fix: only use sign in token expiration for sign in tokens

2024-09-17 03:43:04 +12:00 · 2023-09-18 17:50:43 -04:00 · 2023-09-18 17:50:43 -04:00 · febe1cd3f0
commit febe1cd3f0
parent 0a089693e3
3 changed files with 23 additions and 9 deletions
--- a/lib/ash_authentication/generate_token_change.ex
+++ b/lib/ash_authentication/generate_token_change.ex
@ -24,7 +24,7 @@ defmodule AshAuthentication.GenerateTokenChange do
  end

  defp generate_token(purpose, record, strategy)
-       when purpose in [:user, :sign_in] and is_integer(strategy.sign_in_token_lifetime) do
+       when is_integer(strategy.sign_in_token_lifetime) and purpose == :sign_in do
    {:ok, token, _claims} =
      Jwt.token_for_user(record, %{"purpose" => to_string(purpose)},
        token_lifetime: strategy.sign_in_token_lifetime
--- a/lib/ash_authentication/strategies/password/sign_in_preparation.ex
+++ b/lib/ash_authentication/strategies/password/sign_in_preparation.ex
@ -14,7 +14,7 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do
  """
  use Ash.Resource.Preparation
  alias AshAuthentication.{Errors.AuthenticationFailed, Info, Jwt}
-  alias Ash.{Error.Unknown, Query, Resource, Resource.Preparation}
+  alias Ash.{Error.Unknown, Query, Resource.Preparation}
  require Ash.Query

  @doc false
@ -112,14 +112,25 @@ defmodule AshAuthentication.Strategy.Password.SignInPreparation do

  defp maybe_generate_token(purpose, record, strategy) when purpose in [:user, :sign_in] do
    if AshAuthentication.Info.authentication_tokens_enabled?(record.__struct__) do
-      {:ok, token, _claims} =
-        Jwt.token_for_user(record, %{"purpose" => to_string(purpose)},
-          token_lifetime: strategy.sign_in_token_lifetime
-        )
-
-      Resource.put_metadata(record, :token, token)
+      generate_token(purpose, record, strategy)
    else
      record
    end
  end
+
+  defp generate_token(purpose, record, strategy)
+       when is_integer(strategy.sign_in_token_lifetime) and purpose == :sign_in do
+    {:ok, token, _claims} =
+      Jwt.token_for_user(record, %{"purpose" => to_string(purpose)},
+        token_lifetime: strategy.sign_in_token_lifetime
+      )
+
+    Ash.Resource.put_metadata(record, :token, token)
+  end
+
+  defp generate_token(purpose, record, _strategy) do
+    {:ok, token, _claims} = Jwt.token_for_user(record, %{"purpose" => to_string(purpose)})
+
+    Ash.Resource.put_metadata(record, :token, token)
+  end
 end
--- a/lib/ash_authentication/user_identity/transformer.ex
+++ b/lib/ash_authentication/user_identity/transformer.ex
@ -295,7 +295,10 @@ defmodule AshAuthentication.UserIdentity.Transformer do
  end

  defp build_destroy_action(_dsl_state, action_name) do
-    Transformer.build_entity(Resource.Dsl, [:actions], :destroy, name: action_name, primary?: true)
+    Transformer.build_entity(Resource.Dsl, [:actions], :destroy,
+      name: action_name,
+      primary?: true
+    )
  end

  defp validate_destroy_action(dsl_state, action_name) do