X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=sidebyside;f=lib%2Fpleroma%2Fweb%2Fauth%2Fpleroma_authenticator.ex;h=c611b3e0916dd83485bb65c3a04cd789d5532c6c;hb=9c672ecbb5d4477cd16d2139a2cb66d3923ac5c8;hp=c826adb4c504ab6c64823bcc71b53ffbdb180c92;hpb=0f2f7d2cec8297b1b5645643d7584cde561ce628;p=akkoma
diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex
index c826adb4c..c611b3e09 100644
--- a/lib/pleroma/web/auth/pleroma_authenticator.ex
+++ b/lib/pleroma/web/auth/pleroma_authenticator.ex
@@ -1,38 +1,41 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Auth.PleromaAuthenticator do
- alias Comeonin.Pbkdf2
+ alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.Registration
alias Pleroma.Repo
alias Pleroma.User
- @behaviour Pleroma.Web.Auth.Authenticator
-
- def get_user(%Plug.Conn{} = _conn, params) do
- {name, password} =
- case params do
- %{"authorization" => %{"name" => name, "password" => password}} ->
- {name, password}
+ import Pleroma.Web.Auth.Authenticator,
+ only: [fetch_credentials: 1, fetch_user: 1]
- %{"grant_type" => "password", "username" => name, "password" => password} ->
- {name, password}
- end
+ @behaviour Pleroma.Web.Auth.Authenticator
- with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)},
- {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do
+ def get_user(%Plug.Conn{} = conn) do
+ with {:ok, {name, password}} <- fetch_credentials(conn),
+ {_, %User{} = user} <- {:user, fetch_user(name)},
+ {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)},
+ {:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do
{:ok, user}
else
- error ->
- {:error, error}
+ {:error, _reason} = error -> error
+ error -> {:error, error}
end
end
- def get_registration(
- %Plug.Conn{assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}},
- _params
- ) do
+ @doc """
+ Gets or creates Pleroma.Registration record from Ueberauth assigns.
+ Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response â
+ see [`docs/config.md`](docs/config.md).
+ """
+ def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
+ do: {:error, :missing_uid}
+
+ def get_registration(%Plug.Conn{
+ assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
+ }) do
registration = Registration.get_by_provider_uid(provider, uid)
if registration do
@@ -40,7 +43,8 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
else
info = auth.info
- Registration.changeset(%Registration{}, %{
+ %Registration{}
+ |> Registration.changeset(%{
provider: to_string(provider),
uid: to_string(uid),
info: %{
@@ -54,13 +58,17 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
end
end
- def get_registration(%Plug.Conn{} = _conn, _params), do: {:error, :missing_credentials}
+ def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
- def create_from_registration(_conn, params, registration) do
- nickname = value([params["nickname"], Registration.nickname(registration)])
- email = value([params["email"], Registration.email(registration)])
- name = value([params["name"], Registration.name(registration)]) || nickname
- bio = value([params["bio"], Registration.description(registration)])
+ @doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
+ def create_from_registration(
+ %Plug.Conn{params: %{"authorization" => registration_attrs}},
+ %Registration{} = registration
+ ) do
+ nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
+ email = value([registration_attrs["email"], Registration.email(registration)])
+ name = value([registration_attrs["name"], Registration.name(registration)]) || nickname
+ bio = value([registration_attrs["bio"], Registration.description(registration)]) || ""
random_password = :crypto.strong_rand_bytes(64) |> Base.encode64()
@@ -76,7 +84,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
password_confirmation: random_password
},
external: true,
- confirmed: true
+ need_confirmation: false
)
|> Repo.insert(),
{:ok, _} <-