test(gw): add tests for authm data-mgmt

2021-11-22 17:09:08 +08:00 · 2021-11-22 17:09:08 +08:00 · 1e2eac0fce
parent 4eb27ce25b
commit 1e2eac0fce
4 changed files with 109 additions and 7 deletions
--- a/apps/emqx_authn/src/emqx_authn_api.erl
+++ b/apps/emqx_authn/src/emqx_authn_api.erl
@ -796,11 +796,12 @@ add_user(_, _, #{<<"user_id">> := _}) ->
 add_user(_, _, _) ->
    serialize_error({missing_parameter, user_id}).

-update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
-    case maps:with([<<"password">>, <<"is_superuser">>], UserInfo) =:= #{} of
+update_user(ChainName, AuthenticatorID, UserID, UserInfo0) ->
+    case maps:with([<<"password">>, <<"is_superuser">>], UserInfo0) =:= #{} of
        true ->
            serialize_error({missing_parameter, password});
        false ->
+            UserInfo = emqx_map_lib:safe_atom_key_map(UserInfo0),
            case emqx_authentication:update_user(ChainName, AuthenticatorID, UserID, UserInfo) of
                {ok, User} ->
                    {200, User};
@ -907,7 +908,7 @@ serialize_error({bad_ssl_config, Details}) ->
            message => binfmt("bad_ssl_config ~p", [Details])}};
 serialize_error({missing_parameter, Detail}) ->
    {400, #{code => <<"MISSING_PARAMETER">>,
-            message => binfmt("Missing required parameter", [Detail])}};
+            message => binfmt("Missing required parameter: ~p", [Detail])}};
 serialize_error({invalid_parameter, Name}) ->
    {400, #{code => <<"INVALID_PARAMETER">>,
            message => binfmt("Invalid value for '~p'", [Name])}};
--- a/apps/emqx_gateway/src/emqx_gateway_api_authn.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_api_authn.erl
@ -286,9 +286,7 @@ schema("/gateway/:name/authentication/users/:uid") ->
                , 404 => error_codes([?NOT_FOUND], <<"Not Found">>)
                , 500 => error_codes([?INTERNAL_ERROR],
                                     <<"Ineternal Server Error">>)
-                , 200 => emqx_dashboard_swagger:schema_with_example(
-                           ref(emqx_authn_api, response_user),
-                           emqx_authn_api:response_user_examples())
+                , 204 => <<"User Deleted">>
                }
           }
     };
--- a/apps/emqx_gateway/src/emqx_gateway_http.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_http.erl
@ -335,7 +335,7 @@ with_authn(GwName0, Fun) ->

 -spec with_listener_authn(binary(), binary(), function()) -> any().
 with_listener_authn(GwName0, Id, Fun) ->
-    with_gateway(GwName0, fun(GwName) ->
+    with_gateway(GwName0, fun(GwName, _GwConf) ->
        Authn = emqx_gateway_http:authn(GwName, Id),
        Fun(GwName, Authn)
    end).
--- a/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
+++ b/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
@ -207,6 +207,50 @@ t_authn(_) ->
    {204, _} = request(get, "/gateway/stomp/authentication"),
    {204, _} = request(delete, "/gateway/stomp").

+t_authn_data_mgmt(_) ->
+    GwConf = #{name => <<"stomp">>},
+    {204, _} = request(post, "/gateway", GwConf),
+    {204, _} = request(get, "/gateway/stomp/authentication"),
+
+    AuthConf = #{mechanism => <<"password-based">>,
+                 backend => <<"built-in-database">>,
+                 user_id_type => <<"clientid">>
+                },
+    {204, _} = request(post, "/gateway/stomp/authentication", AuthConf),
+    {200, ConfResp} = request(get, "/gateway/stomp/authentication"),
+    assert_confs(AuthConf, ConfResp),
+
+    User1 = #{ user_id => <<"test">>
+             , password => <<"123456">>
+             , is_superuser => false
+             },
+    {201, _} = request(post, "/gateway/stomp/authentication/users", User1),
+    {200, #{data := [UserRespd1]}} = request(get, "/gateway/stomp/authentication/users"),
+    assert_confs(UserRespd1, User1),
+
+    {200, UserRespd2} = request(get,
+                                "/gateway/stomp/authentication/users/test"),
+    assert_confs(UserRespd2, User1),
+
+    {200, UserRespd3} = request(put,
+                                "/gateway/stomp/authentication/users/test",
+                                #{password => <<"654321">>,
+                                  is_superuser => true}),
+    assert_confs(UserRespd3, User1#{is_superuser => true}),
+
+    {200, UserRespd4} = request(get,
+                                "/gateway/stomp/authentication/users/test"),
+    assert_confs(UserRespd4, User1#{is_superuser => true}),
+
+    {204, _} = request(delete, "/gateway/stomp/authentication/users/test"),
+
+    {200, #{data := []}} = request(get,
+                                   "/gateway/stomp/authentication/users"),
+
+    {204, _} = request(delete, "/gateway/stomp/authentication"),
+    {204, _} = request(get, "/gateway/stomp/authentication"),
+    {204, _} = request(delete, "/gateway/stomp").
+
 t_listeners(_) ->
    GwConf = #{name => <<"stomp">>},
    {204, _} = request(post, "/gateway", GwConf),
@ -262,6 +306,65 @@ t_listeners_authn(_) ->
    assert_confs(AuthConf2, ConfResp3),
    {204, _} = request(delete, "/gateway/stomp").

+t_listeners_authn_data_mgmt(_) ->
+    GwConf = #{name => <<"stomp">>,
+               listeners => [
+                 #{name => <<"def">>,
+                   type => <<"tcp">>,
+                   bind => <<"61613">>
+                  }]},
+    {204, _} = request(post, "/gateway", GwConf),
+    {200, ConfResp} = request(get, "/gateway/stomp"),
+    assert_confs(GwConf, ConfResp),
+
+    AuthConf = #{mechanism => <<"password-based">>,
+                 backend => <<"built-in-database">>,
+                 user_id_type => <<"clientid">>
+                },
+    Path = "/gateway/stomp/listeners/stomp:tcp:def/authentication",
+    {204, _} = request(post, Path, AuthConf),
+    {200, ConfResp2} = request(get, Path),
+    assert_confs(AuthConf, ConfResp2),
+
+    User1 = #{ user_id => <<"test">>
+             , password => <<"123456">>
+             , is_superuser => false
+             },
+    {201, _} = request(post,
+                       "/gateway/stomp/listeners/stomp:tcp:def/authentication/users",
+                       User1),
+
+    {200,
+     #{data := [UserRespd1]} } = request(
+                                   get,
+                                   "/gateway/stomp/listeners/stomp:tcp:def/authentication/users"),
+    assert_confs(UserRespd1, User1),
+
+    {200, UserRespd2} = request(
+                          get,
+                          "/gateway/stomp/listeners/stomp:tcp:def/authentication/users/test"),
+    assert_confs(UserRespd2, User1),
+
+    {200, UserRespd3} = request(
+                          put,
+                          "/gateway/stomp/listeners/stomp:tcp:def/authentication/users/test",
+                          #{password => <<"654321">>, is_superuser => true}),
+    assert_confs(UserRespd3, User1#{is_superuser => true}),
+
+    {200, UserRespd4} = request(
+                          get,
+                          "/gateway/stomp/listeners/stomp:tcp:def/authentication/users/test"),
+    assert_confs(UserRespd4, User1#{is_superuser => true}),
+
+    {204, _} = request(
+                 delete,
+                 "/gateway/stomp/listeners/stomp:tcp:def/authentication/users/test"),
+
+    {200, #{data := []}} = request(
+                             get,
+                             "/gateway/stomp/listeners/stomp:tcp:def/authentication/users"),
+    {204, _} = request(delete, "/gateway/stomp").
+
 %%--------------------------------------------------------------------
 %% Asserts