mirror of
https://github.com/penpot/penpot.git
synced 2026-04-27 12:18:32 +00:00
77c507000b
The malli schema for the LDAP provider params (`schema:params` in `backend/src/app/auth/ldap.clj`) declared the bind-password slot as `:bind-passwor` (missing trailing `d`). The runtime code in the same file uses `:bind-password` everywhere — `prepare-params` reads `(:bind-password cfg)` on line 21 and `try-connectivity` reads `(:bind-password cfg)` on line 89. Effects of the typo: 1. The schema slot for `:bind-password` is missing, so a wrong type (e.g. a number or vector instead of a string) for the actual key slips through `check-params` unvalidated. Malli `[:map ...]` is open by default, so the genuine `:bind-password` key is silently accepted as an unknown extra key. 2. Anyone reading the schema (operator, future contributor, or tooling generating docs) sees a non-existent `:bind-passwor` parameter and could legitimately set that key — schema would accept it, runtime would never read it, LDAP bind would silently fail with a confusing "no password" error. Cross-checked against the pre-malli `clojure.spec` shape removed in commit 88fb5e7ab (2024-10-29, "♻️ Update integrant to latest version", which carried the spec→malli migration). The deleted spec defined `(s/def ::bind-password ::us/string)` correctly — the typo was introduced when re-typing the keys into the new malli vector-of- tuples form. Add a CHANGES.md entry under the 2.17.0 Unreleased 🐛 Bugs fixed section. One-character fix. Signed-off-by: Andrey Antukh <niwi@niwi.nz> Co-authored-by: Andrey Antukh <niwi@niwi.nz>