diff --git a/lib/mix/tasks/mobilizon/users/new.ex b/lib/mix/tasks/mobilizon/users/new.ex index a91ef8d52..b34f730d5 100644 --- a/lib/mix/tasks/mobilizon/users/new.ex +++ b/lib/mix/tasks/mobilizon/users/new.ex @@ -6,6 +6,7 @@ defmodule Mix.Tasks.Mobilizon.Users.New do import Mix.Tasks.Mobilizon.Common import Mix.Tasks.Mobilizon.Actors.Utils alias Mobilizon.Actors.Actor + alias Mobilizon.Service.Auth.Authenticator alias Mobilizon.Users alias Mobilizon.Users.User @@ -21,22 +22,15 @@ defmodule Mix.Tasks.Mobilizon.Users.New do moderator: :boolean, admin: :boolean, profile_username: :string, - profile_display_name: :string + profile_display_name: :string, + provider: :string ], aliases: [ p: :password ] ) - moderator? = Keyword.get(options, :moderator, false) - admin? = Keyword.get(options, :admin, false) - - role = - cond do - admin? -> :administrator - moderator? -> :moderator - true -> :user - end + start_mobilizon() password = Keyword.get( @@ -45,23 +39,16 @@ defmodule Mix.Tasks.Mobilizon.Users.New do :crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16) ) - start_mobilizon() + provider = Keyword.get(options, :provider) - case Users.register(%{ - email: email, - password: password, - role: role, - confirmed_at: DateTime.utc_now(), - confirmation_sent_at: nil, - confirmation_token: nil - }) do + case create_user(email, provider, password, options) do {:ok, %User{} = user} -> profile = maybe_create_profile(user, options) shell_info(""" An user has been created with the following information: - email: #{user.email} - - password: #{password} + - password: #{if is_nil(provider), do: password, else: "Your #{provider} password"} - Role: #{user.role} """) @@ -91,6 +78,39 @@ defmodule Mix.Tasks.Mobilizon.Users.New do shell_error("mobilizon.users.new requires an email as argument") end + defp create_user(email, provider, password, options) do + role = get_role(options) + + if is_nil(provider) do + create_database_user(email, password, role) + else + check_password_and_provider_options(options) + + if provider != nil && provider != Authenticator.provider_name() do + shell_info(""" + Warning: The #{provider} provider isn't currently configured as default authenticator. + """) + end + + create_user_from_provider(email, provider, role) + end + end + + defp create_database_user(email, password, role) do + Users.register(%{ + email: email, + password: password, + role: role, + confirmed_at: DateTime.utc_now(), + confirmation_sent_at: nil, + confirmation_token: nil + }) + end + + defp create_user_from_provider(email, provider, role) do + Users.create_external(email, provider, %{role: role}) + end + @spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil defp maybe_create_profile(%User{} = user, options) do profile_username = Keyword.get(options, :profile_username) @@ -102,4 +122,26 @@ defmodule Mix.Tasks.Mobilizon.Users.New do nil end end + + @type role :: :administrator | :moderator | :user + + @spec get_role(Keyword.t()) :: role() + defp get_role(options) do + moderator? = Keyword.get(options, :moderator, false) + admin? = Keyword.get(options, :admin, false) + + cond do + admin? -> :administrator + moderator? -> :moderator + true -> :user + end + end + + defp check_password_and_provider_options(options) do + if Keyword.get(options, :password) != nil && Keyword.get(options, :provider) != nil do + shell_error(""" + The --password and --provider options can't be specified at the same time. + """) + end + end end diff --git a/lib/mobilizon/users/users.ex b/lib/mobilizon/users/users.ex index 9772f1a7e..271c962de 100644 --- a/lib/mobilizon/users/users.ex +++ b/lib/mobilizon/users/users.ex @@ -42,11 +42,12 @@ defmodule Mobilizon.Users do end end - @spec create_external(String.t(), String.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()} - def create_external(email, provider) do + @spec create_external(String.t(), String.t(), Map.t()) :: + {:ok, User.t()} | {:error, Ecto.Changeset.t()} + def create_external(email, provider, args \\ %{}) do with {:ok, %User{} = user} <- %User{} - |> User.auth_provider_changeset(%{email: email, provider: provider}) + |> User.auth_provider_changeset(Map.merge(args, %{email: email, provider: provider})) |> Repo.insert() do Events.create_feed_token(%{user_id: user.id}) diff --git a/lib/service/auth/authenticator.ex b/lib/service/auth/authenticator.ex index 822e67338..ba39ca52a 100644 --- a/lib/service/auth/authenticator.ex +++ b/lib/service/auth/authenticator.ex @@ -34,6 +34,9 @@ defmodule Mobilizon.Service.Auth.Authenticator do @callback can_change_password?(User.t()) :: boolean def can_change_password?(%User{} = user), do: implementation().can_change_password?(user) + @callback provider_name :: String.t() | nil + def provider_name, do: implementation().provider_name() + @spec has_password?(User.t()) :: boolean() def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap" diff --git a/lib/service/auth/ldap_authenticator.ex b/lib/service/auth/ldap_authenticator.ex index 145dd9699..7be6f0995 100644 --- a/lib/service/auth/ldap_authenticator.ex +++ b/lib/service/auth/ldap_authenticator.ex @@ -22,6 +22,7 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do @connection_timeout 10_000 @search_timeout 10_000 + @impl Authenticator def login(email, password) do with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])}, %User{} = user <- ldap_user(email, password) do @@ -39,10 +40,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do end end + @impl Authenticator def can_change_email?(%User{provider: provider}), do: provider != "ldap" + @impl Authenticator def can_change_password?(%User{provider: provider}), do: provider != "ldap" + @impl Authenticator + def provider_name, do: "ldap" + defp ldap_user(email, password) do ldap = Mobilizon.Config.get(:ldap, []) host = Keyword.get(ldap, :host, "localhost") diff --git a/lib/service/auth/mobilizon_authenticator.ex b/lib/service/auth/mobilizon_authenticator.ex index bec126901..4e5985a7a 100644 --- a/lib/service/auth/mobilizon_authenticator.ex +++ b/lib/service/auth/mobilizon_authenticator.ex @@ -11,6 +11,7 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do @behaviour Authenticator + @impl Authenticator def login(email, password) do require Logger @@ -33,7 +34,12 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do end end + @impl Authenticator def can_change_email?(%User{provider: provider}), do: is_nil(provider) + @impl Authenticator def can_change_password?(%User{provider: provider}), do: is_nil(provider) + + @impl Authenticator + def provider_name, do: nil end diff --git a/test/tasks/users_test.exs b/test/tasks/users_test.exs index d0b0e7ee3..89575e030 100644 --- a/test/tasks/users_test.exs +++ b/test/tasks/users_test.exs @@ -5,7 +5,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show} - alias Mobilizon.{Actors, Users} + alias Mobilizon.{Actors, Config, Users} alias Mobilizon.Actors.Actor alias Mobilizon.Users.User @@ -16,7 +16,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do test "create with no options" do New.run([@email]) - assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at}} = + assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at, provider: nil}} = Users.get_user_by_email(@email) assert email == @email @@ -53,7 +53,57 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do assert_received {:mix_shell, :error, [message]} assert message =~ "User has not been created because of the above reason." end + end + describe "create user from external provider" do + test "create user from ldap" do + New.run([@email, "--provider", "ldap"]) + + assert {:ok, + %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} = + Users.get_user_by_email(@email) + + assert_received {:mix_shell, :info, [message]} + + assert message =~ + "Warning: The ldap provider isn't currently configured as default authenticator." + end + + test "create user from ldap when configured" do + Config.put([Mobilizon.Service.Auth.Authenticator], Mobilizon.Service.Auth.LDAPAuthenticator) + + New.run([@email, "--provider", "ldap"]) + + assert {:ok, + %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} = + Users.get_user_by_email(@email) + + assert_received {:mix_shell, :info, [message]} + + refute message =~ + "Warning: The ldap provider isn't currently configured as default authenticator." + + Config.put( + [Mobilizon.Service.Auth.Authenticator], + Mobilizon.Service.Auth.MobilizonAuthenticator + ) + end + + test "can't set --provider at the same time than --password" do + New.run([@email, "--provider", "ldap", "--password", "random"]) + + assert {:ok, + %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} = + Users.get_user_by_email(@email) + + assert_received {:mix_shell, :error, [message]} + + assert message =~ + "The --password and --provider options can't be specified at the same time." + end + end + + describe "create user and profile" do @preferred_username "toto" @name "Léo Pandaï" @converted_username "leo_pandai"