From 826adacf1154546088c13ca751635b25b25d236f Mon Sep 17 00:00:00 2001
From: Mikhail Uvarov <arcusfelis@gmail.com>
Date: Thu, 10 Feb 2022 10:23:31 +0100
Subject: [PATCH] Calculate a list of auth modules once on creds initialization

---
 src/auth/ejabberd_auth.erl   | 13 ++++++++++---
 src/mongoose_credentials.erl | 13 ++++++++++---
 test/auth_jwt_SUITE.erl      |  4 ++++
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/auth/ejabberd_auth.erl b/src/auth/ejabberd_auth.erl
index abbc75866b2..f4a276bbe03 100644
--- a/src/auth/ejabberd_auth.erl
+++ b/src/auth/ejabberd_auth.erl
@@ -53,7 +53,8 @@
 -export([check_digest/4]).
 
 -export([auth_modules/1,
-         auth_methods/1]).
+         auth_methods/1,
+         auth_modules_for_host_type/1]).
 
 %% Library functions for reuse in ejabberd_auth_* modules
 -export([authorize_with_check_password/2]).
@@ -132,7 +133,6 @@ supports_sasl_module(HostType, SASLModule) ->
 -spec authorize(mongoose_credentials:t()) -> {ok, mongoose_credentials:t()}
                                            | {error, not_authorized}.
 authorize(Creds) ->
-    HostType = mongoose_credentials:host_type(Creds),
     F = fun(Mod, {_CurResult, CurCreds}) ->
                 case mongoose_gen_auth:authorize(Mod, CurCreds) of
                     {ok, NewCreds} ->
@@ -143,7 +143,7 @@ authorize(Creds) ->
                 end
         end,
     Opts = #{default => {not_authorized, Creds}, metric => authorize},
-    case call_auth_modules_for_host_type(HostType, F, Opts) of
+    case call_auth_modules_with_creds(Creds, F, Opts) of
         Res = {ok, _Creds} -> Res;
         {not_authorized, _Creds} -> {error, not_authorized}
     end.
@@ -508,6 +508,13 @@ call_auth_modules_for_host_type(HostType, F, Opts) ->
     Modules = auth_modules_for_host_type(HostType),
     call_auth_modules(Modules, F, Opts).
 
+-spec call_auth_modules_with_creds(mongoose_credentials:t(),
+                                   mod_fun() | mod_fold_fun(), call_opts()) ->
+          mod_res() | [mod_res()].
+call_auth_modules_with_creds(Creds, F, Opts) ->
+    Modules = mongoose_credentials:auth_modules(Creds),
+    call_auth_modules(Modules, F, Opts).
+
 %% @doc Perform a map or a fold operation with function F over the provided Modules
 -spec call_auth_modules([authmodule()], mod_fun() | mod_fold_fun(), call_opts()) ->
           mod_res() | [mod_res()].
diff --git a/src/mongoose_credentials.erl b/src/mongoose_credentials.erl
index bb5ac75a0b8..0fedc48c1be 100644
--- a/src/mongoose_credentials.erl
+++ b/src/mongoose_credentials.erl
@@ -3,6 +3,7 @@
 -export([new/2,
          lserver/1,
          host_type/1,
+         auth_modules/1,
          get/2, get/3,
          set/3,
          extend/2,
@@ -10,7 +11,7 @@
 
 -export_type([t/0]).
 
--record(mongoose_credentials, {lserver, host_type, registry = [], extra = []}).
+-record(mongoose_credentials, {lserver, host_type, registry = [], extra = [], modules}).
 
 -type auth_event() :: any().
 
@@ -22,11 +23,14 @@
                            registry :: [{ejabberd_gen_auth:t(), auth_event()}],
                            %% These values are dependent on the ejabberd_auth backend in use.
                            %% Each backend may require different values to be present.
-                           extra :: [proplists:property()] }.
+                           extra :: [proplists:property()],
+                           modules :: [ejabberd_auth:authmodule()] }.
 
 -spec new(jid:lserver(), binary()) -> mongoose_credentials:t().
 new(LServer, HostType) when is_binary(LServer), is_binary(HostType) ->
-    #mongoose_credentials{lserver = LServer, host_type = HostType}.
+    Modules = ejabberd_auth:auth_modules_for_host_type(HostType),
+    #mongoose_credentials{lserver = LServer, host_type = HostType,
+                          modules = Modules}.
 
 -spec host_type(t()) -> mongooseim:host_type().
 host_type(#mongoose_credentials{host_type = HostType}) -> HostType.
@@ -34,6 +38,9 @@ host_type(#mongoose_credentials{host_type = HostType}) -> HostType.
 -spec lserver(t()) -> jid:lserver().
 lserver(#mongoose_credentials{lserver = S}) -> S.
 
+-spec auth_modules(t()) -> [ejabberd_auth:authmodule()].
+auth_modules(#mongoose_credentials{modules = Modules}) -> Modules.
+
 %% @doc Calls erlang:error/2 when Key is not found!
 -spec get(t(), Key) -> Value when
       Key :: any(),
diff --git a/test/auth_jwt_SUITE.erl b/test/auth_jwt_SUITE.erl
index fb10f4a4108..f7b3df781b5 100644
--- a/test/auth_jwt_SUITE.erl
+++ b/test/auth_jwt_SUITE.erl
@@ -45,10 +45,14 @@ suite() ->
 
 init_per_suite(Config) ->
     application:ensure_all_started(jid),
+    meck:new(ejabberd_auth, [no_link, passthrough]),
+    meck:expect(ejabberd_auth, auth_modules_for_host_type,
+                fun(_) -> [] end),
     Config.
 
 end_per_suite(Config) ->
     unset_auth_opts(),
+    meck:unload(ejabberd_auth),
     Config.
 
 init_per_group(public_key, Config) ->