export riak_core_security:get_context, maybe make it not crash for unknown users? [JIRA: RIAK-2229]

[marianoguerra]

I have a riak_core app that used Json Web Token [1], that means the user authenticates, I give it a token and then he does a new request with that token, then I have to get the context from riak_core_security to check permissions, for this I need to export get_context to call it with the username in the token since neither I nor the user holds the password to authenticate again.

is there another way to get the context other than exporting this function?

otherwise I'm willing to provide a patch/pull request to export this function (it's a one liner)

[1] http://jwt.io/

[marianoguerra]

as an aside, if get_context is called with an nonexistent user it crashes with badarg, here is a diff that avoids the crash but maybe the returned value doesn't make sense:

@@ -943,22 +944,25 @@ accumulate_grants(Role, Type) ->
 accumulate_grants([], Seen, Acc, _Type) ->
     {Acc, Seen};
 accumulate_grants([Role|Roles], Seen, Acc, Type) ->
-    Options = role_details(Role, Type),
-    Groups = [G || G <- lookup("groups", Options, []),
-                        not lists:member(G,Seen),
-                        group_exists(G)],
-    {NewAcc, NewSeen} = accumulate_grants(Groups, [Role|Seen], Acc, group),
-
-    Prefix = metadata_grant_prefix(Type),
-
-    Grants = riak_core_metadata:fold(fun({{_R, _Bucket}, [?TOMBSTONE]}, A) ->
-                                             A;
-                                        ({{R, Bucket}, [Permissions]}, A) ->
-                                             [{{concat_role(Type, R), Bucket},
-                                               Permissions}|A]
-                                     end, [], Prefix,
-                                     [{match, {Role, '_'}}]),
-    accumulate_grants(Roles, NewSeen, [Grants|NewAcc], Type).
+    case role_details(Role, Type) of
+        undefined -> {[], Seen};
+        Options ->
+            Groups = [G || G <- lookup("groups", Options, []),
+                           not lists:member(G,Seen),
+                           group_exists(G)],
+            {NewAcc, NewSeen} = accumulate_grants(Groups, [Role|Seen], Acc, group),
+
+            Prefix = metadata_grant_prefix(Type),
+
+            Grants = riak_core_metadata:fold(fun({{_R, _Bucket}, [?TOMBSTONE]}, A) ->
+                                                     A;
+                                                ({{R, Bucket}, [Permissions]}, A) ->
+                                                     [{{concat_role(Type, R), Bucket},
+                                                       Permissions}|A]
+                                             end, [], Prefix,
+                                             [{match, {Role, '_'}}]),
+            accumulate_grants(Roles, NewSeen, [Grants|NewAcc], Type)
+    end.

 %% lookup a key in a list of key/value tuples. Like proplists:get_value but
 %% faster.

using it before:

1> riak_core_security:get_context(<<"asd">>).
** exception error: bad argument
     in function  lists:keyfind/3
    called as lists:keyfind("groups",1,undefined)
     in call from riak_core_security:lookup/3 (src/riak_core_security.erl, line 970)
     in call from riak_core_security:accumulate_grants/4 (src/riak_core_security.erl, line 950)
     in call from riak_core_security:accumulate_grants/2 (src/riak_core_security.erl, line 941)
     in call from riak_core_security:get_context/1 (src/riak_core_security.erl, line 929)

using if after with an unknown user:

1> riak_core_security:get_context(<<"asd">>).
{context,<<"asd">>,[],{1424,343688,272757}}

[marianoguerra]

fix here: marianoguerra@3cb0f09

[mbbroberg]

I saw your note @marianoguerra. I'll ask @seemaj to get this into our Jira and see when we can merge. Thank you! FYI @Basho-JIRA

[binarytemple-external]

@angrycub one dropping through the cracks here.