mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-19 12:52:55 +12:00
improvement: validate that tokens are enabled when password resets are enabled. (#758)
Closes #232.
This commit is contained in:
parent
9b9f11c3f0
commit
a8d98ac40b
1 changed files with 37 additions and 1 deletions
|
@ -11,7 +11,8 @@ defmodule AshAuthentication.Strategy.Password.Verifier do
|
||||||
@spec verify(Password.t(), map) :: :ok | {:error, Exception.t()}
|
@spec verify(Password.t(), map) :: :ok | {:error, Exception.t()}
|
||||||
def verify(strategy, dsl_state) do
|
def verify(strategy, dsl_state) do
|
||||||
with :ok <- validate_behaviour(strategy.hash_provider, HashProvider),
|
with :ok <- validate_behaviour(strategy.hash_provider, HashProvider),
|
||||||
:ok <- validate_tokens_enabled_for_sign_in_tokens(dsl_state, strategy) do
|
:ok <- validate_tokens_enabled_for_sign_in_tokens(dsl_state, strategy),
|
||||||
|
:ok <- validate_tokens_enabled_for_resettable(dsl_state, strategy) do
|
||||||
maybe_validate_resettable_sender(dsl_state, strategy)
|
maybe_validate_resettable_sender(dsl_state, strategy)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -69,6 +70,41 @@ defmodule AshAuthentication.Strategy.Password.Verifier do
|
||||||
|
|
||||||
defp validate_tokens_enabled_for_sign_in_tokens(_, _), do: :ok
|
defp validate_tokens_enabled_for_sign_in_tokens(_, _), do: :ok
|
||||||
|
|
||||||
|
defp validate_tokens_enabled_for_resettable(dsl_state, %{resettable: resettable, name: name})
|
||||||
|
when is_struct(resettable) do
|
||||||
|
resource = Verifier.get_persisted(dsl_state, :module)
|
||||||
|
|
||||||
|
if Info.authentication_tokens_enabled?(dsl_state) do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
{:error,
|
||||||
|
DslError.exception(
|
||||||
|
module: resource,
|
||||||
|
path: [
|
||||||
|
:authentication,
|
||||||
|
:strategies,
|
||||||
|
:password,
|
||||||
|
name,
|
||||||
|
:resettable
|
||||||
|
],
|
||||||
|
message: """
|
||||||
|
The `resettable` option requires that tokens are enabled for your resource. For example:
|
||||||
|
|
||||||
|
|
||||||
|
authentication do
|
||||||
|
...
|
||||||
|
|
||||||
|
tokens do
|
||||||
|
enabled? true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
"""
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp validate_tokens_enabled_for_resettable(_, _), do: :ok
|
||||||
|
|
||||||
defp maybe_validate_resettable_sender(dsl_state, %{resettable: resettable})
|
defp maybe_validate_resettable_sender(dsl_state, %{resettable: resettable})
|
||||||
when is_struct(resettable) do
|
when is_struct(resettable) do
|
||||||
with {:ok, {sender, _opts}} <- Map.fetch(resettable, :sender),
|
with {:ok, {sender, _opts}} <- Map.fetch(resettable, :sender),
|
||||||
|
|
Loading…
Reference in a new issue