mobilizon.chapril.org-mobil.../lib/service/auth/authenticator.ex

defmodule Mobilizon.Service.Auth.Authenticator do
  @moduledoc """
  Module to handle authentification (currently through database or LDAP)
  """
  alias Mobilizon.Users
  alias Mobilizon.Users.User
  alias Mobilizon.Web.Auth.Guardian

  @type tokens :: %{
          required(:access_token) => String.t(),
          required(:refresh_token) => String.t()
        }

  @type tokens_with_user :: %{
          required(:access_token) => String.t(),
          required(:refresh_token) => String.t(),
          required(:user) => User.t()
        }

  def implementation do
    Mobilizon.Config.get(
      Mobilizon.Service.Auth.Authenticator,
      Mobilizon.Service.Auth.MobilizonAuthenticator
    )
  end

  @callback login(String.t(), String.t()) :: {:ok, User.t()} | {:error, any()}
  @spec login(String.t(), String.t()) :: {:ok, User.t()} | {:error, any()}
  def login(email, password), do: implementation().login(email, password)

  @callback can_change_email?(User.t()) :: boolean
  def can_change_email?(%User{} = user), do: implementation().can_change_email?(user)

  @callback can_change_password?(User.t()) :: boolean
  def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)

  @callback provider_name :: String.t() | nil
  def provider_name, do: implementation().provider_name()

  @spec has_password?(User.t()) :: boolean()
  def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"

  @spec can_reset_password?(User.t()) :: boolean()
  def can_reset_password?(%User{} = user), do: has_password?(user) && can_change_password?(user)

  @spec authenticate(String.t(), String.t()) :: {:ok, tokens_with_user()}
  def authenticate(email, password) do
    with {:ok, %User{} = user} <- login(email, password),
         {:ok, %{access_token: access_token, refresh_token: refresh_token}} <-
           generate_tokens(user) do
      {:ok, %{access_token: access_token, refresh_token: refresh_token, user: user}}
    end
  end

  @doc """
  Generates access token and refresh token for an user.
  """
  @spec generate_tokens(User.t()) :: {:ok, tokens}
  def generate_tokens(user) do
    with {:ok, access_token} <- generate_access_token(user),
         {:ok, refresh_token} <- generate_refresh_token(user) do
      {:ok, %{access_token: access_token, refresh_token: refresh_token}}
    end
  end

  @doc """
  Generates access token for an user.
  """
  @spec generate_access_token(User.t()) :: {:ok, String.t()}
  def generate_access_token(user) do
    with {:ok, access_token, _claims} <-
           Guardian.encode_and_sign(user, %{}, token_type: "access") do
      {:ok, access_token}
    end
  end

  @doc """
  Generates refresh token for an user.
  """
  @spec generate_refresh_token(User.t()) :: {:ok, String.t()}
  def generate_refresh_token(user) do
    with {:ok, refresh_token, _claims} <-
           Guardian.encode_and_sign(user, %{}, token_type: "refresh") do
      {:ok, refresh_token}
    end
  end

  @spec fetch_user(String.t()) :: User.t() | {:error, :user_not_found}
  def fetch_user(nil), do: {:error, :user_not_found}

  def fetch_user(email) when not is_nil(email) do
    with {:ok, %User{} = user} <- Users.get_user_by_email(email, activated: true) do
      user
    end
  end
end
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`defmodule Mobilizon.Service.Auth.Authenticator do`
			`@moduledoc """`
			`Module to handle authentification (currently through database or LDAP)`
			`"""`
			`alias Mobilizon.Users`
			`alias Mobilizon.Users.User`
			`alias Mobilizon.Web.Auth.Guardian`

			`@type tokens :: %{`
			`required(:access_token) => String.t(),`
			`required(:refresh_token) => String.t()`
			`}`

			`@type tokens_with_user :: %{`
			`required(:access_token) => String.t(),`
			`required(:refresh_token) => String.t(),`
			`required(:user) => User.t()`
			`}`

			`def implementation do`
			`Mobilizon.Config.get(`
			`Mobilizon.Service.Auth.Authenticator,`
			`Mobilizon.Service.Auth.MobilizonAuthenticator`
			`)`
			`end`

			`@callback login(String.t(), String.t()) :: {:ok, User.t()} \| {:error, any()}`
			`@spec login(String.t(), String.t()) :: {:ok, User.t()} \| {:error, any()}`
			`def login(email, password), do: implementation().login(email, password)`

			`@callback can_change_email?(User.t()) :: boolean`
			`def can_change_email?(%User{} = user), do: implementation().can_change_email?(user)`

			`@callback can_change_password?(User.t()) :: boolean`
			`def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)`

Add possibility to create users with provider (such as LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-07-22 15:09:12 +02:00			`@callback provider_name :: String.t() \| nil`
			`def provider_name, do: implementation().provider_name()`

Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`@spec has_password?(User.t()) :: boolean()`
			`def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"`

			`@spec can_reset_password?(User.t()) :: boolean()`
			`def can_reset_password?(%User{} = user), do: has_password?(user) && can_change_password?(user)`

			`@spec authenticate(String.t(), String.t()) :: {:ok, tokens_with_user()}`
			`def authenticate(email, password) do`
			`with {:ok, %User{} = user} <- login(email, password),`
			`{:ok, %{access_token: access_token, refresh_token: refresh_token}} <-`
			`generate_tokens(user) do`
			`{:ok, %{access_token: access_token, refresh_token: refresh_token, user: user}}`
			`end`
			`end`

			`@doc """`
			`Generates access token and refresh token for an user.`
			`"""`
			`@spec generate_tokens(User.t()) :: {:ok, tokens}`
			`def generate_tokens(user) do`
			`with {:ok, access_token} <- generate_access_token(user),`
			`{:ok, refresh_token} <- generate_refresh_token(user) do`
			`{:ok, %{access_token: access_token, refresh_token: refresh_token}}`
			`end`
			`end`

			`@doc """`
			`Generates access token for an user.`
			`"""`
			`@spec generate_access_token(User.t()) :: {:ok, String.t()}`
			`def generate_access_token(user) do`
			`with {:ok, access_token, _claims} <-`
			`Guardian.encode_and_sign(user, %{}, token_type: "access") do`
			`{:ok, access_token}`
			`end`
			`end`

			`@doc """`
			`Generates refresh token for an user.`
			`"""`
			`@spec generate_refresh_token(User.t()) :: {:ok, String.t()}`
			`def generate_refresh_token(user) do`
			`with {:ok, refresh_token, _claims} <-`
			`Guardian.encode_and_sign(user, %{}, token_type: "refresh") do`
			`{:ok, refresh_token}`
			`end`
			`end`

			`@spec fetch_user(String.t()) :: User.t() \| {:error, :user_not_found}`
			`def fetch_user(nil), do: {:error, :user_not_found}`

			`def fetch_user(email) when not is_nil(email) do`
Fix registering new user account with same email as unconfirmed Refactors get_user_by_email/2 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-03-25 10:22:40 +01:00			`with {:ok, %User{} = user} <- Users.get_user_by_email(email, activated: true) do`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`user`
			`end`
			`end`
			`end`