1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.MFA.Token do
12 alias Pleroma.Web.OAuth.Authorization
13 alias Pleroma.Web.OAuth.Token, as: OAuthToken
17 schema "mfa_tokens" do
18 field(:token, :string)
19 field(:valid_until, :naive_datetime_usec)
21 belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
22 belongs_to(:authorization, Authorization)
27 def get_by_token(token) do
30 where: t.token == ^token,
31 preload: [:user, :authorization]
33 |> Repo.find_resource()
36 def validate(token) do
37 with {:fetch_token, {:ok, token}} <- {:fetch_token, get_by_token(token)},
38 {:expired, false} <- {:expired, is_expired?(token)} do
41 {:expired, _} -> {:error, :expired_token}
42 {:fetch_token, _} -> {:error, :not_found}
43 error -> {:error, error}
47 def create_token(%User{} = user) do
56 def create_token(user, authorization) do
60 |> assign_authorization(authorization)
66 defp assign_user(changeset, user) do
68 |> put_assoc(:user, user)
69 |> validate_required([:user])
72 defp assign_authorization(changeset, authorization) do
74 |> put_assoc(:authorization, authorization)
75 |> validate_required([:authorization])
78 defp put_token(changeset) do
80 |> change(%{token: OAuthToken.Utils.generate_token()})
81 |> validate_required([:token])
82 |> unique_constraint(:token)
85 defp put_valid_until(changeset) do
86 expires_in = NaiveDateTime.add(NaiveDateTime.utc_now(), @expires)
89 |> change(%{valid_until: expires_in})
90 |> validate_required([:valid_until])
93 def is_expired?(%__MODULE__{valid_until: valid_until}) do
94 NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0
97 def is_expired?(_), do: false
99 def delete_expired_tokens do
102 where: fragment("?", q.valid_until) < ^Timex.now()