fix(Confirmation): correctly generate confirmation token subjects. (#124)

lib/ash_authentication/add_ons/confirmation.ex

@@ -97,7 +97,7 @@ defmodule AshAuthentication.AddOn.Confirmation do
             provider: :confirmation,
             name: :confirm
 
-  alias Ash.Changeset
+  alias Ash.{Changeset, Resource}
   alias AshAuthentication.{AddOn.Confirmation, Jwt}
 
   @type t :: %Confirmation{
@@ -120,14 +120,14 @@ defmodule AshAuthentication.AddOn.Confirmation do
   This will generate a token with the `"act"` claim set to the confirmation
   action for the strategy, and the `"chg"` claim will contain any changes.
   """
-  @spec confirmation_token(Confirmation.t(), Changeset.t()) ::
+  @spec confirmation_token(Confirmation.t(), Changeset.t(), Resource.record()) ::
           {:ok, String.t()} | :error | {:error, any}
-  def confirmation_token(strategy, changeset) do
+  def confirmation_token(strategy, changeset, user) do
     claims = %{"act" => strategy.confirm_action_name}
     token_lifetime = strategy.token_lifetime * 3600
 
     with {:ok, token, _claims} <-
-           Jwt.token_for_user(changeset.data, claims, token_lifetime: token_lifetime),
+           Jwt.token_for_user(user, claims, token_lifetime: token_lifetime),
          :ok <- Confirmation.Actions.store_changes(strategy, token, changeset) do
       {:ok, token}
     end

lib/ash_authentication/add_ons/confirmation/confirmation_hook_change.ex

@@ -74,7 +74,7 @@ defmodule AshAuthentication.AddOn.Confirmation.ConfirmationHookChange do
     changeset
     |> Changeset.after_action(fn _changeset, user ->
       strategy
-      |> Confirmation.confirmation_token(original_changeset)
+      |> Confirmation.confirmation_token(original_changeset, user)
       |> case do
         {:ok, token} ->
           {sender, send_opts} = strategy.sender

test/ash_authentication/add_ons/confirmation/actions_test.exs

@@ -16,7 +16,7 @@ defmodule AshAuthentication.AddOn.Confirmation.ActionsTest do
         user
         |> Changeset.for_update(:update, %{"username" => username()})
 
-      {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+      {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
 
       Example.Repo.delete!(user)
 
@@ -40,7 +40,7 @@ defmodule AshAuthentication.AddOn.Confirmation.ActionsTest do
         user
         |> Changeset.for_update(:update, %{"username" => new_username})
 
-      {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+      {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
 
       assert {:ok, confirmed_user} = Actions.confirm(strategy, %{"confirm" => token}, [])
 

test/ash_authentication/add_ons/confirmation/confirmation_test.exs

@@ -7,7 +7,7 @@ defmodule AshAuthentication.AddOn.ConfirmationTest do
 
   doctest Confirmation
 
-  describe "confirmation_token/2" do
+  describe "confirmation_token/3" do
     test "it generates a confirmation token" do
       {:ok, strategy} = Info.strategy(Example.User, :confirm)
       user = build_user()
@@ -15,9 +15,10 @@ defmodule AshAuthentication.AddOn.ConfirmationTest do
       new_username = username()
       changeset = Changeset.for_update(user, :update, %{"username" => new_username})
 
-      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
       assert {:ok, claims} = Jwt.peek(token)
       assert claims["act"] == to_string(strategy.confirm_action_name)
+      assert claims["sub"] == to_string("user?id=#{user.id}")
     end
 
     test "it stores changes in the token resource" do
@@ -27,10 +28,9 @@ defmodule AshAuthentication.AddOn.ConfirmationTest do
       new_username = username()
       changeset = Changeset.for_update(user, :update, %{"username" => new_username})
 
-      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
       assert {:ok, claims} = Jwt.peek(token)
       assert {:ok, changes} = Confirmation.Actions.get_changes(strategy, claims["jti"])
-
       assert [{"username", new_username}] == Enum.to_list(changes)
     end
 
@@ -41,9 +41,8 @@ defmodule AshAuthentication.AddOn.ConfirmationTest do
       new_username = username()
       changeset = Changeset.for_update(user, :update, %{"username" => new_username})
 
-      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+      assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
       assert {:ok, claims} = Jwt.peek(token)
-
       refute Map.has_key?(claims, "chg")
     end
   end
@@ -55,7 +54,7 @@ defmodule AshAuthentication.AddOn.ConfirmationTest do
     new_username = username()
     changeset = Changeset.for_update(user, :update, %{"username" => new_username})
 
-    assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset)
+    assert {:ok, token} = Confirmation.confirmation_token(strategy, changeset, user)
     token
   end
 

test/ash_authentication/add_ons/confirmation/plug_test.exs

@@ -20,7 +20,8 @@ defmodule AshAuthentication.AddOn.Confirmation.PlugTest do
       {:ok, token} =
         Confirmation.confirmation_token(
           strategy,
-          Changeset.for_update(user, :update, %{"username" => username()})
+          Changeset.for_update(user, :update, %{"username" => username()}),
+          user
         )
 
       Example.Repo.delete!(user)
@@ -63,7 +64,8 @@ defmodule AshAuthentication.AddOn.Confirmation.PlugTest do
       {:ok, token} =
         Confirmation.confirmation_token(
           strategy,
-          Changeset.for_update(user, :update, %{"username" => username()})
+          Changeset.for_update(user, :update, %{"username" => username()}),
+          user
         )
 
       params = %{