with http backend
 %% or as a Function with the attribute rabbit_auth_backend_cache if the user was already authenticated via cache backend
+-spec extractPassword(list()) -> rabbit_types:option(binary()).
 extractPassword(AuthProps) ->
    case proplists:get_value(password, AuthProps, none) of
        none ->