94 lines
3.1 KiB
Elixir
94 lines
3.1 KiB
Elixir
defmodule Mobilizon.Service.Auth.Authenticator do
|
|
@moduledoc """
|
|
Module to handle authentification (currently through database or LDAP)
|
|
"""
|
|
alias Mobilizon.Users
|
|
alias Mobilizon.Users.User
|
|
alias Mobilizon.Web.Auth.Guardian
|
|
|
|
@type tokens :: %{
|
|
required(:access_token) => String.t(),
|
|
required(:refresh_token) => String.t()
|
|
}
|
|
|
|
@type tokens_with_user :: %{
|
|
required(:access_token) => String.t(),
|
|
required(:refresh_token) => String.t(),
|
|
required(:user) => User.t()
|
|
}
|
|
|
|
def implementation do
|
|
Mobilizon.Config.get(
|
|
Mobilizon.Service.Auth.Authenticator,
|
|
Mobilizon.Service.Auth.MobilizonAuthenticator
|
|
)
|
|
end
|
|
|
|
@callback login(String.t(), String.t()) :: {:ok, User.t()} | {:error, any()}
|
|
@spec login(String.t(), String.t()) :: {:ok, User.t()} | {:error, any()}
|
|
def login(email, password), do: implementation().login(email, password)
|
|
|
|
@callback can_change_email?(User.t()) :: boolean
|
|
def can_change_email?(%User{} = user), do: implementation().can_change_email?(user)
|
|
|
|
@callback can_change_password?(User.t()) :: boolean
|
|
def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
|
|
|
|
@spec has_password?(User.t()) :: boolean()
|
|
def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"
|
|
|
|
@spec can_reset_password?(User.t()) :: boolean()
|
|
def can_reset_password?(%User{} = user), do: has_password?(user) && can_change_password?(user)
|
|
|
|
@spec authenticate(String.t(), String.t()) :: {:ok, tokens_with_user()}
|
|
def authenticate(email, password) do
|
|
with {:ok, %User{} = user} <- login(email, password),
|
|
{:ok, %{access_token: access_token, refresh_token: refresh_token}} <-
|
|
generate_tokens(user) do
|
|
{:ok, %{access_token: access_token, refresh_token: refresh_token, user: user}}
|
|
end
|
|
end
|
|
|
|
@doc """
|
|
Generates access token and refresh token for an user.
|
|
"""
|
|
@spec generate_tokens(User.t()) :: {:ok, tokens}
|
|
def generate_tokens(user) do
|
|
with {:ok, access_token} <- generate_access_token(user),
|
|
{:ok, refresh_token} <- generate_refresh_token(user) do
|
|
{:ok, %{access_token: access_token, refresh_token: refresh_token}}
|
|
end
|
|
end
|
|
|
|
@doc """
|
|
Generates access token for an user.
|
|
"""
|
|
@spec generate_access_token(User.t()) :: {:ok, String.t()}
|
|
def generate_access_token(user) do
|
|
with {:ok, access_token, _claims} <-
|
|
Guardian.encode_and_sign(user, %{}, token_type: "access") do
|
|
{:ok, access_token}
|
|
end
|
|
end
|
|
|
|
@doc """
|
|
Generates refresh token for an user.
|
|
"""
|
|
@spec generate_refresh_token(User.t()) :: {:ok, String.t()}
|
|
def generate_refresh_token(user) do
|
|
with {:ok, refresh_token, _claims} <-
|
|
Guardian.encode_and_sign(user, %{}, token_type: "refresh") do
|
|
{:ok, refresh_token}
|
|
end
|
|
end
|
|
|
|
@spec fetch_user(String.t()) :: User.t() | {:error, :user_not_found}
|
|
def fetch_user(nil), do: {:error, :user_not_found}
|
|
|
|
def fetch_user(email) when not is_nil(email) do
|
|
with {:ok, %User{} = user} <- Users.get_user_by_email(email, true) do
|
|
user
|
|
end
|
|
end
|
|
end
|