From 5ee65c5efb8494fdd3dc96015f6e0467abdcbb40 Mon Sep 17 00:00:00 2001 From: boskodev790 Date: Mon, 27 Apr 2026 02:30:07 -0500 Subject: [PATCH] :bug: Fix :hide typo dropping LDAP not-initialized error hint (#9159) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit login-with-ldap raised a :restriction exception with the message "ldap auth provider is not initialized" stored under :hide instead of :hint. ex/raise (common/src/app/common/exceptions.cljc:33-34) uses :hint as the ExceptionInfo message and the downstream error formatters only read :hint (line 250, 312) — :hide is unread anywhere in the codebase (0 other occurrences vs 447 for :hint). Effect: when LDAP is misconfigured, operators saw the generic "restriction" error message instead of the diagnostic string. The typo has been present since the LDAP command was first introduced by commit 14d1cb90bd (2022-06-30, "Refactor auth code") and was carried forward through 6cdf696fc (2023-01-05, "Fix issues on ldap provider and rpc method") without ever surfacing as a code-review comment. One-character fix: :hide -> :hint. Add a CHANGES.md entry under the 2.17.0 Unreleased :bug: Bugs fixed section. --- CHANGES.md | 1 + backend/src/app/rpc/commands/ldap.clj | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index b386152edb..e42246aa45 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -50,6 +50,7 @@ ### :bug: Bugs fixed +- Fix `login-with-ldap` silently dropping its error message on the `ldap-not-initialized` restriction (typo `:hide` → `:hint`); the message `"ldap auth provider is not initialized"` now actually surfaces in logs and error responses instead of being discarded into an unread key - Fix `PENPOT_OIDC_USER_INFO_SOURCE` flag being silently ignored (`userinfo` / `token`) in the OIDC callback, causing "incomplete user info" failures during registration [Github #9108](https://github.com/penpot/penpot/issues/9108) - Fix `get-view-only-bundle` crashing when a share-link viewer encounters a team member whose email lacks `@` (NullPointerException in `obfuscate-email`) or whose domain has no `.` (previously produced a dangling-dot `****@****.`); now the viewer-side obfuscation is nil-safe and omits the trailing dot when the domain has no TLD - Remove `corepack` from the MCP local launcher so it runs on Node.js 25+, where corepack is no longer bundled [Github #8877](https://github.com/penpot/penpot/issues/8877) diff --git a/backend/src/app/rpc/commands/ldap.clj b/backend/src/app/rpc/commands/ldap.clj index f4aea5bc10..c4f0f565d1 100644 --- a/backend/src/app/rpc/commands/ldap.clj +++ b/backend/src/app/rpc/commands/ldap.clj @@ -42,7 +42,7 @@ (when-not provider (ex/raise :type :restriction :code :ldap-not-initialized - :hide "ldap auth provider is not initialized")) + :hint "ldap auth provider is not initialized")) (let [info (ldap/authenticate provider params)] (when-not info