mobilizon.chapril.org-mobil.../lib/web/controllers/auth_controller.ex

defmodule Mobilizon.Web.AuthController do
  use Mobilizon.Web, :controller

  alias Mobilizon.Service.Auth.Authenticator
  alias Mobilizon.Users
  alias Mobilizon.Users.User
  import Mobilizon.Service.Guards, only: [is_valid_string: 1]
  require Logger
  plug(:put_layout, false)

  plug(Plug.Session,
    store: :cookie,
    key: "_auth_callback",
    signing_salt: {Mobilizon.Web.AuthController, :secret_key_base, []}
  )

  plug(Ueberauth)

  @spec request(Plug.Conn.t(), map()) :: Plug.Conn.t()
  def request(conn, %{"provider" => provider_name} = _params) do
    case provider_config(provider_name) do
      {:ok, provider_config} ->
        conn
        |> Ueberauth.run_request(provider_name, provider_config)

      {:error, error} ->
        redirect_to_error(conn, error, provider_name)
    end
  end

  @spec callback(Plug.Conn.t(), map()) :: Plug.Conn.t() | {:error, any()}
  def callback(
        %{assigns: %{ueberauth_failure: fails}} = conn,
        %{"provider" => provider} = _params
      ) do
    Logger.warn("Unable to login user with #{provider} #{inspect(fails)}")

    redirect_to_error(conn, :unknown_error, provider)
  end

  def callback(
        %{assigns: %{ueberauth_auth: %Ueberauth.Auth{strategy: strategy} = auth, locale: locale}} =
          conn,
        _params
      ) do
    email = email_from_ueberauth(auth)
    [_, _, _, strategy] = strategy |> to_string() |> String.split(".")
    strategy = String.downcase(strategy)

    user =
      with {:valid_email, false} <- {:valid_email, is_nil(email) or email == ""},
           {:error, :user_not_found} <- Users.get_user_by_email(email),
           {:ok, %User{} = user} <- Users.create_external(email, strategy, %{locale: locale}) do
        user
      else
        {:ok, %User{} = user} ->
          user

        {:error, error} ->
          {:error, error}

        error ->
          {:error, error}
      end

    with %User{} = user <- user,
         {:ok, %{access_token: access_token, refresh_token: refresh_token}} <-
           Authenticator.generate_tokens(user) do
      Logger.info("Logged-in user \"#{email}\" through #{strategy}")

      render(conn, "callback.html", %{
        access_token: access_token,
        refresh_token: refresh_token,
        user: user
      })
    else
      err ->
        Logger.warn("Unable to login user \"#{email}\" #{inspect(err)}")
        redirect_to_error(conn, :unknown_error, strategy)
    end
  end

  def callback(conn, %{"provider" => provider_name} = params) do
    case provider_config(provider_name) do
      {:ok, provider_config} ->
        conn
        |> Ueberauth.run_callback(provider_name, provider_config)
        |> callback(params)

      {:error, error} ->
        redirect_to_error(conn, error, provider_name)
    end
  end

  # Github only give public emails as part of the user profile,
  # so we explicitely request all user emails and filter on the primary one
  @spec email_from_ueberauth(Ueberauth.Auth.t()) :: String.t() | nil
  defp email_from_ueberauth(%Ueberauth.Auth{
         strategy: Ueberauth.Strategy.Github,
         extra: %Ueberauth.Auth.Extra{raw_info: %{user: %{"emails" => emails}}}
       })
       when length(emails) > 0,
       do: emails |> Enum.find(& &1["primary"]) |> (& &1["email"]).()

  defp email_from_ueberauth(%Ueberauth.Auth{
         extra: %Ueberauth.Auth.Extra{raw_info: %{user: %{"email" => email}}}
       })
       when is_valid_string(email),
       do: email

  defp email_from_ueberauth(%Ueberauth.Auth{info: %Ueberauth.Auth.Info{email: email}})
       when is_valid_string(email),
       do: email

  defp email_from_ueberauth(_), do: nil

  @spec provider_config(String.t()) :: {:ok, any()} | {:error, :not_supported | :unknown_error}
  defp provider_config(provider_name) do
    with ueberauth when is_list(ueberauth) <- Application.get_env(:ueberauth, Ueberauth),
         providers when is_list(providers) <- Keyword.get(ueberauth, :providers),
         providers_keys <- providers |> Keyword.keys() |> Enum.map(&Atom.to_string/1),
         {:supported, true} <- {:supported, provider_name in providers_keys},
         provider_name <- String.to_existing_atom(provider_name),
         provider_config <- Keyword.get(providers, provider_name) do
      {:ok, provider_config}
    else
      {:supported, false} ->
        {:error, :not_supported}

      _ ->
        {:error, :unknown_error}
    end
  end

  @spec redirect_to_error(Plug.Conn.t(), atom(), String.t()) :: Plug.Conn.t()
  defp redirect_to_error(conn, :not_supported, provider_name) do
    redirect(conn, to: "/login?code=Login Provider not found&provider=#{provider_name}")
  end

  defp redirect_to_error(conn, :unknown_error, provider_name) do
    redirect(conn, to: "/login?code=Error with Login Provider&provider=#{provider_name}")
  end

  def secret_key_base do
    :mobilizon
    |> Application.get_env(Mobilizon.Web.Endpoint, [])
    |> Keyword.get(:secret_key_base)
  end
end
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`defmodule Mobilizon.Web.AuthController do`
			`use Mobilizon.Web, :controller`

			`alias Mobilizon.Service.Auth.Authenticator`
			`alias Mobilizon.Users`
			`alias Mobilizon.Users.User`
CAS Auth Fixes Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-05-02 14:25:42 +02:00			`import Mobilizon.Service.Guards, only: [is_valid_string: 1]`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`require Logger`
			`plug(:put_layout, false)`

Use a session for state parameter in Ueberauth callback controller Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-04-28 11:44:07 +02:00			`plug(Plug.Session,`
			`store: :cookie,`
			`key: "_auth_callback",`
Make sure session cookie salt in AuthController is loaded dynamically Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-09-21 10:16:07 +02:00			`signing_salt: {Mobilizon.Web.AuthController, :secret_key_base, []}`
Use a session for state parameter in Ueberauth callback controller Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-04-28 11:44:07 +02:00			`)`

Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`plug(Ueberauth)`

Refactor Mobilizon.Federation.ActivityPub and add typespecs Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-09-28 19:40:37 +02:00			`@spec request(Plug.Conn.t(), map()) :: Plug.Conn.t()`
Allow Ueberauth providers to be used at runtime Close #504 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-11-15 19:49:38 +01:00			`def request(conn, %{"provider" => provider_name} = _params) do`
			`case provider_config(provider_name) do`
			`{:ok, provider_config} ->`
			`conn`
			`\|> Ueberauth.run_request(provider_name, provider_config)`

			`{:error, error} ->`
			`redirect_to_error(conn, error, provider_name)`
			`end`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`end`

Refactor Mobilizon.Federation.ActivityPub and add typespecs Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-09-28 19:40:37 +02:00			`@spec callback(Plug.Conn.t(), map()) :: Plug.Conn.t() \| {:error, any()}`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`def callback(`
			`%{assigns: %{ueberauth_failure: fails}} = conn,`
			`%{"provider" => provider} = _params`
			`) do`
			`Logger.warn("Unable to login user with #{provider} #{inspect(fails)}")`

Allow Ueberauth providers to be used at runtime Close #504 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-11-15 19:49:38 +01:00			`redirect_to_error(conn, :unknown_error, provider)`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`end`

			`def callback(`
Fix language and redirection issues when connecting from 3rd-party Closes #626 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-08-09 19:29:15 +02:00			`%{assigns: %{ueberauth_auth: %Ueberauth.Auth{strategy: strategy} = auth, locale: locale}} =`
			`conn,`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`_params`
			`) do`
			`email = email_from_ueberauth(auth)`
			`[_, _, _, strategy] = strategy \|> to_string() \|> String.split(".")`
			`strategy = String.downcase(strategy)`

			`user =`
			`with {:valid_email, false} <- {:valid_email, is_nil(email) or email == ""},`
			`{:error, :user_not_found} <- Users.get_user_by_email(email),`
Fix language and redirection issues when connecting from 3rd-party Closes #626 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-08-09 19:29:15 +02:00			`{:ok, %User{} = user} <- Users.create_external(email, strategy, %{locale: locale}) do`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`user`
			`else`
			`{:ok, %User{} = user} ->`
			`user`

			`{:error, error} ->`
			`{:error, error}`

			`error ->`
			`{:error, error}`
			`end`

			`with %User{} = user <- user,`
			`{:ok, %{access_token: access_token, refresh_token: refresh_token}} <-`
			`Authenticator.generate_tokens(user) do`
			`Logger.info("Logged-in user \"#{email}\" through #{strategy}")`

			`render(conn, "callback.html", %{`
			`access_token: access_token,`
			`refresh_token: refresh_token,`
			`user: user`
			`})`
			`else`
			`err ->`
			`Logger.warn("Unable to login user \"#{email}\" #{inspect(err)}")`
Allow Ueberauth providers to be used at runtime Close #504 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-11-15 19:49:38 +01:00			`redirect_to_error(conn, :unknown_error, strategy)`
			`end`
			`end`

			`def callback(conn, %{"provider" => provider_name} = params) do`
			`case provider_config(provider_name) do`
			`{:ok, provider_config} ->`
			`conn`
			`\|> Ueberauth.run_callback(provider_name, provider_config)`
			`\|> callback(params)`

			`{:error, error} ->`
			`redirect_to_error(conn, error, provider_name)`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`end`
			`end`

			`# Github only give public emails as part of the user profile,`
			`# so we explicitely request all user emails and filter on the primary one`
Refactor Mobilizon.Federation.ActivityPub and add typespecs Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-09-28 19:40:37 +02:00			`@spec email_from_ueberauth(Ueberauth.Auth.t()) :: String.t() \| nil`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`defp email_from_ueberauth(%Ueberauth.Auth{`
			`strategy: Ueberauth.Strategy.Github,`
			`extra: %Ueberauth.Auth.Extra{raw_info: %{user: %{"emails" => emails}}}`
			`})`
			`when length(emails) > 0,`
			`do: emails \|> Enum.find(& &1["primary"]) \|> (& &1["email"]).()`

			`defp email_from_ueberauth(%Ueberauth.Auth{`
			`extra: %Ueberauth.Auth.Extra{raw_info: %{user: %{"email" => email}}}`
			`})`
CAS Auth Fixes Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-05-02 14:25:42 +02:00			`when is_valid_string(email),`
			`do: email`

			`defp email_from_ueberauth(%Ueberauth.Auth{info: %Ueberauth.Auth.Info{email: email}})`
			`when is_valid_string(email),`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`do: email`

			`defp email_from_ueberauth(_), do: nil`
Allow Ueberauth providers to be used at runtime Close #504 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-11-15 19:49:38 +01:00
Refactor Mobilizon.Federation.ActivityPub and add typespecs Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2021-09-28 19:40:37 +02:00			`@spec provider_config(String.t()) :: {:ok, any()} \| {:error, :not_supported \| :unknown_error}`
Allow Ueberauth providers to be used at runtime Close #504 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-11-15 19:49:38 +01:00			`defp provider_config(provider_name) do`
			`with ueberauth when is_list(ueberauth) <- Application.get_env(:ueberauth, Ueberauth),`
			`providers when is_list(providers) <- Keyword.get(ueberauth, :providers),`
			`providers_keys <- providers \|> Keyword.keys() \|> Enum.map(&Atom.to_string/1),`
			`{:supported, true} <- {:supported, provider_name in providers_keys},`
			`provider_name <- String.to_existing_atom(provider_name),`
			`provider_config <- Keyword.get(providers, provider_name) do`
			`{:ok, provider_config}`
			`else`
			`{:supported, false} ->`
			`{:error, :not_supported}`

			`_ ->`
			`{:error, :unknown_error}`
			`end`
			`end`

			`@spec redirect_to_error(Plug.Conn.t(), atom(), String.t()) :: Plug.Conn.t()`
			`defp redirect_to_error(conn, :not_supported, provider_name) do`
			`redirect(conn, to: "/login?code=Login Provider not found&provider=#{provider_name}")`
			`end`

			`defp redirect_to_error(conn, :unknown_error, provider_name) do`
			`redirect(conn, to: "/login?code=Error with Login Provider&provider=#{provider_name}")`
			`end`
Fix depreciated calls of fetch_env!/2 and get_env/2 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-09-21 08:53:50 +02:00
Make sure session cookie salt in AuthController is loaded dynamically Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-09-21 10:16:07 +02:00			`def secret_key_base do`
			`:mobilizon`
			`\|> Application.get_env(Mobilizon.Web.Endpoint, [])`
			`\|> Keyword.get(:secret_key_base)`
Fix depreciated calls of fetch_env!/2 and get_env/2 Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2022-09-21 08:53:50 +02:00			`end`
Introduce support for 3rd-party auth (OAuth2 & LDAP) Signed-off-by: Thomas Citharel <tcit@tcit.fr> 2020-06-27 19:12:45 +02:00			`end`