Updated internal_user record access to use new APIs

4 files changed, 55 insertions, 63 deletions

diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl
index e20d5c6b1b..f2e6bdd0f2 100644
--- a/src/rabbit_auth_backend_internal.erl
+++ b/src/rabbit_auth_backend_internal.erl
@@ -26,7 +26,7 @@
 
 -export([user_info_keys/0, perms_info_keys/0,
          user_perms_info_keys/0, vhost_perms_info_keys/0,
-         user_vhost_perms_info_keys/0,
+         user_vhost_perms_info_keys/0, all_users/0,
          list_users/0, list_users/2, list_permissions/0,
          list_user_permissions/1, list_user_permissions/3,
          list_topic_permissions/0,
@@ -50,9 +50,9 @@
 %% there is no information in the record, we consider it to be legacy
 %% (inserted by a version older than 3.6.0) and fall back to MD5, the
 %% now obsolete hashing function.
-hashing_module_for_user(#internal_user{
-    hashing_algorithm = ModOrUndefined}) ->
-        rabbit_password:hashing_mod(ModOrUndefined).
+hashing_module_for_user(User) ->
+    ModOrUndefined = internal_user:get_hashing_algorithm(User),
+    rabbit_password:hashing_mod(ModOrUndefined).
 
 -define(BLANK_PASSWORD_REJECTION_MESSAGE,
         "user '~s' attempted to log in with a blank password, which is prohibited by the internal authN backend. "
@@ -78,13 +78,14 @@ user_login_authentication(Username, AuthProps) ->
         {password, Cleartext} ->
             internal_check_user_login(
               Username,
-              fun (#internal_user{
-                        password_hash = <<Salt:4/binary, Hash/binary>>
-                    } = U) ->
-                  Hash =:= rabbit_password:salted_hash(
-                      hashing_module_for_user(U), Salt, Cleartext);
-                  (#internal_user{}) ->
-                      false
+              fun(User) ->
+                  case internal_user:get_password_hash(User) of
+                      <<Salt:4/binary, Hash/binary>> ->
+                          Hash =:= rabbit_password:salted_hash(
+                              hashing_module_for_user(User), Salt, Cleartext);
+                      _ ->
+                          false
+                  end
               end);
         false -> exit({unknown_auth_props, Username, AuthProps})
     end.
@@ -100,7 +101,8 @@ user_login_authorization(Username, _AuthProps) ->
 internal_check_user_login(Username, Fun) ->
     Refused = {refused, "user '~s' - invalid credentials", [Username]},
     case lookup_user(Username) of
-        {ok, User = #internal_user{tags = Tags}} ->
+        {ok, User} ->
+            Tags = internal_user:get_tags(User),
             case Fun(User) of
                 true -> {ok, #auth_user{username = Username,
                                         tags     = Tags,
@@ -210,10 +212,8 @@ add_user_sans_validation(Username, Password, ActingUser) ->
     %% but we also need to store a hint as part of the record, so we
     %% retrieve it here one more time
     HashingMod = rabbit_password:hashing_mod(),
-    User = #internal_user{username          = Username,
-                          password_hash     = hash_password(HashingMod, Password),
-                          tags              = [],
-                          hashing_algorithm = HashingMod},
+    PasswordHash = hash_password(HashingMod, Password),
+    User = internal_user:create_user(Username, PasswordHash, HashingMod),
     try
         R = rabbit_misc:execute_mnesia_transaction(
           fun () ->
@@ -283,7 +283,7 @@ delete_user(Username, ActingUser) ->
 
 -spec lookup_user
         (rabbit_types:username()) ->
-            rabbit_types:ok(rabbit_types:internal_user()) |
+            rabbit_types:ok(internal_user:internal_user()) |
             rabbit_types:error('not_found').
 
 lookup_user(Username) ->
@@ -354,9 +354,8 @@ change_password_hash(Username, PasswordHash) ->
 
 change_password_hash(Username, PasswordHash, HashingAlgorithm) ->
     update_user(Username, fun(User) ->
-                                  User#internal_user{
-                                    password_hash     = PasswordHash,
-                                    hashing_algorithm = HashingAlgorithm }
+                              internal_user:set_password_hash(User,
+                                  PasswordHash, HashingAlgorithm)
                           end).
 
 -spec set_tags(rabbit_types:username(), [atom()], rabbit_types:username()) -> 'ok'.
@@ -366,7 +365,7 @@ set_tags(Username, Tags, ActingUser) ->
     rabbit_log:debug("Asked to set user tags for user '~s' to ~p", [Username, ConvertedTags]),
     try
         R = update_user(Username, fun(User) ->
-                                          User#internal_user{tags = ConvertedTags}
+                                     internal_user:set_tags(User, ConvertedTags)
                                   end),
         rabbit_log:info("Successfully set user tags for user '~s' to ~p", [Username, ConvertedTags]),
         rabbit_event:notify(user_tags_set, [{name, Username}, {tags, ConvertedTags},
@@ -783,9 +782,8 @@ validate_parameters_and_update_limit(Username, Term) ->
     case flatten_errors(rabbit_parameter_validation:proplist(
                         <<"user-limits">>, user_limit_validation(), Term)) of
         ok ->
-            update_user(Username, fun(User = #internal_user{limits = Limits}) ->
-                                      User#internal_user{
-                                           limits = maps:merge(Limits, Term)}
+            update_user(Username, fun(User) ->
+                                      internal_user:update_limits(add, User, Term)
                                   end);
         {errors, [{Reason, Arguments}]} ->
             {error_string, rabbit_misc:format(Reason, Arguments)}
@@ -797,12 +795,11 @@ user_limit_validation() ->
 
 clear_user_limits(Username, <<"all">>) ->
     update_user(Username, fun(User) ->
-                              User#internal_user{limits = #{}}
+                              internal_user:clear_limits(User)
                           end);
 clear_user_limits(Username, LimitType) ->
-    update_user(Username, fun(User = #internal_user{limits = Limits}) ->
-                              User#internal_user{
-                                    limits = maps:remove(LimitType, Limits)}
+    update_user(Username, fun(User) ->
+                              internal_user:update_limits(remove, User, LimitType)
                           end).
 
 flatten_errors(L) ->
@@ -842,11 +839,13 @@ user_topic_perms_info_keys()       -> [vhost, exchange, write, read].
 vhost_topic_perms_info_keys()      -> [user, exchange, write, read].
 user_vhost_topic_perms_info_keys() -> [exchange, write, read].
 
+all_users() -> mnesia:dirty_match_object(rabbit_user, internal_user:pattern_match_all()).
+
 -spec list_users() -> [rabbit_types:infos()].
 
 list_users() ->
     [extract_internal_user_params(U) ||
-        U <- mnesia:dirty_match_object(rabbit_user, #internal_user{_ = '_'})].
+        U <- all_users()].
 
 -spec list_users(reference(), pid()) -> 'ok'.
 
@@ -854,7 +853,7 @@ list_users(Ref, AggregatorPid) ->
     rabbit_control_misc:emitting_map(
       AggregatorPid, Ref,
       fun(U) -> extract_internal_user_params(U) end,
-      mnesia:dirty_match_object(rabbit_user, #internal_user{_ = '_'})).
+      all_users()).
 
 -spec list_permissions() -> [rabbit_types:infos()].
 
@@ -929,8 +928,9 @@ extract_user_permission_params(Keys, #user_permission{
                         {write,     WritePerm},
                         {read,      ReadPerm}]).
 
-extract_internal_user_params(#internal_user{username = Username, tags = Tags}) ->
-    [{user, Username}, {tags, Tags}].
+extract_internal_user_params(User) ->
+    [{user, internal_user:get_username(User)},
+     {tags, internal_user:get_tags(User)}].
 
 match_user_vhost(Username, VHostPath) ->
     fun () -> mnesia:match_object(
@@ -1034,7 +1034,7 @@ is_over_limit(Username, LimitType, Fun) ->
 get_user_limit(Username, LimitType) ->
     case lookup_user(Username) of
         {ok, User} ->
-            case rabbit_misc:pget(LimitType, User#internal_user.limits) of
+            case rabbit_misc:pget(LimitType, internal_user:get_limits(User)) of
                 undefined -> undefined;
                 N when N < 0  -> undefined;
                 N when N >= 0 -> {ok, N}
@@ -1045,6 +1045,6 @@ get_user_limit(Username, LimitType) ->
 
 get_user_limits(Username) ->
     case lookup_user(Username) of
-        {ok, User} -> User#internal_user.limits;
+        {ok, User} -> internal_user:get_limits(User);
         _ -> undefined
     end.
diff --git a/src/rabbit_definitions.erl b/src/rabbit_definitions.erl
index f67e6dca48..9920015738 100644
--- a/src/rabbit_definitions.erl
+++ b/src/rabbit_definitions.erl
@@ -700,14 +700,15 @@ vhost_definition(VHost) ->
     }.
 
 list_users() ->
-    [begin
-         {ok, User} = rabbit_auth_backend_internal:lookup_user(pget(user, U)),
-         #{<<"name">>              => User#internal_user.username,
-           <<"password_hash">>     => base64:encode(User#internal_user.password_hash),
-           <<"hashing_algorithm">> => rabbit_auth_backend_internal:hashing_module_for_user(User),
-           <<"tags">>              => tags_as_binaries(User#internal_user.tags)
-         }
-     end || U <- rabbit_auth_backend_internal:list_users()].
+    [user_definition(U) || U <- rabbit_auth_backend_internal:all_users()].
+
+user_definition(User) ->
+    #{<<"name">>              => internal_user:get_username(User),
+      <<"password_hash">>     => base64:encode(internal_user:get_password_hash(User)),
+      <<"hashing_algorithm">> => rabbit_auth_backend_internal:hashing_module_for_user(User),
+      <<"tags">>              => tags_as_binaries(internal_user:get_tags(User)),
+      <<"limits">>            => internal_user:get_limits(User)
+    }.
 
 list_runtime_parameters() ->
     [runtime_parameter_definition(P) || P <- rabbit_runtime_parameters:list(), is_list(P)].
diff --git a/src/rabbit_table.erl b/src/rabbit_table.erl
index 05f9a8d381..7df8844960 100644
--- a/src/rabbit_table.erl
+++ b/src/rabbit_table.erl
@@ -295,9 +295,9 @@ definitions(ram) ->
 definitions() ->
     [{rabbit_user,
       [{record_name, internal_user},
-       {attributes, record_info(fields, internal_user)},
+       {attributes, internal_user:fields()},
        {disc_copies, [node()]},
-       {match, #internal_user{_='_'}}]},
+       {match, internal_user:pattern_match_all()}]},
      {rabbit_user_permission,
       [{record_name, user_permission},
        {attributes, record_info(fields, user_permission)},
diff --git a/test/unit_access_control_SUITE.erl b/test/unit_access_control_SUITE.erl
index fcfd9e2bde..af8f481083 100644
--- a/test/unit_access_control_SUITE.erl
+++ b/test/unit_access_control_SUITE.erl
@@ -94,23 +94,17 @@ password_hashing1(_Config) ->
 
     rabbit_password_hashing_md5    =
         rabbit_auth_backend_internal:hashing_module_for_user(
-          #internal_user{}),
+          internal_user:new()),
     rabbit_password_hashing_md5    =
         rabbit_auth_backend_internal:hashing_module_for_user(
-          #internal_user{
-             hashing_algorithm = undefined
-            }),
+          internal_user:new({hashing_algorithm, undefined})),
     rabbit_password_hashing_md5    =
         rabbit_auth_backend_internal:hashing_module_for_user(
-          #internal_user{
-             hashing_algorithm = rabbit_password_hashing_md5
-            }),
+          internal_user:new({hashing_algorithm, rabbit_password_hashing_md5})),
 
     rabbit_password_hashing_sha256 =
         rabbit_auth_backend_internal:hashing_module_for_user(
-          #internal_user{
-             hashing_algorithm = rabbit_password_hashing_sha256
-            }),
+          internal_user:new({hashing_algorithm, rabbit_password_hashing_sha256})),
 
     passed.
 
@@ -211,23 +205,20 @@ set_tags_for_passwordless_user1(_Config) ->
     ok = rabbit_auth_backend_internal:set_tags(Username, [management],
                                                <<"acting-user">>),
 
-    ?assertMatch(
-       {ok, #internal_user{tags = [management]}},
-       rabbit_auth_backend_internal:lookup_user(Username)),
+    {ok, User1} = rabbit_auth_backend_internal:lookup_user(Username),
+    ?assertEqual([management], internal_user:get_tags(User1)),
 
     ok = rabbit_auth_backend_internal:set_tags(Username, [management, policymaker],
                                                <<"acting-user">>),
 
-    ?assertMatch(
-       {ok, #internal_user{tags = [management, policymaker]}},
-       rabbit_auth_backend_internal:lookup_user(Username)),
+    {ok, User2} = rabbit_auth_backend_internal:lookup_user(Username),
+    ?assertEqual([management, policymaker], internal_user:get_tags(User2)),
 
     ok = rabbit_auth_backend_internal:set_tags(Username, [],
                                                <<"acting-user">>),
 
-    ?assertMatch(
-       {ok, #internal_user{tags = []}},
-       rabbit_auth_backend_internal:lookup_user(Username)),
+    {ok, User3} = rabbit_auth_backend_internal:lookup_user(Username),
+    ?assertEqual([], internal_user:get_tags(User3)),
 
     ok = rabbit_auth_backend_internal:delete_user(Username,
                                                   <<"acting-user">>),