Hannes Wüthrich
65e848c5e0
fix: sign in preparation without identity resource ( #198 )
2023-02-20 10:02:04 +13:00
James Harton
aa57d8ab51
fix(Password.Transformer): don't force users to define a hashed_password
argument to the register action. ( #192 )
...
I'm not sure why I added that. Seems wrong.
2023-02-13 11:54:49 +13:00
Zach Daniel
a2bba519c0
improvement: add select_for_senders ( #189 )
...
* improvement: add select_for_senders
fix: select `hashed_password` on sign in preparation
* improvement: include metadata declaration on register action
* chore: fix typo
2023-02-12 21:15:23 +13:00
James Harton
ca3dac3878
fix: don't allow special purpose tokens to be used for sign in. ( #191 )
...
This fixes a security issue where someone in possession of a special purpose token (reset, confirmation, magic link, etc) would be able to access an API using this token. We strongly encourage you to upgrade.
Closes #190 .
2023-02-12 21:14:16 +13:00
James Harton
cf3d227ef2
feat: Add new "magic link" authentication strategy. ( #184 )
2023-02-09 21:05:49 +13:00
James Harton
f7c9544aeb
fix: validate uniqueness of strategy names. ( #185 )
2023-02-09 15:35:33 +13:00
James Harton
3bece5f657
improvement(Strategy.Custom): handle custom strategies as extensions. ( #183 )
...
This means that users can add their own extensions to their resources which patch the strategy (and add ons) DSLs.
2023-02-08 16:10:28 +13:00
Stefan Wintermeyer
e008c7a58e
docs: fix Sender
documentation ( #176 )
...
* Fixes escaping and missing ". closes #175
* Remove nested interpolation
* Remove the interpolation around the URL
2023-02-07 11:22:45 +13:00
John Doneth
f632c4f2b8
docs: Fix pipe
-> plug
( #174 )
2023-02-07 09:34:18 +13:00
Zach Daniel
668a9bbfd2
chore: add clear condition on release ( #177 )
...
docs: hide bullet-style docs from ash_hq
2023-02-07 09:30:39 +13:00
zimt28
f50706e872
improvement: improve error message for badly formed token secrets ( #181 )
2023-02-07 09:28:36 +13:00
Zach Daniel
a08a533ae5
fix: resources can appear in multiple apis, so we need to uniq them here ( #169 )
2023-01-31 12:10:58 +13:00
Zach Daniel
2bca91cce4
fix: put_add_on/2 was putting into strategies
2023-01-30 09:56:10 -05:00
Zach Daniel
bd6e57b3d4
improvement: add metadata declarations to actions that have a token
( #164 )
2023-01-29 20:30:11 -05:00
Zach Daniel
53e6497ab9
improvement: validate signing secret is a string ( #163 )
2023-01-29 19:18:15 -05:00
James Harton
7e639e4a21
feat: Add support and documentation for custom strategies. ( #154 )
2023-01-30 13:16:37 +13:00
Lachlan Wilger
40a8e4ef8c
docs: Fix mild typo in OAuth documentation. ( #157 )
2023-01-21 17:39:13 +13:00
James Harton
c1561e7747
fix(Password): validate fields using both methods of allowing nil input. ( #151 )
...
Closes #150 .
2023-01-19 12:02:19 +13:00
James Harton
62cf54d85e
improvement(AuthenticationFailed): store a caused_by
value in authentication failures. ( #145 )
...
This allows for a better debugging experience when trying to understand why an authentication action is failing.
Closes #128 .
2023-01-19 11:32:37 +13:00
Zach Daniel
6321a9baa6
improvement: update ash & switch to new docs patterns ( #146 )
2023-01-18 02:13:30 -05:00
James Harton
d4f3bec947
feat(PasswordValidation): Add a validation which can check a password. ( #144 )
2023-01-18 14:46:22 +13:00
2a10e2da6a
docs: small documentation improvements.
2023-01-18 12:04:03 +13:00
James Harton
7c71e1f219
docs: Add GitHub quick start guide. ( #143 )
2023-01-18 11:33:08 +13:00
James Harton
fec1060a15
docs: Add Auth0 quickstart guide. ( #142 )
2023-01-18 11:16:20 +13:00
Zach Daniel
ec8e1eb979
improvement: set confirmed field to nil
, for reconfirmation ( #136 )
...
* improvement: set confirmed field to `nil`, for reconfirmation
* chore: format
* improvement: only change `confirmed_at_field` if its not changing, and only on updates
2023-01-15 20:28:13 +13:00
Zach Daniel
f0aa2e7a93
fix: don't call hash_provider.valid?
on nil
values ( #135 )
...
fix: use configured hashed_password_field
2023-01-13 17:22:40 +13:00
James Harton
948298ac1c
improvement(TokenResource)!: Store the token subject in the token resource. ( #133 )
...
* improvement(TokenResource)!: Store the token subject in the token resource.
This is a breaking change because you may have to delete tokens in your database so that you can avoid the non-null constraint on subject.
* docs: Add upgrading documentation.
2023-01-13 17:21:57 +13:00
James Harton
085d640c44
fix(Confirmation): send the original changeset to confirmation senders. ( #132 )
...
Changes the behaviour of the `ConfirmationHookChange` to pass the original, unmodified changeset in the sender options so that senders can account for inhibited changes.
2023-01-13 13:30:58 +13:00
Zach Daniel
3413260659
improvement: add user context when creating tokens ( #129 )
2023-01-13 11:26:39 +13:00
James Harton
63aaea6871
fix: missing icons in OAuth2 strategies. ( #126 )
2023-01-12 17:55:40 +13:00
James Harton
4129aa969a
feat(GitHub)!: Add GitHub authentication strategy. ( #125 )
2023-01-12 17:23:40 +13:00
Zach Daniel
999bec00ee
improvement: add policy utilities and accompanying guide ( #119 )
...
* improvement: add policy utilities and accompanying guide
fix: improve some error message/validation logic
* chore: update castore & fix check definition
* improvement: fix build/warnings/dialyzer/format
* chore: add private context to new `get_token` action.
* chore: fix build.
I'd rather have the warning than a build failure.
Co-authored-by: James Harton <james@harton.nz>
2023-01-12 15:34:41 +13:00
James Harton
500ea353a8
fix(Confirmation): correctly generate confirmation token subjects. ( #124 )
2023-01-12 13:49:48 +13:00
James Harton
d5c5d6b6c5
feat: Add token-required-for-authentication feature. ( #116 )
...
* Adds the `require_token_presence_for_authentication?` DSL option to the Authentication extension which when enabled changes the following behaviour:
1. The `store_in_session` plug will store the user's token rather than their subject in the session.
2. The `retrieve_from_session` plug will look for a stored token in the session rather than a subject and ensure that it's present in the `TokenResource`.
3. The `retrieve_from_bearer` plug will ensure that the token is present in the `TokenResource`.
* Adds the `get_token` action to the `TokenResource`.
2023-01-11 15:12:53 +13:00
James Harton
34b9d94f51
improvement: Set Ash actor and tenant when executing internal plugs. ( #115 )
...
Closes #114 .
2023-01-09 16:30:00 +13:00
James Harton
792ec056b8
feat: Make strategy names optional where possible. ( #113 )
2023-01-09 15:02:48 +13:00
James Harton
5ba5e163f3
improvement: Allow the strategy name to be passed for password validations and changes. ( #102 )
...
After #89 was merged folks were no longer able to use `AshAuthentication.Strategy.Password.HashPasswordChange` and `AshAuthentication.Strategy.Password.PasswordConfirmationValidation` in their own actions. This change fixes this issue by allowing the name of the strategy to be passed in in the changeset context.
2023-01-09 09:27:50 +13:00
Bruno Ripa
ceb5cdcfae
docs: fixed the strategy example in the Usage
section of README.md
. ( #108 )
2022-12-23 15:34:41 -05:00
James Harton
74dfbf7595
improvement: add icon
field to OAuth2 strategy. ( #100 )
2022-12-16 13:53:03 +13:00
James Harton
cf9ad01dd5
feat(Auth0): Add a pre-configured Auth0 strategy. ( #99 )
2022-12-16 13:06:51 +13:00
Zach Daniel
5f8110056d
improvement: docs updates ( #95 )
2022-12-16 12:02:34 +13:00
James Harton
f1cd72407a
feat: Add option to store all tokens when they're created. ( #91 )
2022-12-14 15:06:13 +13:00
James Harton
6dfbf03f11
improvement: remove the need for a strategy in changeset/query contexts. ( #89 )
...
The action -> strategy mapping is now stored directly in the resource DSL.
Closes #84 .
2022-12-13 16:35:30 +13:00
Zach Daniel
cb6d0b5424
return explicit error message
2022-12-12 10:46:04 +13:00
Zach Daniel
8b1bfd81b3
chore: format
2022-12-12 10:46:04 +13:00
Zach Daniel
39099a0b1c
improvement: add transaction reason
2022-12-12 10:46:04 +13:00
371a6ad821
improvement(Jwt)!: Use token signing secret into the DSL.
...
Use the `AshAuthentication.Secret` behaviour, rather than asking the user to explicitly set it in their application environment.
This is a breaking change that will require folks to change their resource config to look up the signing secret.
Closes #79 .
Closes #77 .
2022-12-12 10:45:28 +13:00
e4fe4a2ee4
chore: remove unused function.
2022-12-12 09:24:10 +13:00
Zach Daniel
8a87d2dba8
chore: fix syntax error
2022-12-12 09:24:10 +13:00
Zach Daniel
dc33b04b08
improvement: try a simpler way of ensuring module is compiled
2022-12-12 09:24:10 +13:00
Egor Kislitsyn
395388f91e
chore(docs): Fix code examples in the documentation ( #74 )
...
* Fix typo
* Password strategy requires a name
* Update documentation/getting_started/getting_started_01_basic_setup.md
Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>
Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>
2022-12-09 09:51:10 +13:00
Zach Daniel
3ba1d81975
improvement: use Code.ensure_compiled!
which "demands" that the com… ( #75 )
...
* improvement: use `Code.ensure_compiled!` which "demands" that the compiler wait for X module
* chore: format
2022-12-09 09:47:16 +13:00
Zach Daniel
69652e58a9
improvement: update to latest ash version
...
docs: use spark doc link replacements to render on hex & ash_hq
2022-12-08 00:39:22 -05:00
James Harton
d8e1281c9b
chore: add automatic publishing of new releases to hex. ( #66 )
2022-12-08 15:35:53 +13:00
James Harton
afe6779b2a
chore: Add a basic getting started guide. ( #13 )
2022-12-08 15:23:47 +13:00
James Harton
029655ed71
fix: break potential compiler dependency loops. ( #64 )
2022-12-08 11:50:50 +13:00
James Harton
54122cb15f
improvement(supervisor): require that the user adds the supervisor to their OTP app. ( #62 )
...
Closes #60 and #57 .
2022-12-05 15:40:44 +13:00
James Harton
2cee21c9ed
improvement(actions): All actions now take optional arguments for the underlying API call. ( #61 )
...
Closes #37 .
2022-12-05 13:04:42 +13:00
5febe36527
improvement(Confirmation): Store confirmation changes in the token resource.
...
This prevents possible PII leakage as per #47 .
2022-12-05 10:48:23 +13:00
776bd8ea6c
improvement(TokenResource)!: Move TokenRevocation
-> TokenResource
.
...
This paves the way to fix #47 .
2022-12-01 08:41:49 +13:00
James Harton
e88a516b22
improvement(Confirmation): Confirmation is not a strategy. ( #46 )
...
* improvement(Confirmation): Confirmation is not a strategy.
* improvement(Confirmation): Support more than one confirmation entity.
* chore: move FIXME doc to issue.
2022-11-24 16:40:15 +13:00
James Harton
1c8f138c67
improvement!: Major redesign of DSL and code structure. ( #35 )
...
Highlights:
* Replaced `AshAuthentication.Provider` with the much more flexible `AshAuthentication.Strategy`.
* Moved strategies to within the `authentication` DSL using entities and removed excess extensions.
* Added a lot more documentation and test coverage.
2022-11-23 09:09:41 +13:00
James Harton
65d53e3597
improvement(OAuth2Authentication)!: Make the site
option runtime configurable. ( #31 )
2022-11-15 14:46:42 +13:00
James Harton
6b22c858ce
fix(OAuth2Authentication): Return the failure reason even if it's not a changeset. ( #29 )
...
(ie it's an error from assent).
2022-11-15 14:07:32 +13:00
James Harton
c5f589058e
feat(OAuth2Authentication): Add support for generic OAuth2 endpoints. ( #28 )
2022-11-10 14:47:06 +13:00
James Harton
1d4bb00617
feat(Confirmation): Add extension that allows a user to be confirmed when created or updated. ( #27 )
2022-11-04 21:05:47 +13:00
e5ba987ee1
improvement(docs): Improve endpoint docs for PasswordAuthentication and PasswordReset.
2022-11-04 11:46:03 +13:00
James Harton
bab9ec363e
fix(PasswordReset): Generate the reset token using the target action, not the source action. ( #25 )
...
* fix(PasswordReset): Generate the reset token using the target action, not the source action.
Also improve tests.
* improvement(PasswordReset): rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.
2022-11-04 11:24:33 +13:00
James Harton
6d4f338b0c
improvement(PasswordReset): A reset request is actually a query, not an update. ( #23 )
2022-11-03 14:03:14 +13:00
James Harton
0eca3274f0
feat(PasswordReset): allow users to request and reset their password. ( #22 )
2022-11-02 18:18:20 +13:00
James Harton
8797005175
feat(Ash.PlugHelpers): Support standard actor configuration. ( #16 )
...
* improvement(docs): change all references to `actor` to `user`.
The word "actor" has special meaning in the Ash ecosystem.
* chore: format `dev` directory also.
* feat(Ash.PlugHelpers): Support standard actor configuration.
* Adds the `:set_actor` plug which will set the actor to a resource based on the subject name.
* Also includes GraphQL and JSON:API interfaces in the devserver for testing.
2022-10-31 16:43:00 +13:00
aa638e0230
improvement: move subject_name uniqueness validation to compile time.
2022-10-26 12:56:08 +13:00
13d3f0d2ab
improvement: remove generated: true
from macros.
...
This is not needed and didn't do what I thought it did.
2022-10-26 11:04:34 +13:00
f0e7768e43
fix: deprecation warnings caused by use of Macro.expand_literal/2
.
2022-10-26 11:03:14 +13:00
2c1802dd69
chore(docs): small documentation improvements.
2022-10-26 11:03:14 +13:00
e0f0a8d257
chore(docs): improve documentation.
2022-10-25 20:32:57 +13:00
James Harton
a939dde9b9
feat(PasswordAuthentication): Registration and authentication with local credentials ( #4 )
...
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.
2022-10-25 11:07:07 +13:00
17891fceda
chore: Initial empty mix new
.
2022-09-28 09:54:05 +13:00