From 29baf0f68ac9cc597c2cf9b6a70be8a0651a24fa Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@gmail.com>
Date: Mon, 13 Jun 2022 13:38:06 +0800
Subject: [PATCH] fix(authn): fix enhance_authn fuzzy searching not working

---
 .../emqx_enhanced_authn_scram_mnesia.erl      | 40 ++++++++++++-------
 ...emqx_enhanced_authn_scram_mnesia_SUITE.erl |  2 +-
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
index dd9fed522..9688ef65a 100644
--- a/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
+++ b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_scram_mnesia.erl
@@ -54,8 +54,9 @@
 
 -define(TAB, ?MODULE).
 -define(AUTHN_QSCHEMA, [
-    {<<"like_username">>, binary},
-    {<<"user_group">>, binary}
+    {<<"like_user_id">>, binary},
+    {<<"user_group">>, binary},
+    {<<"is_superuser">>, atom}
 ]).
 -define(QUERY_FUN, {?MODULE, query}).
 
@@ -298,9 +299,9 @@ run_fuzzy_filter(_, []) ->
     true;
 run_fuzzy_filter(
     E = #user_info{user_id = {_, UserID}},
-    [{username, like, UsernameSubStr} | Fuzzy]
+    [{user_id, like, UserIDSubStr} | Fuzzy]
 ) ->
-    binary:match(UserID, UsernameSubStr) /= nomatch andalso run_fuzzy_filter(E, Fuzzy).
+    binary:match(UserID, UserIDSubStr) /= nomatch andalso run_fuzzy_filter(E, Fuzzy).
 
 %%------------------------------------------------------------------------------
 %% Internal functions
@@ -392,17 +393,12 @@ format_user_info(#user_info{user_id = {_, UserID}, is_superuser = IsSuperuser})
     #{user_id => UserID, is_superuser => IsSuperuser}.
 
 ms_from_qstring(QString) ->
-    [Ms] = lists:foldl(
-        fun
-            ({user_group, '=:=', UserGroup}, AccIn) ->
-                [group_match_spec(UserGroup) | AccIn];
-            (_, AccIn) ->
-                AccIn
-        end,
-        [],
-        QString
-    ),
-    Ms.
+    case lists:keytake(user_group, 1, QString) of
+        {value, {user_group, '=:=', UserGroup}, QString2} ->
+            group_match_spec(UserGroup, QString2);
+        _ ->
+            []
+    end.
 
 group_match_spec(UserGroup) ->
     ets:fun2ms(
@@ -410,3 +406,17 @@ group_match_spec(UserGroup) ->
             User
         end
     ).
+
+group_match_spec(UserGroup, QString) ->
+    case lists:keyfind(is_superuser, 1, QString) of
+        false ->
+            ets:fun2ms(fun(#user_info{user_id = {Group, _}} = User) when Group =:= UserGroup ->
+                User
+            end);
+        {is_superuser, '=:=', Value} ->
+            ets:fun2ms(fun(#user_info{user_id = {Group, _}, is_superuser = IsSuper} = User) when
+                Group =:= UserGroup, IsSuper =:= Value
+            ->
+                User
+            end)
+    end.
diff --git a/apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl b/apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl
index 86558e5ec..41fa5a38c 100644
--- a/apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_enhanced_authn_scram_mnesia_SUITE.erl
@@ -324,7 +324,7 @@ t_list_users(_) ->
         #{
             <<"page">> => 1,
             <<"limit">> => 3,
-            <<"like_username">> => <<"1">>
+            <<"like_user_id">> => <<"1">>
         },
         State
     ).