Auth: Fixed potential NPE problems && Added clear cache option to clear the stale auth cache (#17426)

* fix

* clear

Author: Caideyipi

integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSystemPermissionIT.java

@@ -213,6 +213,7 @@ public void maintainOperationsTest() {
     grantUserSystemPrivileges("test6", PrivilegeType.SYSTEM);
     executeNonQuery("flush", "test6", "test123123456");
     executeNonQuery("clear cache", "test6", "test123123456");
+    executeNonQuery("clear auth cache", "test6", "test123123456");
     executeNonQuery("set system to readonly", "test6", "test123123456");
     executeNonQuery("set system to running", "test6", "test123123456");
     executeNonQuery(

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IdentifierParser.g4

@@ -291,6 +291,7 @@ keyWords
     | WRITABLE
     | WRITE
     | AUDIT
+    | AUTH
     | OPTION
     | INF
     | CURRENT_TIMESTAMP

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/IoTDBSqlParser.g4

@@ -1211,7 +1211,7 @@ flush
 
 // Clear Cache
 clearCache
-    : CLEAR (SCHEMA | QUERY | ALL)? CACHE (ON (LOCAL | CLUSTER))?
+    : CLEAR (SCHEMA | QUERY | AUTH | ALL)? CACHE (ON (LOCAL | CLUSTER))?
     ;
 
 // Set Configuration

iotdb-core/antlr/src/main/antlr4/org/apache/iotdb/db/qp/sql/SqlLexer.g4

@@ -1195,6 +1195,10 @@ AUDIT
     : A U D I T
     ;
 
+AUTH
+    : A U T H
+    ;
+
 REPAIR
     : R E P A I R
     ;

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java

@@ -133,6 +133,10 @@ public static boolean invalidateCache(String username, String roleName) {
     return authorityFetcher.get().getAuthorCache().invalidateCache(username, roleName);
   }
 
+  public static void invalidateAllCache() {
+    authorityFetcher.get().getAuthorCache().invalidAllCache();
+  }
+
   public static User getUser(String username) {
     return authorityFetcher.get().getUser(username);
   }

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/BasicAuthorityCache.java

@@ -81,8 +81,9 @@ public void putRoleCache(String roleName, Role role) {
   @Override
   public boolean invalidateCache(final String userName, final String roleName) {
     if (userName != null) {
-      if (userCache.getIfPresent(userName) != null) {
-        Set<String> roleSet = userCache.getIfPresent(userName).getRoleSet();
+      final User user = userCache.getIfPresent(userName);
+      if (user != null) {
+        final Set<String> roleSet = user.getRoleSet();
         if (!roleSet.isEmpty()) {
           roleCache.invalidateAll(roleSet);
         }

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/thrift/impl/DataNodeInternalRPCServiceImpl.java

@@ -2454,6 +2454,9 @@ public TSStatus clearCacheImpl(final Set<CacheClearOptions> options) {
           || options.contains(CacheClearOptions.QUERY)) {
         storageEngine.clearCache();
       }
+      if (options.contains(CacheClearOptions.AUTH)) {
+        AuthorityChecker.invalidateAllCache();
+      }
       if (options.contains(CacheClearOptions.QUERY)
           && options.contains(CacheClearOptions.TABLE_ATTRIBUTE)
           && options.contains(CacheClearOptions.TREE_SCHEMA)) {

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/parser/ASTVisitor.java

@@ -3703,13 +3703,16 @@ public Statement visitClearCache(IoTDBSqlParser.ClearCacheContext ctx) {
       clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.TREE_SCHEMA));
     } else if (ctx.QUERY() != null) {
       clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.QUERY));
+    } else if (ctx.AUTH() != null) {
+      clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.AUTH));
     } else if (ctx.ALL() != null) {
       clearCacheStatement.setOptions(
           new HashSet<>(
               Arrays.asList(
                   CacheClearOptions.TABLE_ATTRIBUTE,
                   CacheClearOptions.TREE_SCHEMA,
-                  CacheClearOptions.QUERY)));
+                  CacheClearOptions.QUERY,
+                  CacheClearOptions.AUTH)));
     } else {
       clearCacheStatement.setOptions(Collections.singleton(CacheClearOptions.DEFAULT));
     }

iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/relational/sql/parser/AstBuilder.java

@@ -1605,13 +1605,16 @@ public Node visitClearCacheStatement(final RelationalSqlParser.ClearCacheStateme
       options = Collections.singleton(CacheClearOptions.TABLE_ATTRIBUTE);
     } else if (context.QUERY() != null) {
       options = Collections.singleton(CacheClearOptions.QUERY);
+    } else if (context.AUTH() != null) {
+      options = Collections.singleton(CacheClearOptions.AUTH);
     } else {
       options =
           new HashSet<>(
               Arrays.asList(
                   CacheClearOptions.TABLE_ATTRIBUTE,
                   CacheClearOptions.TREE_SCHEMA,
-                  CacheClearOptions.QUERY));
+                  CacheClearOptions.QUERY,
+                  CacheClearOptions.AUTH));
     }
     return new ClearCache(
         Objects.isNull(ctx.localOrClusterMode())

iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java

@@ -136,12 +136,12 @@ public boolean login(
   @Override
   public String login4Pipe(final String username, final String password) {
     final User user = userManager.getEntity(username);
-    if (Objects.isNull(password)) {
-      return user.getPassword();
-    }
     if (user == null) {
       return null;
     }
+    if (Objects.isNull(password)) {
+      return user.getPassword();
+    }
     if (AuthUtils.validatePassword(
         password, user.getPassword(), AsymmetricEncrypt.DigestAlgorithm.SHA_256)) {
       return user.getPassword();