ash-project/ash_authentication
1
0
Fork 0
mirror of https://github.com/team-alembic/ash_authentication.git synced 2024-09-20 05:13:10 +12:00
Code Issues Projects Releases Packages Wiki Activity
450 commits 25 branches 98 tags 6.6 MiB
Commit graph

101 commits

Author SHA1 Message Date
Tun Cham Roeun
ae2957c024
fix: deprecated mint httpadapter (#425) 2023-09-20 14:10:21 +12:00
Alan Heywood
ee7c0db007
improvement: assign the token record to the connection assigns (#426) 2023-09-20 14:08:57 +12:00
Zach Daniel
62d458f629
fix: only use sign in token expiration for sign in tokens (#424) 2023-09-19 10:16:37 +12:00
Zach Daniel
e9ae747de7
improvement: support generating sign in tokens on register (#421) 
* improvement: support generating sign in tokens on register

* chore: run formatter.

* fix: support generating tokens for other strategies.

---------

Co-authored-by: James Harton <james@harton.nz>
 2023-09-17 19:36:20 -04:00
Dmitry Maganov
d5b7a42383
fix: correct spec for Jwt.token_for_user (#389) 2023-08-17 09:17:27 +12:00
James Harton
3230c26bd8
fix: ensure that the current_ atom exists at compile time. (#359) 
Fixes #358.
 2023-07-14 13:50:53 +12:00
James Harton
12d54fa672
docs: Fix double-docs problem on ash-hq (it's actually a code issue). (#353) 2023-07-14 09:07:39 +12:00
Alan Heywood
c0e258b557
fix: fix Logger deprecations for elixir 1.15 (#343) 
Use Logger.warning instead of Logger.warn, which is deprecated
 2023-06-23 15:11:39 +12:00
James Harton
0f9448c5dc
chore: Add sobelow and mix_audit to CI. (#337) 2023-06-19 10:44:07 +12:00
James Harton
1d1be6ef11
fix(ConfirmationHookChange): use Info.find_strategy/2..3 rather than a hard coded strategy name. (#336) 
Changes:

1. Extracted `find_strategy/2..3` from a bunch of places across the codebase and moved into `Info`.
2. Updated `ConfirmationHookChange` to use `find_strategy/2..3`.

Closes #334.
 2023-06-19 10:33:45 +12:00
James Harton
2784c52f2d
fix: primary keys are implicitly uniquely constrained. (#333) 
Closes #332.
 2023-06-15 12:30:26 +12:00
James Harton
39d25cadea
fix(Strategy.Password): Preparations should allow strategy to be passed in. (#314) 
Basically a copy-pasta of the `find_strategy/3` function from `HashPasswordChange` to allow for the strategy to be passed in via the context(s) or preparation options.
 2023-05-29 10:54:32 +12:00
Thomas Rodriguez
1c011fd762
fix: correct oauth2 and getting started typos (#267) 2023-05-05 09:12:32 +12:00
James Harton
53ff256391
feat: OpenID Connect Strategy (#197) 
* feat(AshAuthentication.Strategy.Oidc): Add OpenID Connect strategy.

* chore(CI): disable the workflow on pull request event, since it's covered by push.
 2023-05-04 13:15:24 +12:00
Robert Graff
2c4d8b296f
fix: PasswordValidation should associate errors with the field being … (#279) 2023-04-28 15:20:02 -04:00
Zach Daniel
eca8cadea0
improvement: add sign in tokens to password strategy (#252) 
* improvement: add sign in tokens to password strategy

* chore: update `.formatter.exs`.

* chore: fix credo warnings.

* improvement: convert `sign_in_with_token` into an action.

---------

Co-authored-by: James Harton <james@harton.nz>
 2023-04-06 14:53:44 +12:00
Zach Daniel
e99dc1a950
improvement: use tenant in retrieve_from_session/3 (#229) 
* improvement: use tenant in `retrieve_from_session/3`

* chore: cleanup
 2023-03-13 10:34:41 +13:00
quartz
f8d6a0d06f
fix: respect identity_relationship_user_id_attribute on Strategy.OAuth2.IdentityChange (#213) 2023-03-07 10:42:32 +13:00
Zach Daniel
7f1c9678e4
feat!: Configure accepted fields on register (#219) 2023-03-04 01:44:34 -05:00
James Harton
1ec7a8f7f0
improvement: allow registration and sign in to be disabled on password strategies. (#218) 2023-03-02 12:33:31 +13:00
Britton Broderick
34f3270707
docs: Updates confirmation docs with sender and identities (#214) 2023-03-01 09:51:43 +13:00
Zach Daniel
3274087429
improvement: support multiple otp apps w/resources (#209) 2023-02-23 02:39:27 -05:00
James Harton
da3e673b9c
improvement(PasswordConfirmationValidation): allow strategy_name to be passed as an option. (#208) 2023-02-22 16:35:47 +13:00
Hannes Wüthrich
65e848c5e0
fix: sign in preparation without identity resource (#198) 2023-02-20 10:02:04 +13:00
James Harton
aa57d8ab51
fix(Password.Transformer): don't force users to define a hashed_password argument to the register action. (#192) 
I'm not sure why I added that. Seems wrong.
 2023-02-13 11:54:49 +13:00
Zach Daniel
a2bba519c0
improvement: add select_for_senders (#189) 
* improvement: add select_for_senders
fix: select `hashed_password` on sign in preparation

* improvement: include metadata declaration on register action

* chore: fix typo
 2023-02-12 21:15:23 +13:00
James Harton
ca3dac3878
fix: don't allow special purpose tokens to be used for sign in. (#191) 
This fixes a security issue where someone in possession of a special purpose token (reset, confirmation, magic link, etc) would be able to access an API using this token.  We strongly encourage you to upgrade.

Closes #190.
 2023-02-12 21:14:16 +13:00
James Harton
cf3d227ef2
feat: Add new "magic link" authentication strategy. (#184) 2023-02-09 21:05:49 +13:00
James Harton
f7c9544aeb
fix: validate uniqueness of strategy names. (#185) 2023-02-09 15:35:33 +13:00
James Harton
3bece5f657
improvement(Strategy.Custom): handle custom strategies as extensions. (#183) 
This means that users can add their own extensions to their resources which patch the strategy (and add ons) DSLs.
 2023-02-08 16:10:28 +13:00
Stefan Wintermeyer
e008c7a58e
docs: fix Sender documentation (#176) 
* Fixes escaping and missing ". closes #175

* Remove nested interpolation

* Remove the interpolation around the URL
 2023-02-07 11:22:45 +13:00
John Doneth
f632c4f2b8
docs: Fix pipe -> plug (#174) 2023-02-07 09:34:18 +13:00
Zach Daniel
668a9bbfd2
chore: add clear condition on release (#177) 
docs: hide bullet-style docs from ash_hq
 2023-02-07 09:30:39 +13:00
zimt28
f50706e872
improvement: improve error message for badly formed token secrets (#181) 2023-02-07 09:28:36 +13:00
Zach Daniel
a08a533ae5
fix: resources can appear in multiple apis, so we need to uniq them here (#169) 2023-01-31 12:10:58 +13:00
Zach Daniel
2bca91cce4 fix: put_add_on/2 was putting into strategies 2023-01-30 09:56:10 -05:00
Zach Daniel
bd6e57b3d4
improvement: add metadata declarations to actions that have a token (#164) 2023-01-29 20:30:11 -05:00
Zach Daniel
53e6497ab9
improvement: validate signing secret is a string (#163) 2023-01-29 19:18:15 -05:00
James Harton
7e639e4a21
feat: Add support and documentation for custom strategies. (#154) 2023-01-30 13:16:37 +13:00
Lachlan Wilger
40a8e4ef8c
docs: Fix mild typo in OAuth documentation. (#157) 2023-01-21 17:39:13 +13:00
James Harton
c1561e7747
fix(Password): validate fields using both methods of allowing nil input. (#151) 
Closes #150.
 2023-01-19 12:02:19 +13:00
James Harton
62cf54d85e
improvement(AuthenticationFailed): store a caused_by value in authentication failures. (#145) 
This allows for a better debugging experience when trying to understand why an authentication action is failing.

Closes #128.
 2023-01-19 11:32:37 +13:00
Zach Daniel
6321a9baa6
improvement: update ash & switch to new docs patterns (#146) 2023-01-18 02:13:30 -05:00
James Harton
d4f3bec947
feat(PasswordValidation): Add a validation which can check a password. (#144) 2023-01-18 14:46:22 +13:00
James Harton
2a10e2da6a docs: small documentation improvements. 2023-01-18 12:04:03 +13:00
James Harton
7c71e1f219
docs: Add GitHub quick start guide. (#143) 2023-01-18 11:33:08 +13:00
James Harton
fec1060a15
docs: Add Auth0 quickstart guide. (#142) 2023-01-18 11:16:20 +13:00
Zach Daniel
ec8e1eb979
improvement: set confirmed field to nil, for reconfirmation (#136) 
* improvement: set confirmed field to `nil`, for reconfirmation

* chore: format

* improvement: only change `confirmed_at_field` if its not changing, and only on updates
 2023-01-15 20:28:13 +13:00
Zach Daniel
f0aa2e7a93
fix: don't call hash_provider.valid? on nil values (#135) 
fix: use configured hashed_password_field
 2023-01-13 17:22:40 +13:00
James Harton
948298ac1c
improvement(TokenResource)!: Store the token subject in the token resource. (#133) 
* improvement(TokenResource)!: Store the token subject in the token resource.

This is a breaking change because you may have to delete tokens in your database so that you can avoid the non-null constraint on subject.

* docs: Add upgrading documentation.
 2023-01-13 17:21:57 +13:00