akkoma/lib/pleroma/web/auth/pleroma_authenticator.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Auth.PleromaAuthenticator do
  alias Pleroma.Registration
  alias Pleroma.Repo
  alias Pleroma.User

  import Pleroma.Web.Auth.Helpers, only: [fetch_credentials: 1, fetch_user: 1]

  @behaviour Pleroma.Web.Auth.Authenticator

  def get_user(%Plug.Conn{} = conn) do
    with {:ok, {name, password}} <- fetch_credentials(conn),
         {_, %User{} = user} <- {:user, fetch_user(name)},
         {_, true} <- {:checkpw, Pleroma.Password.checkpw(password, user.password_hash)},
         {:ok, user} <- Pleroma.Password.maybe_update_password(user, password) do
      {:ok, user}
    else
      {:error, _reason} = error -> error
      error -> {:error, error}
    end
  end

  @doc """
  Gets or creates Pleroma.Registration record from Ueberauth assigns.
  Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response —
    see [`docs/config.md`](docs/config.md).
  """
  def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
    do: {:error, :missing_uid}

  def get_registration(%Plug.Conn{
        assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
      }) do
    registration = Registration.get_by_provider_uid(provider, uid)

    if registration do
      {:ok, registration}
    else
      info = auth.info

      %Registration{}
      |> Registration.changeset(%{
        provider: to_string(provider),
        uid: to_string(uid),
        info: %{
          "nickname" => info.nickname,
          "email" => info.email,
          "name" => info.name,
          "description" => info.description
        }
      })
      |> Repo.insert()
    end
  end

  def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}

  @doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
  @spec create_from_registration(Plug.Conn.t(), Registration.t()) ::
          {:ok, User.t()} | {:error, any()}
  def create_from_registration(
        %Plug.Conn{params: %{"authorization" => registration_attrs}},
        %Registration{} = registration
      ) do
    nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
    email = value([registration_attrs["email"], Registration.email(registration)])
    name = value([registration_attrs["name"], Registration.name(registration)]) || nickname
    bio = value([registration_attrs["bio"], Registration.description(registration)]) || ""

    random_password = :crypto.strong_rand_bytes(64) |> Base.encode64()

    with {:ok, new_user} <-
           User.register_changeset(
             %User{},
             %{
               email: email,
               nickname: nickname,
               name: name,
               bio: bio,
               password: random_password,
               password_confirmation: random_password
             },
             external: true,
             confirmed: true
           )
           |> Repo.insert(),
         {:ok, _} <-
           Registration.changeset(registration, %{user_id: new_user.id}) |> Repo.update() do
      {:ok, new_user}
    else
      err -> err
    end
  end

  defp value(list), do: Enum.find(list, &(to_string(&1) != ""))

  def handle_error(%Plug.Conn{} = _conn, error) do
    error
  end

  def auth_template, do: nil

  def oauth_consumer_template, do: nil
end
Added missing copyright headers. 2019-02-26 13:26:54 +00:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 06:49:20 +00:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
Added missing copyright headers. 2019-02-26 13:26:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

Renamed DatabaseAuthenticator to Authenticator. 2019-02-28 11:12:41 +00:00			`defmodule Pleroma.Web.Auth.PleromaAuthenticator do`
[#923] Support for multiple (external) registrations per user via Registration. 2019-03-18 14:23:38 +00:00			`alias Pleroma.Registration`
			`alias Pleroma.Repo`
[#923] Deps config adjustment (no `override` for `httpoison`), code analysis issues fixes. 2019-04-01 06:28:56 +00:00			`alias Pleroma.User`
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00
Create WrapperAuthenticator and simplify Authenticator behaviour Speeds up recompilation by reducing compile-time cycles 2021-06-07 23:07:54 +00:00			`import Pleroma.Web.Auth.Helpers, only: [fetch_credentials: 1, fetch_user: 1]`
Refactored Pleroma.Web.Auth.Authenticator 2019-05-01 13:28:04 +00:00
Renamed DatabaseAuthenticator to Authenticator. 2019-02-28 11:12:41 +00:00			`@behaviour Pleroma.Web.Auth.Authenticator`
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00
[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`def get_user(%Plug.Conn{} = conn) do`
Refactored Pleroma.Web.Auth.Authenticator 2019-05-01 13:28:04 +00:00			`with {:ok, {name, password}} <- fetch_credentials(conn),`
			`{_, %User{} = user} <- {:user, fetch_user(name)},`
argon2 password hashing (#406) Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/406 2022-12-30 02:46:58 +00:00			`{_, true} <- {:checkpw, Pleroma.Password.checkpw(password, user.password_hash)},`
			`{:ok, user} <- Pleroma.Password.maybe_update_password(user, password) do`
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00			`{:ok, user}`
			`else`
Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController 2020-05-07 08:14:54 +00:00			`{:error, _reason} = error -> error`
			`error -> {:error, error}`
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00			`end`
			`end`

OAuth consumer: tests fix, comments, Keycloak config notes. 2019-06-05 10:02:13 +00:00			`@doc """`
			`Gets or creates Pleroma.Registration record from Ueberauth assigns.`
			Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response —
			see [`docs/config.md`](docs/config.md).
			`"""`
			`def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),`
			`do: {:error, :missing_uid}`

[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`def get_registration(%Plug.Conn{`
			`assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}`
			`}) do`
[#923] Support for multiple (external) registrations per user via Registration. 2019-03-18 14:23:38 +00:00			`registration = Registration.get_by_provider_uid(provider, uid)`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00
[#923] Support for multiple (external) registrations per user via Registration. 2019-03-18 14:23:38 +00:00			`if registration do`
[#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 07:35:31 +00:00			`{:ok, registration}`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00			`else`
			`info = auth.info`

[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`%Registration{}`
			`\|> Registration.changeset(%{`
[#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 07:35:31 +00:00			`provider: to_string(provider),`
			`uid: to_string(uid),`
			`info: %{`
			`"nickname" => info.nickname,`
			`"email" => info.email,`
			`"name" => info.name,`
			`"description" => info.description`
			`}`
			`})`
			`\|> Repo.insert()`
			`end`
			`end`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00
[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00
OAuth consumer: tests fix, comments, Keycloak config notes. 2019-06-05 10:02:13 +00:00			`@doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."`
giant massive dep upgrade and dialyxir-found error emporium (#371) Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371 2022-12-14 12:38:48 +00:00			`@spec create_from_registration(Plug.Conn.t(), Registration.t()) ::`
			`{:ok, User.t()} \| {:error, any()}`
[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`def create_from_registration(`
			`%Plug.Conn{params: %{"authorization" => registration_attrs}},`
OAuth consumer: tests fix, comments, Keycloak config notes. 2019-06-05 10:02:13 +00:00			`%Registration{} = registration`
[#923] OAuth consumer params handling refactoring. Registration and authorization-related params are wrapped in "authorization" in order to reduce edge cases number and simplify handling logic. 2019-04-10 18:40:38 +00:00			`) do`
			`nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])`
			`email = value([registration_attrs["email"], Registration.email(registration)])`
			`name = value([registration_attrs["name"], Registration.name(registration)]) \|\| nickname`
User table: ensure bio is always a string Gets rid of '\|\| ""' in multiple places and fixes #2067 2020-09-01 06:25:32 +00:00			`bio = value([registration_attrs["bio"], Registration.description(registration)]) \|\| ""`
[#923] External User registration refactoring, password randomization. 2019-03-18 15:09:53 +00:00
[#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 07:35:31 +00:00			`random_password = :crypto.strong_rand_bytes(64) \|> Base.encode64()`

			`with {:ok, new_user} <-`
			`User.register_changeset(`
			`%User{},`
			`%{`
			`email: email,`
			`nickname: nickname,`
			`name: name,`
			`bio: bio,`
			`password: random_password,`
			`password_confirmation: random_password`
			`},`
			`external: true,`
Remove toggle_confirmation; require explicit state change Also cosmetic changes to make the code clearer 2020-10-13 21:07:36 +00:00			`confirmed: true`
[#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 07:35:31 +00:00			`)`
			`\|> Repo.insert(),`
			`{:ok, _} <-`
			`Registration.changeset(registration, %{user_id: new_user.id}) \|> Repo.update() do`
			`{:ok, new_user}`
giant massive dep upgrade and dialyxir-found error emporium (#371) Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371 2022-12-14 12:38:48 +00:00			`else`
			`err -> err`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00			`end`
			`end`

[#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 07:35:31 +00:00			`defp value(list), do: Enum.find(list, &(to_string(&1) != ""))`
[#923] OAuth: prototype of sign in / sign up with Twitter. 2019-03-15 14:08:03 +00:00
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00			`def handle_error(%Plug.Conn{} = _conn, error) do`
			`error`
			`end`
Added `auth_template/0` to DatabaseAuthenticator. 2019-02-28 10:58:58 +00:00
			`def auth_template, do: nil`
[#923] OAuth consumer improvements, fixes, refactoring. 2019-03-27 12:39:35 +00:00
			`def oauth_consumer_template, do: nil`
Auth customization support. OAuthController#create_authorization user retrieval / creation, errors handling, template & layout selection. 2019-02-21 15:55:19 +00:00			`end`