in dev, allow dev FE
[akkoma] / lib / pleroma / web / auth / pleroma_authenticator.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Auth.PleromaAuthenticator do
6 alias Pleroma.Registration
7 alias Pleroma.Repo
8 alias Pleroma.User
9
10 import Pleroma.Web.Auth.Helpers, only: [fetch_credentials: 1, fetch_user: 1]
11
12 @behaviour Pleroma.Web.Auth.Authenticator
13
14 def get_user(%Plug.Conn{} = conn) do
15 with {:ok, {name, password}} <- fetch_credentials(conn),
16 {_, %User{} = user} <- {:user, fetch_user(name)},
17 {_, true} <- {:checkpw, Pleroma.Password.checkpw(password, user.password_hash)},
18 {:ok, user} <- Pleroma.Password.maybe_update_password(user, password) do
19 {:ok, user}
20 else
21 {:error, _reason} = error -> error
22 error -> {:error, error}
23 end
24 end
25
26 @doc """
27 Gets or creates Pleroma.Registration record from Ueberauth assigns.
28 Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response —
29 see [`docs/config.md`](docs/config.md).
30 """
31 def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
32 do: {:error, :missing_uid}
33
34 def get_registration(%Plug.Conn{
35 assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
36 }) do
37 registration = Registration.get_by_provider_uid(provider, uid)
38
39 if registration do
40 {:ok, registration}
41 else
42 info = auth.info
43
44 %Registration{}
45 |> Registration.changeset(%{
46 provider: to_string(provider),
47 uid: to_string(uid),
48 info: %{
49 "nickname" => info.nickname,
50 "email" => info.email,
51 "name" => info.name,
52 "description" => info.description
53 }
54 })
55 |> Repo.insert()
56 end
57 end
58
59 def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
60
61 @doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
62 @spec create_from_registration(Plug.Conn.t(), Registration.t()) ::
63 {:ok, User.t()} | {:error, any()}
64 def create_from_registration(
65 %Plug.Conn{params: %{"authorization" => registration_attrs}},
66 %Registration{} = registration
67 ) do
68 nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
69 email = value([registration_attrs["email"], Registration.email(registration)])
70 name = value([registration_attrs["name"], Registration.name(registration)]) || nickname
71 bio = value([registration_attrs["bio"], Registration.description(registration)]) || ""
72
73 random_password = :crypto.strong_rand_bytes(64) |> Base.encode64()
74
75 with {:ok, new_user} <-
76 User.register_changeset(
77 %User{},
78 %{
79 email: email,
80 nickname: nickname,
81 name: name,
82 bio: bio,
83 password: random_password,
84 password_confirmation: random_password
85 },
86 external: true,
87 confirmed: true
88 )
89 |> Repo.insert(),
90 {:ok, _} <-
91 Registration.changeset(registration, %{user_id: new_user.id}) |> Repo.update() do
92 {:ok, new_user}
93 else
94 err -> err
95 end
96 end
97
98 defp value(list), do: Enum.find(list, &(to_string(&1) != ""))
99
100 def handle_error(%Plug.Conn{} = _conn, error) do
101 error
102 end
103
104 def auth_template, do: nil
105
106 def oauth_consumer_template, do: nil
107 end