Merge pull request #12010 from sstrigler/EMQX-11415-e-5-3-2-api-should-return-404-when-the-built-in-database-authentication-doesnt-exist

fix(emqx_auth): check authenticator exists in /authenticator/:id/users
2023-11-23 18:08:48 +01:00 · 2023-11-23 18:08:48 +01:00 · 1c11a02a76
parent 8e8d6d2192 8ba116d378
commit 1c11a02a76
2 changed files with 24 additions and 4 deletions
--- a/apps/emqx_auth/src/emqx_authn/emqx_authn_api.erl
+++ b/apps/emqx_auth/src/emqx_authn/emqx_authn_api.erl
@ -1111,10 +1111,7 @@ list_users(ChainName, AuthenticatorID, QueryString) ->
        {error, page_limit_invalid} ->
            {400, #{code => <<"INVALID_PARAMETER">>, message => <<"page_limit_invalid">>}};
        {error, Reason} ->
-            {400, #{
-                code => <<"INVALID_PARAMETER">>,
-                message => list_to_binary(io_lib:format("Reason ~p", [Reason]))
-            }};
+            serialize_error({user_error, Reason});
        Result ->
            {200, Result}
    end.
@ -1176,6 +1173,16 @@ serialize_error({user_error, not_found}) ->
        code => <<"NOT_FOUND">>,
        message => binfmt("User not found", [])
    }};
+serialize_error({user_error, {not_found, {chain, ?GLOBAL}}}) ->
+    {404, #{
+        code => <<"NOT_FOUND">>,
+        message => <<"Authenticator not found in the 'global' scope">>
+    }};
+serialize_error({user_error, {not_found, {chain, Name}}}) ->
+    {400, #{
+        code => <<"BAD_REQUEST">>,
+        message => binfmt("No authentication has been created for listener ~p", [Name])
+    }};
 serialize_error({user_error, already_exist}) ->
    {409, #{
        code => <<"ALREADY_EXISTS">>,
--- a/apps/emqx_auth/test/emqx_authn/emqx_authn_api_SUITE.erl
+++ b/apps/emqx_auth/test/emqx_authn/emqx_authn_api_SUITE.erl
@ -435,6 +435,19 @@ test_authenticator_position(PathPrefix) ->
        PathPrefix ++ [?CONF_NS]
    ).

+t_authenticator_users_not_found(_) ->
+    GlobalUser = #{user_id => <<"global_user">>, password => <<"p1">>},
+    {ok, 404, _} = request(
+        get,
+        uri([?CONF_NS, "password_based:built_in_database", "users"])
+    ),
+    {ok, 404, _} = request(
+        post,
+        uri([?CONF_NS, "password_based:built_in_database", "users"]),
+        GlobalUser
+    ),
+    ok.
+
 %% listener authn api is not supported since 5.1.0
 %% Don't support listener switch to global chain.
 ignore_switch_to_global_chain(_) ->