fix: sign in preparation without identity resource (#198)

2024-09-19 12:52:55 +12:00 · 2023-02-19 22:02:04 +01:00 · 2023-02-19 22:02:04 +01:00 · 65e848c5e0
commit 65e848c5e0
parent 73fd65c99c
3 changed files with 49 additions and 1 deletions
--- a/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex
+++ b/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex
@ -55,7 +55,7 @@ defmodule AshAuthentication.Strategy.OAuth2.SignInPreparation do
  end

  defp maybe_update_identity(user, _query, strategy) when is_falsy(strategy.identity_resource),
-    do: user
+    do: {:ok, user}

  defp maybe_update_identity(user, query, strategy) do
    strategy.identity_resource
--- a/test/ash_authentication/strategies/oauth2/actions_test.exs
+++ b/test/ash_authentication/strategies/oauth2/actions_test.exs
@ -42,6 +42,33 @@ defmodule AshAuthentication.Strategy.OAuth2.ActionsTest do
      assert claims["sub"] =~ "user?id=#{user.id}"
    end

+    test "it signs in an existing user when registration and identity are disabled" do
+      {:ok, strategy} = Info.strategy(Example.User, :oauth2_without_identity)
+      user = build_user()
+
+      assert {:ok, signed_in_user} =
+               Actions.sign_in(
+                 strategy,
+                 %{
+                   "user_info" => %{
+                     "nickname" => user.username,
+                     "uid" => user.id,
+                     "sub" => "user:#{user.id}"
+                   },
+                   "oauth_tokens" => %{
+                     "access_token" => Ecto.UUID.generate(),
+                     "expires_in" => 86_400,
+                     "refresh_token" => Ecto.UUID.generate()
+                   }
+                 },
+                 []
+               )
+
+      assert signed_in_user.id == user.id
+      assert {:ok, claims} = Jwt.peek(signed_in_user.__metadata__.token)
+      assert claims["sub"] =~ "user?id=#{user.id}"
+    end
+
    test "it denies sign in for non-existing users when registration is disabled" do
      {:ok, strategy} = Info.strategy(Example.User, :oauth2)
      strategy = %{strategy | registration_enabled?: false}
--- a/test/support/example/user.ex
+++ b/test/support/example/user.ex
@ -79,6 +79,14 @@ defmodule Example.User do
      filter expr(username == get_path(^arg(:user_info), [:nickname]))
    end

+    read :sign_in_with_oauth2_without_identity do
+      argument :user_info, :map, allow_nil?: false
+      argument :oauth_tokens, :map, allow_nil?: false
+      prepare AshAuthentication.Strategy.OAuth2.SignInPreparation
+
+      filter expr(username == get_path(^arg(:user_info), [:nickname]))
+    end
+
    create :register_with_github do
      argument :user_info, :map, allow_nil?: false
      argument :oauth_tokens, :map, allow_nil?: false
@ -179,6 +187,19 @@ defmodule Example.User do
        identity_resource Example.UserIdentity
      end

+      oauth2 :oauth2_without_identity do
+        client_id &get_config/2
+        redirect_uri &get_config/2
+        client_secret &get_config/2
+        site &get_config/2
+        authorize_url &get_config/2
+        token_url &get_config/2
+        user_url &get_config/2
+        authorization_params scope: "openid profile email"
+        auth_method :client_secret_post
+        registration_enabled? false
+      end
+
      auth0 do
        client_id &get_config/2
        redirect_uri &get_config/2