mirror of
https://github.com/ash-project/ash_hq.git
synced 2024-09-19 21:03:30 +12:00
improvement: wrap up authentication changes
This commit is contained in:
parent
0b548f609c
commit
619f43e88b
10 changed files with 205 additions and 35 deletions
|
@ -6,7 +6,11 @@ RUN apt-get install -y wget
|
|||
RUN wget https://packages.erlang-solutions.com/erlang-solutions_2.0_all.deb
|
||||
RUN dpkg -i erlang-solutions_2.0_all.deb
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y git gcc g++ make curl
|
||||
RUN apt-get install -y git
|
||||
RUN apt-get install -y gcc
|
||||
RUN apt-get install -y g++
|
||||
RUN apt-get install -y make
|
||||
RUN apt-get install -y curl
|
||||
RUN apt-get install -y build-essential
|
||||
RUN apt-get install -y esl-erlang
|
||||
RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
|
||||
|
|
|
@ -13,21 +13,14 @@ if System.get_env("PHX_SERVER") && System.get_env("RELEASE_NAME") do
|
|||
end
|
||||
|
||||
config :ash_hq, :github,
|
||||
client_id: System.fetch_env("GITHUB_CLIENT_ID"),
|
||||
client_secret: System.fetch_env("GITHUB_CLIENT_SECRET"),
|
||||
redirect_uri: System.fetch_env("GITHUB_REDIRECT_URI")
|
||||
client_id: System.get_env("GITHUB_CLIENT_ID"),
|
||||
client_secret: System.get_env("GITHUB_CLIENT_SECRET"),
|
||||
redirect_uri: System.get_env("GITHUB_REDIRECT_URI")
|
||||
|
||||
host = System.get_env("PHX_HOST") || "localhost"
|
||||
port = String.to_integer(System.get_env("PORT") || "4000")
|
||||
|
||||
ash_hq_url =
|
||||
case port do
|
||||
443 -> "https://#{host}"
|
||||
80 -> "http://#{host}"
|
||||
port -> "http://#{host}:#{port}"
|
||||
end
|
||||
|
||||
config :ash_hq, url: ash_hq_url
|
||||
config :ash_hq, url: System.get_env("ASH_HQ_URL") || "http://localhost:4000"
|
||||
|
||||
if config_env() == :prod do
|
||||
database_url =
|
||||
|
|
|
@ -6,16 +6,18 @@ defmodule AshHq.Accounts.User.Senders.SendConfirmationEmail do
|
|||
use AshHqWeb, :verified_routes
|
||||
|
||||
def send(user, token, opts) do
|
||||
unless user.confirmed_at do
|
||||
if opts[:changeset] && opts[:changeset].action.name == :update_email do
|
||||
AshHq.Accounts.Emails.deliver_update_email_instructions(
|
||||
%{user | email: Ash.Changeset.get_attribute(opts[:changeset], :email)},
|
||||
AshHqWeb.Routes.url(~p"/auth/user/confirm?confirm=#{token}")
|
||||
url(~p"/auth/user/confirm?confirm=#{token}")
|
||||
)
|
||||
else
|
||||
AshHq.Accounts.Emails.deliver_confirmation_instructions(
|
||||
user,
|
||||
AshHqWeb.Routes.url(~p"/auth/user/confirm?confirm=#{token}")
|
||||
url(~p"/auth/user/confirm?confirm=#{token}")
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -59,9 +59,10 @@ defmodule AshHq.Accounts.User do
|
|||
|
||||
attribute(:hashed_password, :string, private?: true, sensitive?: true)
|
||||
|
||||
attribute(:encrypted_name, AshHq.Types.EncryptedString)
|
||||
attribute(:encrypted_address, AshHq.Types.EncryptedString)
|
||||
attribute(:shirt_size, :string)
|
||||
attribute :encrypted_name, AshHq.Types.EncryptedString
|
||||
attribute :encrypted_address, AshHq.Types.EncryptedString
|
||||
attribute :shirt_size, :string
|
||||
attribute :github_info, :map
|
||||
|
||||
create_timestamp(:created_at)
|
||||
update_timestamp(:updated_at)
|
||||
|
@ -126,15 +127,19 @@ defmodule AshHq.Accounts.User do
|
|||
|
||||
changeset =
|
||||
if user_info["email_verified"] do
|
||||
Ash.Changeset.change_new_attribute_lazy(changeset, :confirmed_at, fn ->
|
||||
DateTime.utc_now()
|
||||
end)
|
||||
Ash.Changeset.force_change_attribute(
|
||||
changeset,
|
||||
:confirmed_at,
|
||||
Ash.Changeset.get_attribute(changeset, :confirmed_at) || DateTime.utc_now()
|
||||
)
|
||||
else
|
||||
changeset
|
||||
end
|
||||
|
||||
Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
|
||||
end)
|
||||
changeset
|
||||
|> Ash.Changeset.change_attribute(:email, Map.get(user_info, "email"))
|
||||
|> Ash.Changeset.change_attribute(:github_info, user_info)
|
||||
end
|
||||
|
||||
change(AshAuthentication.GenerateTokenChange)
|
||||
upsert?(true)
|
||||
|
|
|
@ -11,12 +11,22 @@ defmodule AshHq.Accounts.User.Validations.ValidateCurrentPassword do
|
|||
def validate(changeset, opts) do
|
||||
strategy = AshAuthentication.Info.strategy!(changeset.resource, :password)
|
||||
plaintext_password = Ash.Changeset.get_argument(changeset, opts[:argument])
|
||||
|
||||
hashed_password = Map.get(changeset.data, strategy.hashed_password_field)
|
||||
|
||||
if hashed_password do
|
||||
if strategy.hash_provider.valid?(plaintext_password, hashed_password) do
|
||||
:ok
|
||||
else
|
||||
{:error, [field: opts[:argument], message: "is incorrect"]}
|
||||
end
|
||||
else
|
||||
{:error,
|
||||
[
|
||||
field: opts[:argument],
|
||||
message:
|
||||
"has not been set. If you logged in with github and would like to set a password, please log out and use the forgot password flow."
|
||||
]}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
5
mix.exs
5
mix.exs
|
@ -45,7 +45,10 @@ defmodule AshHq.MixProject do
|
|||
{:ash_phoenix, github: "ash-project/ash_phoenix", override: true},
|
||||
{:ash_graphql, github: "ash-project/ash_graphql"},
|
||||
{:ash_json_api, github: "ash-project/ash_json_api"},
|
||||
{:ash_authentication, github: "team-alembic/ash_authentication", override: true},
|
||||
{:ash_authentication,
|
||||
branch: "set-confirmed-field-to-nil",
|
||||
github: "team-alembic/ash_authentication",
|
||||
override: true},
|
||||
{:ash_authentication_phoenix, github: "team-alembic/ash_authentication_phoenix"},
|
||||
{:absinthe_plug, "~> 1.5"},
|
||||
{:ash_blog, github: "ash-project/ash_blog"},
|
||||
|
|
2
mix.lock
2
mix.lock
|
@ -3,7 +3,7 @@
|
|||
"absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"},
|
||||
"ash": {:git, "https://github.com/ash-project/ash.git", "1eaeacc7486e50d70138baaf65133cef5e8b5869", []},
|
||||
"ash_admin": {:git, "https://github.com/ash-project/ash_admin.git", "cdb3b469abeeadddda884e7cfcf67c6fea10f9ef", []},
|
||||
"ash_authentication": {:git, "https://github.com/team-alembic/ash_authentication.git", "161c8ab7e8a9bb38955b6c1872246e065327ce62", []},
|
||||
"ash_authentication": {:git, "https://github.com/team-alembic/ash_authentication.git", "5acbaeeb9c53f9953f5018dd59aff8176561460f", [branch: "set-confirmed-field-to-nil"]},
|
||||
"ash_authentication_phoenix": {:git, "https://github.com/team-alembic/ash_authentication_phoenix.git", "fbe5272f874532b3119033ddb1dfb49d71f7b571", []},
|
||||
"ash_blog": {:git, "https://github.com/ash-project/ash_blog.git", "9254773dfedabfc7987af6326a62885c24c3655b", []},
|
||||
"ash_csv": {:git, "https://github.com/ash-project/ash_csv.git", "77187f6e4505ed4d88598bf87e56983a6a74a456", []},
|
||||
|
|
|
@ -12,6 +12,10 @@ defmodule AshHq.Repo.Migrations.MigrateResources36 do
|
|||
modify(:hashed_password, :text, null: false)
|
||||
end
|
||||
|
||||
execute("""
|
||||
DELETE FROM user_tokens
|
||||
""")
|
||||
|
||||
alter table(:user_tokens) do
|
||||
remove(:sent_to)
|
||||
remove(:context)
|
||||
|
|
21
priv/repo/migrations/20230113172048_migrate_resources39.exs
Normal file
21
priv/repo/migrations/20230113172048_migrate_resources39.exs
Normal file
|
@ -0,0 +1,21 @@
|
|||
defmodule AshHq.Repo.Migrations.MigrateResources39 do
|
||||
@moduledoc """
|
||||
Updates resources based on their most recent snapshots.
|
||||
|
||||
This file was autogenerated with `mix ash_postgres.generate_migrations`
|
||||
"""
|
||||
|
||||
use Ecto.Migration
|
||||
|
||||
def up do
|
||||
alter table(:users) do
|
||||
add :github_info, :map
|
||||
end
|
||||
end
|
||||
|
||||
def down do
|
||||
alter table(:users) do
|
||||
remove :github_info
|
||||
end
|
||||
end
|
||||
end
|
128
priv/resource_snapshots/repo/users/20230113172048.json
Normal file
128
priv/resource_snapshots/repo/users/20230113172048.json
Normal file
|
@ -0,0 +1,128 @@
|
|||
{
|
||||
"attributes": [
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "confirmed_at",
|
||||
"type": "utc_datetime_usec"
|
||||
},
|
||||
{
|
||||
"allow_nil?": false,
|
||||
"default": "fragment(\"uuid_generate_v4()\")",
|
||||
"generated?": false,
|
||||
"primary_key?": true,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "id",
|
||||
"type": "uuid"
|
||||
},
|
||||
{
|
||||
"allow_nil?": false,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "email",
|
||||
"type": "citext"
|
||||
},
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "hashed_password",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "encrypted_name",
|
||||
"type": "binary"
|
||||
},
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "encrypted_address",
|
||||
"type": "binary"
|
||||
},
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "shirt_size",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"allow_nil?": true,
|
||||
"default": "nil",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "github_info",
|
||||
"type": "map"
|
||||
},
|
||||
{
|
||||
"allow_nil?": false,
|
||||
"default": "fragment(\"now()\")",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "created_at",
|
||||
"type": "utc_datetime_usec"
|
||||
},
|
||||
{
|
||||
"allow_nil?": false,
|
||||
"default": "fragment(\"now()\")",
|
||||
"generated?": false,
|
||||
"primary_key?": false,
|
||||
"references": null,
|
||||
"size": null,
|
||||
"source": "updated_at",
|
||||
"type": "utc_datetime_usec"
|
||||
}
|
||||
],
|
||||
"base_filter": null,
|
||||
"check_constraints": [],
|
||||
"custom_indexes": [],
|
||||
"custom_statements": [],
|
||||
"has_create_action": true,
|
||||
"hash": "CB7522839475CBE799813743839F72DE5C1E50FDAFD2838663B6585BDCD79CDD",
|
||||
"identities": [
|
||||
{
|
||||
"base_filter": null,
|
||||
"index_name": "users_unique_email_index",
|
||||
"keys": [
|
||||
"email"
|
||||
],
|
||||
"name": "unique_email"
|
||||
}
|
||||
],
|
||||
"multitenancy": {
|
||||
"attribute": null,
|
||||
"global": null,
|
||||
"strategy": null
|
||||
},
|
||||
"repo": "Elixir.AshHq.Repo",
|
||||
"schema": null,
|
||||
"table": "users"
|
||||
}
|
Loading…
Reference in a new issue