From 65e848c5e0ff90888c219da4abe207324764d6f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannes=20W=C3=BCthrich?= Date: Sun, 19 Feb 2023 22:02:04 +0100 Subject: [PATCH] fix: sign in preparation without identity resource (#198) --- .../strategies/oauth2/sign_in_preparation.ex | 2 +- .../strategies/oauth2/actions_test.exs | 27 +++++++++++++++++++ test/support/example/user.ex | 21 +++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex b/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex index 9edd237..bb227a4 100644 --- a/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex +++ b/lib/ash_authentication/strategies/oauth2/sign_in_preparation.ex @@ -55,7 +55,7 @@ defmodule AshAuthentication.Strategy.OAuth2.SignInPreparation do end defp maybe_update_identity(user, _query, strategy) when is_falsy(strategy.identity_resource), - do: user + do: {:ok, user} defp maybe_update_identity(user, query, strategy) do strategy.identity_resource diff --git a/test/ash_authentication/strategies/oauth2/actions_test.exs b/test/ash_authentication/strategies/oauth2/actions_test.exs index 6e9d02b..1898331 100644 --- a/test/ash_authentication/strategies/oauth2/actions_test.exs +++ b/test/ash_authentication/strategies/oauth2/actions_test.exs @@ -42,6 +42,33 @@ defmodule AshAuthentication.Strategy.OAuth2.ActionsTest do assert claims["sub"] =~ "user?id=#{user.id}" end + test "it signs in an existing user when registration and identity are disabled" do + {:ok, strategy} = Info.strategy(Example.User, :oauth2_without_identity) + user = build_user() + + assert {:ok, signed_in_user} = + Actions.sign_in( + strategy, + %{ + "user_info" => %{ + "nickname" => user.username, + "uid" => user.id, + "sub" => "user:#{user.id}" + }, + "oauth_tokens" => %{ + "access_token" => Ecto.UUID.generate(), + "expires_in" => 86_400, + "refresh_token" => Ecto.UUID.generate() + } + }, + [] + ) + + assert signed_in_user.id == user.id + assert {:ok, claims} = Jwt.peek(signed_in_user.__metadata__.token) + assert claims["sub"] =~ "user?id=#{user.id}" + end + test "it denies sign in for non-existing users when registration is disabled" do {:ok, strategy} = Info.strategy(Example.User, :oauth2) strategy = %{strategy | registration_enabled?: false} diff --git a/test/support/example/user.ex b/test/support/example/user.ex index 4de3822..f2df0a8 100644 --- a/test/support/example/user.ex +++ b/test/support/example/user.ex @@ -79,6 +79,14 @@ defmodule Example.User do filter expr(username == get_path(^arg(:user_info), [:nickname])) end + read :sign_in_with_oauth2_without_identity do + argument :user_info, :map, allow_nil?: false + argument :oauth_tokens, :map, allow_nil?: false + prepare AshAuthentication.Strategy.OAuth2.SignInPreparation + + filter expr(username == get_path(^arg(:user_info), [:nickname])) + end + create :register_with_github do argument :user_info, :map, allow_nil?: false argument :oauth_tokens, :map, allow_nil?: false @@ -179,6 +187,19 @@ defmodule Example.User do identity_resource Example.UserIdentity end + oauth2 :oauth2_without_identity do + client_id &get_config/2 + redirect_uri &get_config/2 + client_secret &get_config/2 + site &get_config/2 + authorize_url &get_config/2 + token_url &get_config/2 + user_url &get_config/2 + authorization_params scope: "openid profile email" + auth_method :client_secret_post + registration_enabled? false + end + auth0 do client_id &get_config/2 redirect_uri &get_config/2