fix(authn): handle authn backends own validations

apps/emqx_authn/src/emqx_authn_api.erl

@@ -725,7 +725,9 @@ create_authenticator(ConfKeyPath, ChainName, Config) ->
             raw_config := AuthenticatorsConfig}} ->
             {ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig),
             {200, maps:put(id, ID, convert_certs(fill_defaults(AuthenticatorConfig)))};
-        {error, {_, _, Reason}} ->
+        {error, {_PrePostConfigUpdate, emqx_authentication, Reason}} ->
+            serialize_error(Reason);
+        {error, Reason} ->
             serialize_error(Reason)
     end.
 
@@ -753,7 +755,9 @@ update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
                raw_config := AuthenticatorsConfig}} ->
             {ok, AuthenticatorConfig} = find_config(ID, AuthenticatorsConfig),
             {200, maps:put(id, ID, convert_certs(fill_defaults(AuthenticatorConfig)))};
-        {error, {_, _, Reason}} ->
+        {error, {_PrePostConfigUpdate, emqx_authentication, Reason}} ->
+            serialize_error(Reason);
+        {error, Reason} ->
             serialize_error(Reason)
     end.
 
@@ -761,7 +765,9 @@ delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) ->
     case update_config(ConfKeyPath, {delete_authenticator, ChainName, AuthenticatorID}) of
         {ok, _} ->
             {204};
-        {error, {_, _, Reason}} ->
+        {error, {_PrePostConfigUpdate, emqx_authentication, Reason}} ->
+            serialize_error(Reason);
+        {error, Reason} ->
             serialize_error(Reason)
     end.
 
@@ -773,7 +779,9 @@ move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
                    {move_authenticator, ChainName, AuthenticatorID, NPosition}) of
                 {ok, _} ->
                     {204};
-                {error, {_, _, Reason}} ->
+                {error, {_PrePostConfigUpdate, emqx_authentication, Reason}} ->
+                    serialize_error(Reason);
+                {error, Reason} ->
                     serialize_error(Reason)
             end;
         {error, Reason} ->

apps/emqx_authn/test/emqx_authn_api_SUITE.erl

@@ -134,11 +134,23 @@ test_authenticators(PathPrefix) ->
                      uri(PathPrefix ++ ["authentication"]),
                      ValidConfig),
 
-    InvalidConfig = ValidConfig#{method => <<"delete">>},
+    {ok, 409, _} = request(
+                     post,
+                     uri(PathPrefix ++ ["authentication"]),
+                     ValidConfig),
+
+    InvalidConfig0 = ValidConfig#{method => <<"delete">>},
     {ok, 400, _} = request(
                      post,
                      uri(PathPrefix ++ ["authentication"]),
-                     InvalidConfig),
+                     InvalidConfig0),
+
+    InvalidConfig1 = ValidConfig#{method => <<"get">>,
+                                  headers => #{<<"content-type">> => <<"application/json">>}},
+    {ok, 400, _} = request(
+                     post,
+                     uri(PathPrefix ++ ["authentication"]),
+                     InvalidConfig1),
 
     ?assertAuthenticatorsMatch(
        [#{<<"mechanism">> := <<"password-based">>, <<"backend">> := <<"http">>}],
@@ -170,6 +182,13 @@ test_authenticator(PathPrefix) ->
                      uri(PathPrefix ++ ["authentication", "password-based:http"]),
                      InvalidConfig0),
 
+    InvalidConfig1 = ValidConfig0#{method => <<"get">>,
+                                  headers => #{<<"content-type">> => <<"application/json">>}},
+    {ok, 400, _} = request(
+                     put,
+                     uri(PathPrefix ++ ["authentication", "password-based:http"]),
+                     InvalidConfig1),
+
     ValidConfig1 = ValidConfig0#{pool_size => 9},
     {ok, 200, _} = request(
                      put,