From 62d458f6292a4808a39063233ac57d5b035b68d4 Mon Sep 17 00:00:00 2001 From: Zach Daniel Date: Mon, 18 Sep 2023 18:16:37 -0400 Subject: [PATCH] fix: only use sign in token expiration for sign in tokens (#424) --- .../generate_token_change.ex | 2 +- .../password/sign_in_preparation.ex | 25 +++++++++++++------ .../user_identity/transformer.ex | 5 +++- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/lib/ash_authentication/generate_token_change.ex b/lib/ash_authentication/generate_token_change.ex index b3ceffc..37db6a3 100644 --- a/lib/ash_authentication/generate_token_change.ex +++ b/lib/ash_authentication/generate_token_change.ex @@ -24,7 +24,7 @@ defmodule AshAuthentication.GenerateTokenChange do end defp generate_token(purpose, record, strategy) - when purpose in [:user, :sign_in] and is_integer(strategy.sign_in_token_lifetime) do + when is_integer(strategy.sign_in_token_lifetime) and purpose == :sign_in do {:ok, token, _claims} = Jwt.token_for_user(record, %{"purpose" => to_string(purpose)}, token_lifetime: strategy.sign_in_token_lifetime diff --git a/lib/ash_authentication/strategies/password/sign_in_preparation.ex b/lib/ash_authentication/strategies/password/sign_in_preparation.ex index 1f44931..635abaf 100644 --- a/lib/ash_authentication/strategies/password/sign_in_preparation.ex +++ b/lib/ash_authentication/strategies/password/sign_in_preparation.ex @@ -14,7 +14,7 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do """ use Ash.Resource.Preparation alias AshAuthentication.{Errors.AuthenticationFailed, Info, Jwt} - alias Ash.{Error.Unknown, Query, Resource, Resource.Preparation} + alias Ash.{Error.Unknown, Query, Resource.Preparation} require Ash.Query @doc false @@ -112,14 +112,25 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do defp maybe_generate_token(purpose, record, strategy) when purpose in [:user, :sign_in] do if AshAuthentication.Info.authentication_tokens_enabled?(record.__struct__) do - {:ok, token, _claims} = - Jwt.token_for_user(record, %{"purpose" => to_string(purpose)}, - token_lifetime: strategy.sign_in_token_lifetime - ) - - Resource.put_metadata(record, :token, token) + generate_token(purpose, record, strategy) else record end end + + defp generate_token(purpose, record, strategy) + when is_integer(strategy.sign_in_token_lifetime) and purpose == :sign_in do + {:ok, token, _claims} = + Jwt.token_for_user(record, %{"purpose" => to_string(purpose)}, + token_lifetime: strategy.sign_in_token_lifetime + ) + + Ash.Resource.put_metadata(record, :token, token) + end + + defp generate_token(purpose, record, _strategy) do + {:ok, token, _claims} = Jwt.token_for_user(record, %{"purpose" => to_string(purpose)}) + + Ash.Resource.put_metadata(record, :token, token) + end end diff --git a/lib/ash_authentication/user_identity/transformer.ex b/lib/ash_authentication/user_identity/transformer.ex index 28d10aa..dae2b31 100644 --- a/lib/ash_authentication/user_identity/transformer.ex +++ b/lib/ash_authentication/user_identity/transformer.ex @@ -295,7 +295,10 @@ defmodule AshAuthentication.UserIdentity.Transformer do end defp build_destroy_action(_dsl_state, action_name) do - Transformer.build_entity(Resource.Dsl, [:actions], :destroy, name: action_name, primary?: true) + Transformer.build_entity(Resource.Dsl, [:actions], :destroy, + name: action_name, + primary?: true + ) end defp validate_destroy_action(dsl_state, action_name) do