improvement: Set Ash actor and tenant when executing internal plugs. (#115)

Closes #114.
2024-09-20 05:13:10 +12:00 · 2023-01-09 16:30:00 +13:00 · 2023-01-09 16:30:00 +13:00 · 34b9d94f51
commit 34b9d94f51
parent 757290f508
3 changed files with 41 additions and 47 deletions
--- a/lib/ash_authentication/plug/router.ex
+++ b/lib/ash_authentication/plug/router.ex
@ -6,7 +6,7 @@ defmodule AshAuthentication.Plug.Router do
  Used internally by `AshAuthentication.Plug`.
  """

-  alias AshAuthentication.{Info, Strategy}
+  alias AshAuthentication.{Info, Plug.Dispatcher, Strategy}

  @doc false
  @spec __using__(keyword) :: Macro.t()
@ -41,10 +41,10 @@ defmodule AshAuthentication.Plug.Router do
        |> Map.new()

      for {path, config} <- routes do
-        match(path, to: AshAuthentication.Plug.Dispatcher, init_opts: [config])
+        match(path, to: Dispatcher, init_opts: [config])
      end

-      match(_, to: AshAuthentication.Plug.Dispatcher, init_opts: [unquote(return_to)])
+      match(_, to: Dispatcher, init_opts: [unquote(return_to)])
    end
  end
 end
--- a/lib/ash_authentication/strategies/oauth2/plug.ex
+++ b/lib/ash_authentication/strategies/oauth2/plug.ex
@ -8,6 +8,7 @@ defmodule AshAuthentication.Strategy.OAuth2.Plug do
  alias Assent.{Config, HTTPAdapter.Mint}
  alias Assent.Strategy.OAuth2, as: Assent
  alias Plug.Conn
+  import Ash.PlugHelpers, only: [get_actor: 1, get_tenant: 1]
  import AshAuthentication.Plug.Helpers, only: [store_authentication_result: 2]
  import Plug.Conn

@ -46,8 +47,13 @@ defmodule AshAuthentication.Strategy.OAuth2.Plug do
         conn <- delete_session(conn, session_key),
         config <- Config.put(config, :session_params, session_params),
         {:ok, %{user: user, token: token}} <- Assent.callback(config, conn.params),
+         action_opts <- action_opts(conn),
         {:ok, user} <-
-           register_or_sign_in_user(strategy, %{user_info: user, oauth_tokens: token}) do
+           register_or_sign_in_user(
+             strategy,
+             %{user_info: user, oauth_tokens: token},
+             action_opts
+           ) do
      store_authentication_result(conn, {:ok, user})
    else
      nil -> store_authentication_result(conn, {:error, nil})
@ -55,6 +61,11 @@ defmodule AshAuthentication.Strategy.OAuth2.Plug do
    end
  end

+  defp action_opts(conn) do
+    [actor: get_actor(conn), tenant: get_tenant(conn)]
+    |> Enum.reject(&is_nil(elem(&1, 1)))
+  end
+
  defp config_for(strategy) do
    with {:ok, client_id} <- fetch_secret(strategy, :client_id),
         {:ok, site} <- fetch_secret(strategy, :site),
@ -83,10 +94,11 @@ defmodule AshAuthentication.Strategy.OAuth2.Plug do
    end
  end

-  defp register_or_sign_in_user(strategy, params) when strategy.registration_enabled?,
-    do: Strategy.action(strategy, :register, params)
+  defp register_or_sign_in_user(strategy, params, opts) when strategy.registration_enabled?,
+    do: Strategy.action(strategy, :register, params, opts)

-  defp register_or_sign_in_user(strategy, params), do: Strategy.action(strategy, :sign_in, params)
+  defp register_or_sign_in_user(strategy, params, opts),
+    do: Strategy.action(strategy, :sign_in, params, opts)

  # We need to temporarily store some information about the request in the
  # session so that we can verify that there hasn't been a CSRF-related attack.
--- a/lib/ash_authentication/strategies/password/plug.ex
+++ b/lib/ash_authentication/strategies/password/plug.ex
@ -7,66 +7,43 @@ defmodule AshAuthentication.Strategy.Password.Plug do

  alias AshAuthentication.{Info, Strategy, Strategy.Password}
  alias Plug.Conn
+  import Ash.PlugHelpers, only: [get_actor: 1, get_tenant: 1]
  import AshAuthentication.Plug.Helpers, only: [store_authentication_result: 2]

  @doc "Handle a registration request"
  @spec register(Conn.t(), Password.t()) :: Conn.t()
  def register(conn, strategy) do
-    params =
-      conn
-      |> subject_params(strategy)
-
-    result =
-      strategy
-      |> Strategy.action(:register, params)
-
-    conn
-    |> store_authentication_result(result)
+    params = subject_params(conn, strategy)
+    opts = opts(conn)
+    result = Strategy.action(strategy, :register, params, opts)
+    store_authentication_result(conn, result)
  end

  @doc "Handle a sign-in request"
  @spec sign_in(Conn.t(), Password.t()) :: Conn.t()
  def sign_in(conn, strategy) do
-    params =
-      conn
-      |> subject_params(strategy)
-
-    result =
-      strategy
-      |> Strategy.action(:sign_in, params)
-
-    conn
-    |> store_authentication_result(result)
+    params = subject_params(conn, strategy)
+    opts = opts(conn)
+    result = Strategy.action(strategy, :sign_in, params, opts)
+    store_authentication_result(conn, result)
  end

  @doc "Handle a reset request request"
  @spec reset_request(Conn.t(), Password.t()) :: Conn.t()
  def reset_request(conn, strategy) do
-    params =
-      conn
-      |> subject_params(strategy)
-
-    result =
-      strategy
-      |> Strategy.action(:reset_request, params)
-
-    conn
-    |> store_authentication_result(result)
+    params = subject_params(conn, strategy)
+    opts = opts(conn)
+    result = Strategy.action(strategy, :reset_request, params, opts)
+    store_authentication_result(conn, result)
  end

  @doc "Handle a reset request"
  @spec reset(Conn.t(), Password.t()) :: Conn.t()
  def reset(conn, strategy) do
-    params =
-      conn
-      |> subject_params(strategy)
-
-    result =
-      strategy
-      |> Strategy.action(:reset, params)
-
-    conn
-    |> store_authentication_result(result)
+    params = subject_params(conn, strategy)
+    opts = opts(conn)
+    result = Strategy.action(strategy, :reset, params, opts)
+    store_authentication_result(conn, result)
  end

  defp subject_params(conn, strategy) do
@ -77,4 +54,9 @@ defmodule AshAuthentication.Strategy.Password.Plug do

    Map.get(conn.params, subject_name, %{})
  end
+
+  defp opts(conn) do
+    [actor: get_actor(conn), tenant: get_tenant(conn)]
+    |> Enum.reject(&is_nil(elem(&1, 1)))
+  end
 end