yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(authn api): reformat for elvis compliance

This commit is contained in:
Ilya Averyanov 2021-11-05 17:09:56 +03:00
parent 1e036bf74d
commit a84b84aac9
2 changed files with 228 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -90,9 +90,8 @@ roots() -> [ request_user_create
fields(request_user_create) ->
[
{user_id, binary()},
{password, binary()},
{is_superuser, mk(boolean(), #{default => false, nullable => true})}
{user_id, binary()}
| fields(request_user_update)
];
fields(request_user_update) ->
@ -125,7 +124,7 @@ fields(pagination_meta) ->
schema("/authentication") ->
#{
operationId => authenticators,
'operationId' => authenticators,
get => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"List authenticators for global authentication">>,
@ -138,7 +137,7 @@ schema("/authentication") ->
post => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Create authenticator for global authentication">>,
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(),
authenticator_examples()),
responses => #{
@ -153,7 +152,7 @@ schema("/authentication") ->
schema("/authentication/:id") ->
#{
operationId => authenticator,
'operationId' => authenticator,
get => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Get authenticator from global authentication chain">>,
@ -169,7 +168,7 @@ schema("/authentication/:id") ->
tags => [<<"authentication">>, <<"global">>],
description => <<"Update authenticator from global authentication chain">>,
parameters => [{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(),
authenticator_examples()
),
@ -195,7 +194,7 @@ schema("/authentication/:id") ->
schema("/listeners/:listener_id/authentication") ->
#{
operationId => listener_authenticators,
'operationId' => listener_authenticators,
get => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"List authenticators for listener authentication">>,
@ -210,7 +209,7 @@ schema("/listeners/:listener_id/authentication") ->
tags => [<<"authentication">>, <<"listener">>],
description => <<"Create authenticator for listener authentication">>,
parameters => [{listener_id, mk(binary(), #{in => path, desc => <<"Listener ID">>})}],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(),
authenticator_examples()
),
@ -226,7 +225,7 @@ schema("/listeners/:listener_id/authentication") ->
schema("/listeners/:listener_id/authentication/:id") ->
#{
operationId => listener_authenticator,
'operationId' => listener_authenticator,
get => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"Get authenticator from listener authentication chain">>,
@ -248,7 +247,7 @@ schema("/listeners/:listener_id/authentication/:id") ->
{listener_id, mk(binary(), #{in => path, desc => <<"Listener ID">>})},
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(),
authenticator_examples()),
responses => #{
@ -277,12 +276,12 @@ schema("/listeners/:listener_id/authentication/:id") ->
schema("/authentication/:id/move") ->
#{
operationId => authenticator_move,
'operationId' => authenticator_move,
post => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Move authenticator in global authentication chain">>,
parameters => [{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_move),
request_move_examples()),
responses => #{
@ -295,7 +294,7 @@ schema("/authentication/:id/move") ->
schema("/listeners/:listener_id/authentication/:id/move") ->
#{
operationId => listener_authenticator_move,
'operationId' => listener_authenticator_move,
post => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"Move authenticator in listener authentication chain">>,
@ -303,7 +302,7 @@ schema("/listeners/:listener_id/authentication/:id/move") ->
{listener_id, mk(binary(), #{in => path, desc => <<"Listener ID">>})},
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_move),
request_move_examples()),
responses => #{
@ -316,12 +315,12 @@ schema("/listeners/:listener_id/authentication/:id/move") ->
schema("/authentication/:id/import_users") ->
#{
operationId => authenticator_import_users,
'operationId' => authenticator_import_users,
post => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Import users into authenticator in global authentication chain">>,
parameters => [{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_import_users),
request_import_users_examples()),
responses => #{
@ -334,7 +333,7 @@ schema("/authentication/:id/import_users") ->
schema("/listeners/:listener_id/authentication/:id/import_users") ->
#{
operationId => listener_authenticator_import_users,
'operationId' => listener_authenticator_import_users,
post => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"Import users into authenticator in listener authentication chain">>,
@ -342,7 +341,7 @@ schema("/listeners/:listener_id/authentication/:id/import_users") ->
{listener_id, mk(binary(), #{in => path, desc => <<"Listener ID">>})},
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_import_users),
request_import_users_examples()),
responses => #{
@ -355,12 +354,12 @@ schema("/listeners/:listener_id/authentication/:id/import_users") ->
schema("/authentication/:id/users") ->
#{
operationId => authenticator_users,
'operationId' => authenticator_users,
post => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Create users for authenticator in global authentication chain">>,
parameters => [{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_create),
request_user_create_examples()),
responses => #{
@ -391,7 +390,7 @@ schema("/authentication/:id/users") ->
schema("/listeners/:listener_id/authentication/:id/users") ->
#{
operationId => listener_authenticator_users,
'operationId' => listener_authenticator_users,
post => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"Create users for authenticator in global authentication chain">>,
@ -399,7 +398,7 @@ schema("/listeners/:listener_id/authentication/:id/users") ->
{listener_id, mk(binary(), #{in => path, desc => <<"Listener ID">>})},
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_create),
request_user_create_examples()),
responses => #{
@ -431,7 +430,7 @@ schema("/listeners/:listener_id/authentication/:id/users") ->
schema("/authentication/:id/users/:user_id") ->
#{
operationId => authenticator_user,
'operationId' => authenticator_user,
get => #{
tags => [<<"authentication">>, <<"global">>],
description => <<"Get user from authenticator in global authentication chain">>,
@ -453,7 +452,7 @@ schema("/authentication/:id/users/:user_id") ->
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})},
{user_id, mk(binary(), #{in => path, desc => <<"User ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_examples(
'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_update),
request_user_update_examples()),
responses => #{
@ -480,7 +479,7 @@ schema("/authentication/:id/users/:user_id") ->
schema("/listeners/:listener_id/authentication/:id/users/:user_id") ->
#{
operationId => listener_authenticator_user,
'operationId' => listener_authenticator_user,
get => #{
tags => [<<"authentication">>, <<"listener">>],
description => <<"Get user from authenticator in listener authentication chain">>,
@ -504,7 +503,7 @@ schema("/listeners/:listener_id/authentication/:id/users/:user_id") ->
{id, mk(binary(), #{in => path, desc => <<"Authenticator ID">>})},
{user_id, mk(binary(), #{in => path, desc => <<"User ID">>})}
],
requestBody => emqx_dashboard_swagger:schema_with_example(
'requestBody' => emqx_dashboard_swagger:schema_with_example(
ref(request_user_update),
request_user_update_examples()),
responses => #{
@ -566,7 +565,9 @@ listener_authenticator(get, #{bindings := #{listener_id := ListenerID, id := Aut
list_authenticator([listeners, Type, Name, authentication],
AuthenticatorID)
end);
listener_authenticator(put, #{bindings := #{listener_id := ListenerID, id := AuthenticatorID}, body := Config}) ->
listener_authenticator(put,
#{bindings := #{listener_id := ListenerID, id := AuthenticatorID},
body := Config}) ->
with_listener(ListenerID,
fun(Type, Name, ChainName) ->
update_authenticator([listeners, Type, Name, authentication],
@ -574,7 +575,8 @@ listener_authenticator(put, #{bindings := #{listener_id := ListenerID, id := Aut
AuthenticatorID,
Config)
end);
listener_authenticator(delete, #{bindings := #{listener_id := ListenerID, id := AuthenticatorID}}) ->
listener_authenticator(delete,
#{bindings := #{listener_id := ListenerID, id := AuthenticatorID}}) ->
with_listener(ListenerID,
fun(Type, Name, ChainName) ->
delete_authenticator([listeners, Type, Name, authentication],
@ -582,12 +584,16 @@ listener_authenticator(delete, #{bindings := #{listener_id := ListenerID, id :=
AuthenticatorID)
end).
authenticator_move(post, #{bindings := #{id := AuthenticatorID}, body := #{<<"position">> := Position}}) ->
authenticator_move(post,
#{bindings := #{id := AuthenticatorID},
body := #{<<"position">> := Position}}) ->
move_authenitcator([authentication], ?GLOBAL, AuthenticatorID, Position);
authenticator_move(post, #{bindings := #{id := _}, body := _}) ->
serialize_error({missing_parameter, position}).
listener_authenticator_move(post, #{bindings := #{listener_id := ListenerID, id := AuthenticatorID}, body := #{<<"position">> := Position}}) ->
listener_authenticator_move(post,
#{bindings := #{listener_id := ListenerID, id := AuthenticatorID},
body := #{<<"position">> := Position}}) ->
with_listener(ListenerID,
fun(Type, Name, ChainName) ->
move_authenitcator([listeners, Type, Name, authentication],
@ -598,22 +604,28 @@ listener_authenticator_move(post, #{bindings := #{listener_id := ListenerID, id
listener_authenticator_move(post, #{bindings := #{listener_id := _, id := _}, body := _}) ->
serialize_error({missing_parameter, position}).
authenticator_import_users(post, #{bindings := #{id := AuthenticatorID}, body := #{<<"filename">> := Filename}}) ->
case ?AUTHN:import_users(?GLOBAL, AuthenticatorID, Filename) of
authenticator_import_users(post,
#{bindings := #{id := AuthenticatorID},
body := #{<<"filename">> := Filename}}) ->
case emqx_authentication:import_users(?GLOBAL, AuthenticatorID, Filename) of
ok -> {204};
{error, Reason} -> serialize_error(Reason)
end;
authenticator_import_users(post, #{bindings := #{id := _}, body := _}) ->
serialize_error({missing_parameter, filename}).
listener_authenticator_import_users(post, #{bindings := #{listener_id := ListenerID, id := AuthenticatorID}, body := #{<<"filename">> := Filename}}) ->
with_chain(ListenerID,
fun(ChainName) ->
case ?AUTHN:import_users(ChainName, AuthenticatorID, Filename) of
ok -> {204};
{error, Reason} -> serialize_error(Reason)
end
end);
listener_authenticator_import_users(
post,
#{bindings := #{listener_id := ListenerID, id := AuthenticatorID},
body := #{<<"filename">> := Filename}}) ->
with_chain(
ListenerID,
fun(ChainName) ->
case emqx_authentication:import_users(ChainName, AuthenticatorID, Filename) of
ok -> {204};
{error, Reason} -> serialize_error(Reason)
end
end);
listener_authenticator_import_users(post, #{bindings := #{listener_id := _, id := _}, body := _}) ->
serialize_error({missing_parameter, filename}).
@ -694,7 +706,7 @@ find_listener(ListenerID) ->
end.
with_chain(ListenerID, Fun) ->
{ok, ChainNames} = ?AUTHN:list_chain_names(),
{ok, ChainNames} = emqx_authentication:list_chain_names(),
ListenerChainName =
[ Name || Name <- ChainNames, atom_to_binary(Name) =:= ListenerID ],
case ListenerChainName of
@ -706,7 +718,7 @@ with_chain(ListenerID, Fun) ->
create_authenticator(ConfKeyPath, ChainName, Config) ->
case update_config(ConfKeyPath, {create_authenticator, ChainName, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}},
{ok, #{post_config_update := #{emqx_authentication := #{id := ID}},
raw_config := AuthenticatorsConfig}} ->
{ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig),
{200, maps:put(id, ID, convert_certs(fill_defaults(AuthenticatorConfig)))};
@ -716,7 +728,10 @@ create_authenticator(ConfKeyPath, ChainName, Config) ->
list_authenticators(ConfKeyPath) ->
AuthenticatorsConfig = get_raw_config_with_defaults(ConfKeyPath),
NAuthenticators = [maps:put(id, ?AUTHN:authenticator_id(AuthenticatorConfig), convert_certs(AuthenticatorConfig))
NAuthenticators = [ maps:put(
id,
emqx_authentication:authenticator_id(AuthenticatorConfig),
convert_certs(AuthenticatorConfig))
|| AuthenticatorConfig <- AuthenticatorsConfig],
{200, NAuthenticators}.
@ -731,7 +746,7 @@ list_authenticator(ConfKeyPath, AuthenticatorID) ->
update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
case update_config(ConfKeyPath, {update_authenticator, ChainName, AuthenticatorID, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}},
{ok, #{post_config_update := #{emqx_authentication := #{id := ID}},
raw_config := AuthenticatorsConfig}} ->
{ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig),
{200, maps:put(id, ID, convert_certs(fill_defaults(AuthenticatorConfig)))};
@ -750,7 +765,9 @@ delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) ->
move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
case parse_position(Position) of
{ok, NPosition} ->
case update_config(ConfKeyPath, {move_authenticator, ChainName, AuthenticatorID, NPosition}) of
case update_config(
ConfKeyPath,
{move_authenticator, ChainName, AuthenticatorID, NPosition}) of
{ok, _} ->
{204};
{error, {_, _, Reason}} ->
@ -760,9 +777,11 @@ move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
serialize_error(Reason)
end.
add_user(ChainName, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
add_user(ChainName,
AuthenticatorID,
#{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
IsSuperuser = maps:get(<<"is_superuser">>, UserInfo, false),
case ?AUTHN:add_user(ChainName, AuthenticatorID, #{ user_id => UserID
case emqx_authentication:add_user(ChainName, AuthenticatorID, #{ user_id => UserID
, password => Password
, is_superuser => IsSuperuser}) of
{ok, User} ->
@ -780,7 +799,7 @@ update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
true ->
serialize_error({missing_parameter, password});
false ->
case ?AUTHN:update_user(ChainName, AuthenticatorID, UserID, UserInfo) of
case emqx_authentication:update_user(ChainName, AuthenticatorID, UserID, UserInfo) of
{ok, User} ->
{200, User};
{error, Reason} ->
@ -789,7 +808,7 @@ update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
end.
find_user(ChainName, AuthenticatorID, UserID) ->
case ?AUTHN:lookup_user(ChainName, AuthenticatorID, UserID) of
case emqx_authentication:lookup_user(ChainName, AuthenticatorID, UserID) of
{ok, User} ->
{200, User};
{error, Reason} ->
@ -797,7 +816,7 @@ find_user(ChainName, AuthenticatorID, UserID) ->
end.
delete_user(ChainName, AuthenticatorID, UserID) ->
case ?AUTHN:delete_user(ChainName, AuthenticatorID, UserID) of
case emqx_authentication:delete_user(ChainName, AuthenticatorID, UserID) of
ok ->
{204};
{error, Reason} ->
@ -805,7 +824,7 @@ delete_user(ChainName, AuthenticatorID, UserID) ->
end.
list_users(ChainName, AuthenticatorID, PageParams) ->
case ?AUTHN:list_users(ChainName, AuthenticatorID, PageParams) of
case emqx_authentication:list_users(ChainName, AuthenticatorID, PageParams) of
{ok, Users} ->
{200, Users};
{error, Reason} ->
@ -821,7 +840,11 @@ get_raw_config_with_defaults(ConfKeyPath) ->
ensure_list(fill_defaults(RawConfig)).
find_config(AuthenticatorID, AuthenticatorsConfig) ->
case [AC || AC <- ensure_list(AuthenticatorsConfig), AuthenticatorID =:= ?AUTHN:authenticator_id(AC)] of
MatchingACs
= [AC
|| AC <- ensure_list(AuthenticatorsConfig),
AuthenticatorID =:= emqx_authentication:authenticator_id(AC)],
case MatchingACs of
[] -> {error, {not_found, {authenticator, AuthenticatorID}}};
[AuthenticatorConfig] -> {ok, AuthenticatorConfig}
end.

349
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -49,7 +49,9 @@ init_per_testcase(_, Config) ->
Config.
init_per_suite(Config) ->
ok = emqx_common_test_helpers:start_apps([emqx_authn, emqx_dashboard], fun set_special_configs/1),
ok = emqx_common_test_helpers:start_apps(
[emqx_authn, emqx_dashboard],
fun set_special_configs/1),
Config.
end_per_suite(_Config) ->
@ -118,322 +120,275 @@ test_authenticators(PathPrefix) ->
ValidConfig = emqx_authn_test_lib:http_example(),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
ValidConfig),
post,
uri(PathPrefix ++ ["authentication"]),
ValidConfig),
InvalidConfig = ValidConfig#{method => <<"delete">>},
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
InvalidConfig),
post,
uri(PathPrefix ++ ["authentication"]),
InvalidConfig),
?assertAuthenticatorsMatch(
[#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}],
PathPrefix ++ ["authentication"]).
[#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}],
PathPrefix ++ ["authentication"]).
test_authenticator(PathPrefix) ->
ValidConfig0 = emqx_authn_test_lib:http_example(),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
ValidConfig0),
post,
uri(PathPrefix ++ ["authentication"]),
ValidConfig0),
{ok, 200, _} = request(
get,
uri(PathPrefix ++ ["authentication", "password-based:http"])),
get,
uri(PathPrefix ++ ["authentication", "password-based:http"])),
{ok, 404, _} = request(
get,
uri(PathPrefix ++ ["authentication", "password-based:redis"])),
get,
uri(PathPrefix ++ ["authentication", "password-based:redis"])),
{ok, 404, _} = request(
put,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database"]),
emqx_authn_test_lib:built_in_database_example()),
put,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database"]),
emqx_authn_test_lib:built_in_database_example()),
InvalidConfig0 = ValidConfig0#{method => <<"delete">>},
{ok, 400, _} = request(
put,
uri(PathPrefix ++ ["authentication", "password-based:http"]),
InvalidConfig0),
put,
uri(PathPrefix ++ ["authentication", "password-based:http"]),
InvalidConfig0),
ValidConfig1 = ValidConfig0#{pool_size => 9},
{ok, 200, _} = request(
put,
uri(PathPrefix ++ ["authentication", "password-based:http"]),
ValidConfig1),
put,
uri(PathPrefix ++ ["authentication", "password-based:http"]),
ValidConfig1),
{ok, 404, _} = request(
delete,
uri(PathPrefix ++ ["authentication", "password-based:redis"])),
delete,
uri(PathPrefix ++ ["authentication", "password-based:redis"])),
{ok, 204, _} = request(
delete,
uri(PathPrefix ++ ["authentication", "password-based:http"])),
delete,
uri(PathPrefix ++ ["authentication", "password-based:http"])),
?assertAuthenticatorsMatch([], PathPrefix ++ ["authentication"]).
test_authenticator_users(PathPrefix) ->
UsersUri = uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
InvalidUsers = [
#{clientid => <<"u1">>, password => <<"p1">>},
#{user_id => <<"u2">>},
#{user_id => <<"u3">>, password => <<"p3">>, foobar => <<"foobar">>}],
#{clientid => <<"u1">>, password => <<"p1">>},
#{user_id => <<"u2">>},
#{user_id => <<"u3">>, password => <<"p3">>, foobar => <<"foobar">>}],
lists:foreach(
fun(User) ->
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
User)
end,
InvalidUsers),
fun(User) -> {ok, 400, _} = request(post, UsersUri, User) end,
InvalidUsers),
ValidUsers = [
#{user_id => <<"u1">>, password => <<"p1">>},
#{user_id => <<"u2">>, password => <<"p2">>, is_superuser => true},
#{user_id => <<"u3">>, password => <<"p3">>}],
#{user_id => <<"u1">>, password => <<"p1">>},
#{user_id => <<"u2">>, password => <<"p2">>, is_superuser => true},
#{user_id => <<"u3">>, password => <<"p3">>}],
lists:foreach(
fun(User) ->
{ok, 201, UserData} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
User),
CreatedUser = jiffy:decode(UserData, [return_maps]),
?assertMatch(#{<<"user_id">> := _}, CreatedUser)
fun(User) ->
{ok, 201, UserData} = request(post, UsersUri, User),
CreatedUser = jiffy:decode(UserData, [return_maps]),
?assertMatch(#{<<"user_id">> := _}, CreatedUser)
end,
ValidUsers),
end,
ValidUsers),
{ok, 200, Page1Data} =
request(
get,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]) ++ "?page=1&limit=2"),
{ok, 200, Page1Data} = request(get, UsersUri ++ "?page=1&limit=2"),
#{<<"data">> := Page1Users,
<<"meta">> :=
#{<<"page">> := 1,
<<"limit">> := 2,
<<"count">> := 3}} =
jiffy:decode(Page1Data, [return_maps]),
#{<<"page">> := 1,
<<"limit">> := 2,
<<"count">> := 3}} =
jiffy:decode(Page1Data, [return_maps]),
{ok, 200, Page2Data} =
request(
get,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]) ++ "?page=2&limit=2"),
{ok, 200, Page2Data} = request(get, UsersUri ++ "?page=2&limit=2"),
#{<<"data">> := Page2Users,
<<"meta">> :=
#{<<"page">> := 2,
<<"limit">> := 2,
<<"count">> := 3}} =
jiffy:decode(Page2Data, [return_maps]),
#{<<"page">> := 2,
<<"limit">> := 2,
<<"count">> := 3}} = jiffy:decode(Page2Data, [return_maps]),
?assertEqual(2, length(Page1Users)),
?assertEqual(1, length(Page2Users)),
?assertEqual(
[<<"u1">>, <<"u2">>, <<"u3">>],
lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])).
[<<"u1">>, <<"u2">>, <<"u3">>],
lists:usort([ UserId || #{<<"user_id">> := UserId} <- Page1Users ++ Page2Users])).
test_authenticator_user(PathPrefix) ->
UsersUri = uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
User = #{user_id => <<"u1">>, password => <<"p1">>},
{ok, 201, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
User),
{ok, 201, _} = request(post, UsersUri, User),
{ok, 404, _} = request(
get,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u123"])),
{ok, 404, _} = request(get, UsersUri ++ "/u123"),
{ok, 409, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users"]),
User),
{ok, 409, _} = request(post, UsersUri, User),
{ok, 200, UserData} = request(
get,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u1"])),
{ok, 200, UserData} = request(get, UsersUri ++ "/u1"),
FetchedUser = jiffy:decode(UserData, [return_maps]),
?assertMatch(#{<<"user_id">> := <<"u1">>}, FetchedUser),
?assertNotMatch(#{<<"password">> := _}, FetchedUser),
ValidUserUpdates = [
#{password => <<"p1">>},
#{password => <<"p1">>, is_superuser => true}],
#{password => <<"p1">>},
#{password => <<"p1">>, is_superuser => true}],
lists:foreach(
fun(UserUpdate) ->
{ok, 200, _} = request(
put,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u1"]),
UserUpdate)
end,
ValidUserUpdates),
fun(UserUpdate) -> {ok, 200, _} = request(put, UsersUri ++ "/u1", UserUpdate) end,
ValidUserUpdates),
InvalidUserUpdates = [
#{user_id => <<"u1">>, password => <<"p1">>},
#{is_superuser => true}],
#{user_id => <<"u1">>, password => <<"p1">>},
#{is_superuser => true}],
lists:foreach(
fun(UserUpdate) ->
{ok, 400, _} = request(
put,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u1"]),
UserUpdate)
end,
InvalidUserUpdates),
fun(UserUpdate) -> {ok, 400, _} = request(put, UsersUri ++ "/u1", UserUpdate) end,
InvalidUserUpdates),
{ok, 404, _} = request(
delete,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u123"])),
{ok, 204, _} = request(
delete,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "users", "u1"])).
{ok, 404, _} = request(delete, UsersUri ++ "/u123"),
{ok, 204, _} = request(delete, UsersUri ++ "/u1").
test_authenticator_move(PathPrefix) ->
AuthenticatorConfs = [
emqx_authn_test_lib:http_example(),
emqx_authn_test_lib:jwt_example(),
emqx_authn_test_lib:built_in_database_example()
],
emqx_authn_test_lib:http_example(),
emqx_authn_test_lib:jwt_example(),
emqx_authn_test_lib:built_in_database_example()
],
lists:foreach(
fun(Conf) ->
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
Conf)
end,
AuthenticatorConfs),
fun(Conf) ->
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
Conf)
end,
AuthenticatorConfs),
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]),
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]),
% Invalid moves
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"up">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"up">>}),
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{}),
{ok, 404, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:invalid">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:invalid">>}),
{ok, 404, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
{ok, 404, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:redis">>}),
% Valid moves
{ok, 204, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"top">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"top">>}),
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]),
[
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]),
{ok, 204, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"bottom">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"bottom">>}),
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>},
#{<<"mechanism">> := <<"jwt">>}
],
PathPrefix ++ ["authentication"]),
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>},
#{<<"mechanism">> := <<"jwt">>}
],
PathPrefix ++ ["authentication"]),
{ok, 204, _} = request(
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:built-in-database">>}),
post,
uri(PathPrefix ++ ["authentication", "jwt", "move"]),
#{position => <<"before:password-based:built-in-database">>}),
?assertAuthenticatorsMatch(
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]).
[
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>},
#{<<"mechanism">> := <<"jwt">>},
#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"built-in-database">>}
],
PathPrefix ++ ["authentication"]).
test_authenticator_import_users(PathPrefix) ->
ImportUri = uri(
PathPrefix ++
["authentication", "password-based:built-in-database", "import_users"]),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
post,
uri(PathPrefix ++ ["authentication"]),
emqx_authn_test_lib:built_in_database_example()),
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "import_users"]),
#{}),
{ok, 400, _} = request(post, ImportUri, #{}),
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "import_users"]),
#{filename => <<"/etc/passwd">>}),
{ok, 400, _} = request(post, ImportUri, #{filename => <<"/etc/passwd">>}),
{ok, 400, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "import_users"]),
#{filename => <<"/not_exists.csv">>}),
{ok, 400, _} = request(post, ImportUri, #{filename => <<"/not_exists.csv">>}),
Dir = code:lib_dir(emqx_authn, test),
JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]),
CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]),
{ok, 204, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "import_users"]),
#{filename => JSONFileName}),
{ok, 204, _} = request(post, ImportUri, #{filename => JSONFileName}),
{ok, 204, _} = request(
post,
uri(PathPrefix ++ ["authentication", "password-based:built-in-database", "import_users"]),
#{filename => CSVFileName}).
{ok, 204, _} = request(post, ImportUri, #{filename => CSVFileName}).
%%------------------------------------------------------------------------------
%% Helpers