ash-project/ash_authentication
1
0
Fork 0
mirror of https://github.com/team-alembic/ash_authentication.git synced 2024-09-20 05:13:10 +12:00
Code Issues Projects Releases Packages Wiki Activity
737 commits 25 branches 98 tags 6.6 MiB
Commit graph

135 commits

Author SHA1 Message Date
Zach Daniel
e99dc1a950
improvement: use tenant in retrieve_from_session/3 (#229) 
* improvement: use tenant in `retrieve_from_session/3`

* chore: cleanup
 2023-03-13 10:34:41 +13:00
quartz
f8d6a0d06f
fix: respect identity_relationship_user_id_attribute on Strategy.OAuth2.IdentityChange (#213) 2023-03-07 10:42:32 +13:00
Zach Daniel
7f1c9678e4
feat!: Configure accepted fields on register (#219) 2023-03-04 01:44:34 -05:00
James Harton
1ec7a8f7f0
improvement: allow registration and sign in to be disabled on password strategies. (#218) 2023-03-02 12:33:31 +13:00
Britton Broderick
34f3270707
docs: Updates confirmation docs with sender and identities (#214) 2023-03-01 09:51:43 +13:00
Zach Daniel
3274087429
improvement: support multiple otp apps w/resources (#209) 2023-02-23 02:39:27 -05:00
James Harton
da3e673b9c
improvement(PasswordConfirmationValidation): allow strategy_name to be passed as an option. (#208) 2023-02-22 16:35:47 +13:00
Hannes Wüthrich
65e848c5e0
fix: sign in preparation without identity resource (#198) 2023-02-20 10:02:04 +13:00
James Harton
aa57d8ab51
fix(Password.Transformer): don't force users to define a hashed_password argument to the register action. (#192) 
I'm not sure why I added that. Seems wrong.
 2023-02-13 11:54:49 +13:00
Zach Daniel
a2bba519c0
improvement: add select_for_senders (#189) 
* improvement: add select_for_senders
fix: select `hashed_password` on sign in preparation

* improvement: include metadata declaration on register action

* chore: fix typo
 2023-02-12 21:15:23 +13:00
James Harton
ca3dac3878
fix: don't allow special purpose tokens to be used for sign in. (#191) 
This fixes a security issue where someone in possession of a special purpose token (reset, confirmation, magic link, etc) would be able to access an API using this token.  We strongly encourage you to upgrade.

Closes #190.
 2023-02-12 21:14:16 +13:00
James Harton
cf3d227ef2
feat: Add new "magic link" authentication strategy. (#184) 2023-02-09 21:05:49 +13:00
James Harton
f7c9544aeb
fix: validate uniqueness of strategy names. (#185) 2023-02-09 15:35:33 +13:00
James Harton
3bece5f657
improvement(Strategy.Custom): handle custom strategies as extensions. (#183) 
This means that users can add their own extensions to their resources which patch the strategy (and add ons) DSLs.
 2023-02-08 16:10:28 +13:00
Stefan Wintermeyer
e008c7a58e
docs: fix Sender documentation (#176) 
* Fixes escaping and missing ". closes #175

* Remove nested interpolation

* Remove the interpolation around the URL
 2023-02-07 11:22:45 +13:00
John Doneth
f632c4f2b8
docs: Fix pipe -> plug (#174) 2023-02-07 09:34:18 +13:00
Zach Daniel
668a9bbfd2
chore: add clear condition on release (#177) 
docs: hide bullet-style docs from ash_hq
 2023-02-07 09:30:39 +13:00
zimt28
f50706e872
improvement: improve error message for badly formed token secrets (#181) 2023-02-07 09:28:36 +13:00
Zach Daniel
a08a533ae5
fix: resources can appear in multiple apis, so we need to uniq them here (#169) 2023-01-31 12:10:58 +13:00
Zach Daniel
2bca91cce4 fix: put_add_on/2 was putting into strategies 2023-01-30 09:56:10 -05:00
Zach Daniel
bd6e57b3d4
improvement: add metadata declarations to actions that have a token (#164) 2023-01-29 20:30:11 -05:00
Zach Daniel
53e6497ab9
improvement: validate signing secret is a string (#163) 2023-01-29 19:18:15 -05:00
James Harton
7e639e4a21
feat: Add support and documentation for custom strategies. (#154) 2023-01-30 13:16:37 +13:00
Lachlan Wilger
40a8e4ef8c
docs: Fix mild typo in OAuth documentation. (#157) 2023-01-21 17:39:13 +13:00
James Harton
c1561e7747
fix(Password): validate fields using both methods of allowing nil input. (#151) 
Closes #150.
 2023-01-19 12:02:19 +13:00
James Harton
62cf54d85e
improvement(AuthenticationFailed): store a caused_by value in authentication failures. (#145) 
This allows for a better debugging experience when trying to understand why an authentication action is failing.

Closes #128.
 2023-01-19 11:32:37 +13:00
Zach Daniel
6321a9baa6
improvement: update ash & switch to new docs patterns (#146) 2023-01-18 02:13:30 -05:00
James Harton
d4f3bec947
feat(PasswordValidation): Add a validation which can check a password. (#144) 2023-01-18 14:46:22 +13:00
James Harton
2a10e2da6a docs: small documentation improvements. 2023-01-18 12:04:03 +13:00
James Harton
7c71e1f219
docs: Add GitHub quick start guide. (#143) 2023-01-18 11:33:08 +13:00
James Harton
fec1060a15
docs: Add Auth0 quickstart guide. (#142) 2023-01-18 11:16:20 +13:00
Zach Daniel
ec8e1eb979
improvement: set confirmed field to nil, for reconfirmation (#136) 
* improvement: set confirmed field to `nil`, for reconfirmation

* chore: format

* improvement: only change `confirmed_at_field` if its not changing, and only on updates
 2023-01-15 20:28:13 +13:00
Zach Daniel
f0aa2e7a93
fix: don't call hash_provider.valid? on nil values (#135) 
fix: use configured hashed_password_field
 2023-01-13 17:22:40 +13:00
James Harton
948298ac1c
improvement(TokenResource)!: Store the token subject in the token resource. (#133) 
* improvement(TokenResource)!: Store the token subject in the token resource.

This is a breaking change because you may have to delete tokens in your database so that you can avoid the non-null constraint on subject.

* docs: Add upgrading documentation.
 2023-01-13 17:21:57 +13:00
James Harton
085d640c44
fix(Confirmation): send the original changeset to confirmation senders. (#132) 
Changes the behaviour of the `ConfirmationHookChange` to pass the original, unmodified changeset in the sender options so that senders can account for inhibited changes.
 2023-01-13 13:30:58 +13:00
Zach Daniel
3413260659
improvement: add user context when creating tokens (#129) 2023-01-13 11:26:39 +13:00
James Harton
63aaea6871
fix: missing icons in OAuth2 strategies. (#126) 2023-01-12 17:55:40 +13:00
James Harton
4129aa969a
feat(GitHub)!: Add GitHub authentication strategy. (#125) 2023-01-12 17:23:40 +13:00
Zach Daniel
999bec00ee
improvement: add policy utilities and accompanying guide (#119) 
* improvement: add policy utilities and accompanying guide
fix: improve some error message/validation logic

* chore: update castore & fix check definition

* improvement: fix build/warnings/dialyzer/format

* chore: add private context to new `get_token` action.

* chore: fix build.

I'd rather have the warning than a build failure.

Co-authored-by: James Harton <james@harton.nz>
 2023-01-12 15:34:41 +13:00
James Harton
500ea353a8
fix(Confirmation): correctly generate confirmation token subjects. (#124) 2023-01-12 13:49:48 +13:00
James Harton
d5c5d6b6c5
feat: Add token-required-for-authentication feature. (#116) 
* Adds the `require_token_presence_for_authentication?` DSL option to the Authentication extension which when enabled changes the following behaviour:
  1. The `store_in_session` plug will store the user's token rather than their subject in the session.
  2. The `retrieve_from_session` plug will look for a stored token in the session rather than a subject and ensure that it's present in the `TokenResource`.
  3. The `retrieve_from_bearer` plug will ensure that the token is present in the `TokenResource`.
* Adds the `get_token` action to the `TokenResource`.
 2023-01-11 15:12:53 +13:00
James Harton
34b9d94f51
improvement: Set Ash actor and tenant when executing internal plugs. (#115) 
Closes #114.
 2023-01-09 16:30:00 +13:00
James Harton
792ec056b8
feat: Make strategy names optional where possible. (#113) 2023-01-09 15:02:48 +13:00
James Harton
5ba5e163f3
improvement: Allow the strategy name to be passed for password validations and changes. (#102) 
After #89 was merged folks were no longer able to use `AshAuthentication.Strategy.Password.HashPasswordChange` and `AshAuthentication.Strategy.Password.PasswordConfirmationValidation` in their own actions.  This change fixes this issue by allowing the name of the strategy to be passed in in the changeset context.
 2023-01-09 09:27:50 +13:00
Bruno Ripa
ceb5cdcfae
docs: fixed the strategy example in the Usage section of README.md. (#108) 2022-12-23 15:34:41 -05:00
James Harton
74dfbf7595
improvement: add icon field to OAuth2 strategy. (#100) 2022-12-16 13:53:03 +13:00
James Harton
cf9ad01dd5
feat(Auth0): Add a pre-configured Auth0 strategy. (#99) 2022-12-16 13:06:51 +13:00
Zach Daniel
5f8110056d
improvement: docs updates (#95) 2022-12-16 12:02:34 +13:00
James Harton
f1cd72407a
feat: Add option to store all tokens when they're created. (#91) 2022-12-14 15:06:13 +13:00
James Harton
6dfbf03f11
improvement: remove the need for a strategy in changeset/query contexts. (#89) 
The action -> strategy mapping is now stored directly in the resource DSL.

Closes #84.
 2022-12-13 16:35:30 +13:00
Zach Daniel
cb6d0b5424 return explicit error message 2022-12-12 10:46:04 +13:00
Zach Daniel
8b1bfd81b3 chore: format 2022-12-12 10:46:04 +13:00
Zach Daniel
39099a0b1c improvement: add transaction reason 2022-12-12 10:46:04 +13:00
James Harton
371a6ad821 improvement(Jwt)!: Use token signing secret into the DSL. 
Use the `AshAuthentication.Secret` behaviour, rather than asking the user to explicitly set it in their application environment.

This is a breaking change that will require folks to change their resource config to look up the signing secret.

Closes #79.
Closes #77.
 2022-12-12 10:45:28 +13:00
James Harton
e4fe4a2ee4 chore: remove unused function. 2022-12-12 09:24:10 +13:00
Zach Daniel
8a87d2dba8 chore: fix syntax error 2022-12-12 09:24:10 +13:00
Zach Daniel
dc33b04b08 improvement: try a simpler way of ensuring module is compiled 2022-12-12 09:24:10 +13:00
Egor Kislitsyn
395388f91e
chore(docs): Fix code examples in the documentation (#74) 
* Fix typo

* Password strategy requires a name

* Update documentation/getting_started/getting_started_01_basic_setup.md

Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>

Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>
 2022-12-09 09:51:10 +13:00
Zach Daniel
3ba1d81975
improvement: use Code.ensure_compiled! which "demands" that the com… (#75) 
* improvement: use `Code.ensure_compiled!` which "demands" that the compiler wait for X module

* chore: format
 2022-12-09 09:47:16 +13:00
Zach Daniel
69652e58a9 improvement: update to latest ash version 
docs: use spark doc link replacements to render on hex & ash_hq
 2022-12-08 00:39:22 -05:00
James Harton
d8e1281c9b
chore: add automatic publishing of new releases to hex. (#66) 2022-12-08 15:35:53 +13:00
James Harton
afe6779b2a
chore: Add a basic getting started guide. (#13) 2022-12-08 15:23:47 +13:00
James Harton
029655ed71
fix: break potential compiler dependency loops. (#64) 2022-12-08 11:50:50 +13:00
James Harton
54122cb15f
improvement(supervisor): require that the user adds the supervisor to their OTP app. (#62) 
Closes #60 and #57.
 2022-12-05 15:40:44 +13:00
James Harton
2cee21c9ed
improvement(actions): All actions now take optional arguments for the underlying API call. (#61) 
Closes #37.
 2022-12-05 13:04:42 +13:00
James Harton
5febe36527 improvement(Confirmation): Store confirmation changes in the token resource. 
This prevents possible PII leakage as per #47.
 2022-12-05 10:48:23 +13:00
James Harton
776bd8ea6c improvement(TokenResource)!: Move TokenRevocation -> TokenResource. 
This paves the way to fix #47.
 2022-12-01 08:41:49 +13:00
James Harton
e88a516b22
improvement(Confirmation): Confirmation is not a strategy. (#46) 
* improvement(Confirmation): Confirmation is not a strategy.

* improvement(Confirmation): Support more than one confirmation entity.

* chore: move FIXME doc to issue.
 2022-11-24 16:40:15 +13:00
James Harton
1c8f138c67
improvement!: Major redesign of DSL and code structure. (#35) 
Highlights:

* Replaced `AshAuthentication.Provider` with the much more flexible `AshAuthentication.Strategy`.
* Moved strategies to within the `authentication` DSL using entities and removed excess extensions.
* Added a lot more documentation and test coverage.
 2022-11-23 09:09:41 +13:00
James Harton
65d53e3597 improvement(OAuth2Authentication)!: Make the site option runtime configurable. (#31) 2022-11-15 14:46:42 +13:00
James Harton
6b22c858ce
fix(OAuth2Authentication): Return the failure reason even if it's not a changeset. (#29) 
(ie it's an error from assent).
 2022-11-15 14:07:32 +13:00
James Harton
c5f589058e
feat(OAuth2Authentication): Add support for generic OAuth2 endpoints. (#28) 2022-11-10 14:47:06 +13:00
James Harton
1d4bb00617
feat(Confirmation): Add extension that allows a user to be confirmed when created or updated. (#27) 2022-11-04 21:05:47 +13:00
James Harton
e5ba987ee1 improvement(docs): Improve endpoint docs for PasswordAuthentication and PasswordReset. 2022-11-04 11:46:03 +13:00
James Harton
bab9ec363e
fix(PasswordReset): Generate the reset token using the target action, not the source action. (#25) 
* fix(PasswordReset): Generate the reset token using the target action, not the source action.

Also improve tests.

* improvement(PasswordReset): rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.
 2022-11-04 11:24:33 +13:00
James Harton
6d4f338b0c
improvement(PasswordReset): A reset request is actually a query, not an update. (#23) 2022-11-03 14:03:14 +13:00
James Harton
0eca3274f0
feat(PasswordReset): allow users to request and reset their password. (#22) 2022-11-02 18:18:20 +13:00
James Harton
8797005175
feat(Ash.PlugHelpers): Support standard actor configuration. (#16) 
* improvement(docs): change all references to `actor` to `user`.

The word "actor" has special meaning in the Ash ecosystem.

* chore: format `dev` directory also.

* feat(Ash.PlugHelpers): Support standard actor configuration.

* Adds the `:set_actor` plug which will set the actor to a resource based on the subject name.
* Also includes GraphQL and JSON:API interfaces in the devserver for testing.
 2022-10-31 16:43:00 +13:00
James Harton
aa638e0230 improvement: move subject_name uniqueness validation to compile time. 2022-10-26 12:56:08 +13:00
James Harton
13d3f0d2ab improvement: remove generated: true from macros. 
This is not needed and didn't do what I thought it did.
 2022-10-26 11:04:34 +13:00
James Harton
f0e7768e43 fix: deprecation warnings caused by use of Macro.expand_literal/2. 2022-10-26 11:03:14 +13:00
James Harton
2c1802dd69 chore(docs): small documentation improvements. 2022-10-26 11:03:14 +13:00
James Harton
e0f0a8d257 chore(docs): improve documentation. 2022-10-25 20:32:57 +13:00
James Harton
a939dde9b9
feat(PasswordAuthentication): Registration and authentication with local credentials (#4) 
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.
 2022-10-25 11:07:07 +13:00
James Harton
17891fceda chore: Initial empty mix new. 2022-09-28 09:54:05 +13:00