James Harton
1ec7a8f7f0
improvement: allow registration and sign in to be disabled on password strategies. ( #218 )
2023-03-02 12:33:31 +13:00
Britton Broderick
34f3270707
docs: Updates confirmation docs with sender and identities ( #214 )
2023-03-01 09:51:43 +13:00
Zach Daniel
3274087429
improvement: support multiple otp apps w/resources ( #209 )
2023-02-23 02:39:27 -05:00
James Harton
da3e673b9c
improvement(PasswordConfirmationValidation): allow strategy_name
to be passed as an option. ( #208 )
2023-02-22 16:35:47 +13:00
Hannes Wüthrich
65e848c5e0
fix: sign in preparation without identity resource ( #198 )
2023-02-20 10:02:04 +13:00
James Harton
aa57d8ab51
fix(Password.Transformer): don't force users to define a hashed_password
argument to the register action. ( #192 )
...
I'm not sure why I added that. Seems wrong.
2023-02-13 11:54:49 +13:00
Zach Daniel
a2bba519c0
improvement: add select_for_senders ( #189 )
...
* improvement: add select_for_senders
fix: select `hashed_password` on sign in preparation
* improvement: include metadata declaration on register action
* chore: fix typo
2023-02-12 21:15:23 +13:00
James Harton
ca3dac3878
fix: don't allow special purpose tokens to be used for sign in. ( #191 )
...
This fixes a security issue where someone in possession of a special purpose token (reset, confirmation, magic link, etc) would be able to access an API using this token. We strongly encourage you to upgrade.
Closes #190 .
2023-02-12 21:14:16 +13:00
James Harton
cf3d227ef2
feat: Add new "magic link" authentication strategy. ( #184 )
2023-02-09 21:05:49 +13:00
James Harton
f7c9544aeb
fix: validate uniqueness of strategy names. ( #185 )
2023-02-09 15:35:33 +13:00
James Harton
3bece5f657
improvement(Strategy.Custom): handle custom strategies as extensions. ( #183 )
...
This means that users can add their own extensions to their resources which patch the strategy (and add ons) DSLs.
2023-02-08 16:10:28 +13:00
Stefan Wintermeyer
e008c7a58e
docs: fix Sender
documentation ( #176 )
...
* Fixes escaping and missing ". closes #175
* Remove nested interpolation
* Remove the interpolation around the URL
2023-02-07 11:22:45 +13:00
John Doneth
f632c4f2b8
docs: Fix pipe
-> plug
( #174 )
2023-02-07 09:34:18 +13:00
Zach Daniel
668a9bbfd2
chore: add clear condition on release ( #177 )
...
docs: hide bullet-style docs from ash_hq
2023-02-07 09:30:39 +13:00
zimt28
f50706e872
improvement: improve error message for badly formed token secrets ( #181 )
2023-02-07 09:28:36 +13:00
Zach Daniel
a08a533ae5
fix: resources can appear in multiple apis, so we need to uniq them here ( #169 )
2023-01-31 12:10:58 +13:00
Zach Daniel
2bca91cce4
fix: put_add_on/2 was putting into strategies
2023-01-30 09:56:10 -05:00
Zach Daniel
bd6e57b3d4
improvement: add metadata declarations to actions that have a token
( #164 )
2023-01-29 20:30:11 -05:00
Zach Daniel
53e6497ab9
improvement: validate signing secret is a string ( #163 )
2023-01-29 19:18:15 -05:00
James Harton
7e639e4a21
feat: Add support and documentation for custom strategies. ( #154 )
2023-01-30 13:16:37 +13:00
Lachlan Wilger
40a8e4ef8c
docs: Fix mild typo in OAuth documentation. ( #157 )
2023-01-21 17:39:13 +13:00
James Harton
c1561e7747
fix(Password): validate fields using both methods of allowing nil input. ( #151 )
...
Closes #150 .
2023-01-19 12:02:19 +13:00
James Harton
62cf54d85e
improvement(AuthenticationFailed): store a caused_by
value in authentication failures. ( #145 )
...
This allows for a better debugging experience when trying to understand why an authentication action is failing.
Closes #128 .
2023-01-19 11:32:37 +13:00
Zach Daniel
6321a9baa6
improvement: update ash & switch to new docs patterns ( #146 )
2023-01-18 02:13:30 -05:00
James Harton
d4f3bec947
feat(PasswordValidation): Add a validation which can check a password. ( #144 )
2023-01-18 14:46:22 +13:00
2a10e2da6a
docs: small documentation improvements.
2023-01-18 12:04:03 +13:00
James Harton
7c71e1f219
docs: Add GitHub quick start guide. ( #143 )
2023-01-18 11:33:08 +13:00
James Harton
fec1060a15
docs: Add Auth0 quickstart guide. ( #142 )
2023-01-18 11:16:20 +13:00
Zach Daniel
ec8e1eb979
improvement: set confirmed field to nil
, for reconfirmation ( #136 )
...
* improvement: set confirmed field to `nil`, for reconfirmation
* chore: format
* improvement: only change `confirmed_at_field` if its not changing, and only on updates
2023-01-15 20:28:13 +13:00
Zach Daniel
f0aa2e7a93
fix: don't call hash_provider.valid?
on nil
values ( #135 )
...
fix: use configured hashed_password_field
2023-01-13 17:22:40 +13:00
James Harton
948298ac1c
improvement(TokenResource)!: Store the token subject in the token resource. ( #133 )
...
* improvement(TokenResource)!: Store the token subject in the token resource.
This is a breaking change because you may have to delete tokens in your database so that you can avoid the non-null constraint on subject.
* docs: Add upgrading documentation.
2023-01-13 17:21:57 +13:00
James Harton
085d640c44
fix(Confirmation): send the original changeset to confirmation senders. ( #132 )
...
Changes the behaviour of the `ConfirmationHookChange` to pass the original, unmodified changeset in the sender options so that senders can account for inhibited changes.
2023-01-13 13:30:58 +13:00
Zach Daniel
3413260659
improvement: add user context when creating tokens ( #129 )
2023-01-13 11:26:39 +13:00
James Harton
63aaea6871
fix: missing icons in OAuth2 strategies. ( #126 )
2023-01-12 17:55:40 +13:00
James Harton
4129aa969a
feat(GitHub)!: Add GitHub authentication strategy. ( #125 )
2023-01-12 17:23:40 +13:00
Zach Daniel
999bec00ee
improvement: add policy utilities and accompanying guide ( #119 )
...
* improvement: add policy utilities and accompanying guide
fix: improve some error message/validation logic
* chore: update castore & fix check definition
* improvement: fix build/warnings/dialyzer/format
* chore: add private context to new `get_token` action.
* chore: fix build.
I'd rather have the warning than a build failure.
Co-authored-by: James Harton <james@harton.nz>
2023-01-12 15:34:41 +13:00
James Harton
500ea353a8
fix(Confirmation): correctly generate confirmation token subjects. ( #124 )
2023-01-12 13:49:48 +13:00
James Harton
d5c5d6b6c5
feat: Add token-required-for-authentication feature. ( #116 )
...
* Adds the `require_token_presence_for_authentication?` DSL option to the Authentication extension which when enabled changes the following behaviour:
1. The `store_in_session` plug will store the user's token rather than their subject in the session.
2. The `retrieve_from_session` plug will look for a stored token in the session rather than a subject and ensure that it's present in the `TokenResource`.
3. The `retrieve_from_bearer` plug will ensure that the token is present in the `TokenResource`.
* Adds the `get_token` action to the `TokenResource`.
2023-01-11 15:12:53 +13:00
James Harton
34b9d94f51
improvement: Set Ash actor and tenant when executing internal plugs. ( #115 )
...
Closes #114 .
2023-01-09 16:30:00 +13:00
James Harton
792ec056b8
feat: Make strategy names optional where possible. ( #113 )
2023-01-09 15:02:48 +13:00
James Harton
5ba5e163f3
improvement: Allow the strategy name to be passed for password validations and changes. ( #102 )
...
After #89 was merged folks were no longer able to use `AshAuthentication.Strategy.Password.HashPasswordChange` and `AshAuthentication.Strategy.Password.PasswordConfirmationValidation` in their own actions. This change fixes this issue by allowing the name of the strategy to be passed in in the changeset context.
2023-01-09 09:27:50 +13:00
Bruno Ripa
ceb5cdcfae
docs: fixed the strategy example in the Usage
section of README.md
. ( #108 )
2022-12-23 15:34:41 -05:00
James Harton
74dfbf7595
improvement: add icon
field to OAuth2 strategy. ( #100 )
2022-12-16 13:53:03 +13:00
James Harton
cf9ad01dd5
feat(Auth0): Add a pre-configured Auth0 strategy. ( #99 )
2022-12-16 13:06:51 +13:00
Zach Daniel
5f8110056d
improvement: docs updates ( #95 )
2022-12-16 12:02:34 +13:00
James Harton
f1cd72407a
feat: Add option to store all tokens when they're created. ( #91 )
2022-12-14 15:06:13 +13:00
James Harton
6dfbf03f11
improvement: remove the need for a strategy in changeset/query contexts. ( #89 )
...
The action -> strategy mapping is now stored directly in the resource DSL.
Closes #84 .
2022-12-13 16:35:30 +13:00
Zach Daniel
cb6d0b5424
return explicit error message
2022-12-12 10:46:04 +13:00
Zach Daniel
8b1bfd81b3
chore: format
2022-12-12 10:46:04 +13:00
Zach Daniel
39099a0b1c
improvement: add transaction reason
2022-12-12 10:46:04 +13:00