git.squeep.com Git - akkoma/blob - lib/pleroma/mfa/token.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.MFA.Token do
   6   use Ecto.Schema
   7   import Ecto.Query
   8   import Ecto.Changeset
   9
  10   alias Pleroma.Repo
  11   alias Pleroma.User
  12   alias Pleroma.Web.OAuth.Authorization
  13   alias Pleroma.Web.OAuth.Token, as: OAuthToken
  14
  15   @expires 300
  16
  17   schema "mfa_tokens" do
  18     field(:token, :string)
  19     field(:valid_until, :naive_datetime_usec)
  20
  21     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
  22     belongs_to(:authorization, Authorization)
  23
  24     timestamps()
  25   end
  26
  27   def get_by_token(token) do
  28     from(
  29       t in __MODULE__,
  30       where: t.token == ^token,
  31       preload: [:user, :authorization]
  32     )
  33     |> Repo.find_resource()
  34   end
  35
  36   def validate(token) do
  37     with {:fetch_token, {:ok, token}} <- {:fetch_token, get_by_token(token)},
  38          {:expired, false} <- {:expired, is_expired?(token)} do
  39       {:ok, token}
  40     else
  41       {:expired, _} -> {:error, :expired_token}
  42       {:fetch_token, _} -> {:error, :not_found}
  43       error -> {:error, error}
  44     end
  45   end
  46
  47   def create_token(%User{} = user) do
  48     %__MODULE__{}
  49     |> change
  50     |> assign_user(user)
  51     |> put_token
  52     |> put_valid_until
  53     |> Repo.insert()
  54   end
  55
  56   def create_token(user, authorization) do
  57     %__MODULE__{}
  58     |> change
  59     |> assign_user(user)
  60     |> assign_authorization(authorization)
  61     |> put_token
  62     |> put_valid_until
  63     |> Repo.insert()
  64   end
  65
  66   defp assign_user(changeset, user) do
  67     changeset
  68     |> put_assoc(:user, user)
  69     |> validate_required([:user])
  70   end
  71
  72   defp assign_authorization(changeset, authorization) do
  73     changeset
  74     |> put_assoc(:authorization, authorization)
  75     |> validate_required([:authorization])
  76   end
  77
  78   defp put_token(changeset) do
  79     changeset
  80     |> change(%{token: OAuthToken.Utils.generate_token()})
  81     |> validate_required([:token])
  82     |> unique_constraint(:token)
  83   end
  84
  85   defp put_valid_until(changeset) do
  86     expires_in = NaiveDateTime.add(NaiveDateTime.utc_now(), @expires)
  87
  88     changeset
  89     |> change(%{valid_until: expires_in})
  90     |> validate_required([:valid_until])
  91   end
  92
  93   def is_expired?(%__MODULE__{valid_until: valid_until}) do
  94     NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0
  95   end
  96
  97   def is_expired?(_), do: false
  98
  99   def delete_expired_tokens do
 100     from(
 101       q in __MODULE__,
 102       where: fragment("?", q.valid_until) < ^Timex.now()
 103     )
 104     |> Repo.delete_all()
 105   end
 106 end