mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-19 21:03:23 +12:00
fix: sign in preparation without identity resource (#198)
This commit is contained in:
parent
73fd65c99c
commit
65e848c5e0
3 changed files with 49 additions and 1 deletions
|
@ -55,7 +55,7 @@ defmodule AshAuthentication.Strategy.OAuth2.SignInPreparation do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_update_identity(user, _query, strategy) when is_falsy(strategy.identity_resource),
|
defp maybe_update_identity(user, _query, strategy) when is_falsy(strategy.identity_resource),
|
||||||
do: user
|
do: {:ok, user}
|
||||||
|
|
||||||
defp maybe_update_identity(user, query, strategy) do
|
defp maybe_update_identity(user, query, strategy) do
|
||||||
strategy.identity_resource
|
strategy.identity_resource
|
||||||
|
|
|
@ -42,6 +42,33 @@ defmodule AshAuthentication.Strategy.OAuth2.ActionsTest do
|
||||||
assert claims["sub"] =~ "user?id=#{user.id}"
|
assert claims["sub"] =~ "user?id=#{user.id}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it signs in an existing user when registration and identity are disabled" do
|
||||||
|
{:ok, strategy} = Info.strategy(Example.User, :oauth2_without_identity)
|
||||||
|
user = build_user()
|
||||||
|
|
||||||
|
assert {:ok, signed_in_user} =
|
||||||
|
Actions.sign_in(
|
||||||
|
strategy,
|
||||||
|
%{
|
||||||
|
"user_info" => %{
|
||||||
|
"nickname" => user.username,
|
||||||
|
"uid" => user.id,
|
||||||
|
"sub" => "user:#{user.id}"
|
||||||
|
},
|
||||||
|
"oauth_tokens" => %{
|
||||||
|
"access_token" => Ecto.UUID.generate(),
|
||||||
|
"expires_in" => 86_400,
|
||||||
|
"refresh_token" => Ecto.UUID.generate()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
[]
|
||||||
|
)
|
||||||
|
|
||||||
|
assert signed_in_user.id == user.id
|
||||||
|
assert {:ok, claims} = Jwt.peek(signed_in_user.__metadata__.token)
|
||||||
|
assert claims["sub"] =~ "user?id=#{user.id}"
|
||||||
|
end
|
||||||
|
|
||||||
test "it denies sign in for non-existing users when registration is disabled" do
|
test "it denies sign in for non-existing users when registration is disabled" do
|
||||||
{:ok, strategy} = Info.strategy(Example.User, :oauth2)
|
{:ok, strategy} = Info.strategy(Example.User, :oauth2)
|
||||||
strategy = %{strategy | registration_enabled?: false}
|
strategy = %{strategy | registration_enabled?: false}
|
||||||
|
|
|
@ -79,6 +79,14 @@ defmodule Example.User do
|
||||||
filter expr(username == get_path(^arg(:user_info), [:nickname]))
|
filter expr(username == get_path(^arg(:user_info), [:nickname]))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
read :sign_in_with_oauth2_without_identity do
|
||||||
|
argument :user_info, :map, allow_nil?: false
|
||||||
|
argument :oauth_tokens, :map, allow_nil?: false
|
||||||
|
prepare AshAuthentication.Strategy.OAuth2.SignInPreparation
|
||||||
|
|
||||||
|
filter expr(username == get_path(^arg(:user_info), [:nickname]))
|
||||||
|
end
|
||||||
|
|
||||||
create :register_with_github do
|
create :register_with_github do
|
||||||
argument :user_info, :map, allow_nil?: false
|
argument :user_info, :map, allow_nil?: false
|
||||||
argument :oauth_tokens, :map, allow_nil?: false
|
argument :oauth_tokens, :map, allow_nil?: false
|
||||||
|
@ -179,6 +187,19 @@ defmodule Example.User do
|
||||||
identity_resource Example.UserIdentity
|
identity_resource Example.UserIdentity
|
||||||
end
|
end
|
||||||
|
|
||||||
|
oauth2 :oauth2_without_identity do
|
||||||
|
client_id &get_config/2
|
||||||
|
redirect_uri &get_config/2
|
||||||
|
client_secret &get_config/2
|
||||||
|
site &get_config/2
|
||||||
|
authorize_url &get_config/2
|
||||||
|
token_url &get_config/2
|
||||||
|
user_url &get_config/2
|
||||||
|
authorization_params scope: "openid profile email"
|
||||||
|
auth_method :client_secret_post
|
||||||
|
registration_enabled? false
|
||||||
|
end
|
||||||
|
|
||||||
auth0 do
|
auth0 do
|
||||||
client_id &get_config/2
|
client_id &get_config/2
|
||||||
redirect_uri &get_config/2
|
redirect_uri &get_config/2
|
||||||
|
|
Loading…
Reference in a new issue