fix(emqx_auth): check authenticator exists in /authenticator/:id/users

apps/emqx_auth/src/emqx_authn/emqx_authn_api.erl

@@ -1111,10 +1111,7 @@ list_users(ChainName, AuthenticatorID, QueryString) ->
         {error, page_limit_invalid} ->
             {400, #{code => <<"INVALID_PARAMETER">>, message => <<"page_limit_invalid">>}};
         {error, Reason} ->
-            {400, #{
-                code => <<"INVALID_PARAMETER">>,
-                message => list_to_binary(io_lib:format("Reason ~p", [Reason]))
-            }};
+            serialize_error({user_error, Reason});
         Result ->
             {200, Result}
     end.
@@ -1176,6 +1173,16 @@ serialize_error({user_error, not_found}) ->
         code => <<"NOT_FOUND">>,
         message => binfmt("User not found", [])
     }};
+serialize_error({user_error, {not_found, {chain, ?GLOBAL}}}) ->
+    {404, #{
+        code => <<"NOT_FOUND">>,
+        message => <<"Authenticator not found in the 'global' scope">>
+    }};
+serialize_error({user_error, {not_found, {chain, Name}}}) ->
+    {400, #{
+        code => <<"BAD_REQUEST">>,
+        message => binfmt("No authentication has been created for listener ~p", [Name])
+    }};
 serialize_error({user_error, already_exist}) ->
     {409, #{
         code => <<"ALREADY_EXISTS">>,

apps/emqx_auth/test/emqx_authn/emqx_authn_api_SUITE.erl

@@ -435,6 +435,19 @@ test_authenticator_position(PathPrefix) ->
         PathPrefix ++ [?CONF_NS]
     ).
 
+t_authenticator_users_not_found(_) ->
+    GlobalUser = #{user_id => <<"global_user">>, password => <<"p1">>},
+    {ok, 404, _} = request(
+        get,
+        uri([?CONF_NS, "password_based:built_in_database", "users"])
+    ),
+    {ok, 404, _} = request(
+        post,
+        uri([?CONF_NS, "password_based:built_in_database", "users"]),
+        GlobalUser
+    ),
+    ok.
+
 %% listener authn api is not supported since 5.1.0
 %% Don't support listener switch to global chain.
 ignore_switch_to_global_chain(_) ->