git.squeep.com Git - akkoma/blob - lib/pleroma/web/auth/pleroma_authenticator.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Auth.PleromaAuthenticator do
   6   alias Pleroma.Registration
   7   alias Pleroma.Repo
   8   alias Pleroma.User
   9   alias Pleroma.Web.Plugs.AuthenticationPlug
  10
  11   import Pleroma.Web.Auth.Helpers, only: [fetch_credentials: 1, fetch_user: 1]
  12
  13   @behaviour Pleroma.Web.Auth.Authenticator
  14
  15   def get_user(%Plug.Conn{} = conn) do
  16     with {:ok, {name, password}} <- fetch_credentials(conn),
  17          {_, %User{} = user} <- {:user, fetch_user(name)},
  18          {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)},
  19          {:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do
  20       {:ok, user}
  21     else
  22       {:error, _reason} = error -> error
  23       error -> {:error, error}
  24     end
  25   end
  26
  27   @doc """
  28   Gets or creates Pleroma.Registration record from Ueberauth assigns.
  29   Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response —
  30     see [`docs/config.md`](docs/config.md).
  31   """
  32   def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
  33     do: {:error, :missing_uid}
  34
  35   def get_registration(%Plug.Conn{
  36         assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
  37       }) do
  38     registration = Registration.get_by_provider_uid(provider, uid)
  39
  40     if registration do
  41       {:ok, registration}
  42     else
  43       info = auth.info
  44
  45       %Registration{}
  46       |> Registration.changeset(%{
  47         provider: to_string(provider),
  48         uid: to_string(uid),
  49         info: %{
  50           "nickname" => info.nickname,
  51           "email" => info.email,
  52           "name" => info.name,
  53           "description" => info.description
  54         }
  55       })
  56       |> Repo.insert()
  57     end
  58   end
  59
  60   def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
  61
  62   @doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
  63   def create_from_registration(
  64         %Plug.Conn{params: %{"authorization" => registration_attrs}},
  65         %Registration{} = registration
  66       ) do
  67     nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
  68     email = value([registration_attrs["email"], Registration.email(registration)])
  69     name = value([registration_attrs["name"], Registration.name(registration)]) || nickname
  70     bio = value([registration_attrs["bio"], Registration.description(registration)]) || ""
  71
  72     random_password = :crypto.strong_rand_bytes(64) |> Base.encode64()
  73
  74     with {:ok, new_user} <-
  75            User.register_changeset(
  76              %User{},
  77              %{
  78                email: email,
  79                nickname: nickname,
  80                name: name,
  81                bio: bio,
  82                password: random_password,
  83                password_confirmation: random_password
  84              },
  85              external: true,
  86              confirmed: true
  87            )
  88            |> Repo.insert(),
  89          {:ok, _} <-
  90            Registration.changeset(registration, %{user_id: new_user.id}) |> Repo.update() do
  91       {:ok, new_user}
  92     end
  93   end
  94
  95   defp value(list), do: Enum.find(list, &(to_string(&1) != ""))
  96
  97   def handle_error(%Plug.Conn{} = _conn, error) do
  98     error
  99   end
 100
 101   def auth_template, do: nil
 102
 103   def oauth_consumer_template, do: nil
 104 end