X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fauth%2Fpleroma_authenticator.ex;h=dd79cdcf7f8c993b98e2db42e7d372c05acf949e;hb=755f58168bb2b6b979c6f5d36f7eff56d2305911;hp=8b190f97f25223338a14004ff99caa506c3f8d6c;hpb=20e0f3660541f19cf878b789aa9f5b9d5ce8cddb;p=akkoma

diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex
index 8b190f97f..d6d2a8d06 100644
--- a/lib/pleroma/web/auth/pleroma_authenticator.ex
+++ b/lib/pleroma/web/auth/pleroma_authenticator.ex
@@ -1,38 +1,41 @@
 # Pleroma: A lightweight social networking server
-# Copyright Â© 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright Â© 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.Auth.PleromaAuthenticator do
-  alias Comeonin.Pbkdf2
-  alias Pleroma.User
   alias Pleroma.Registration
   alias Pleroma.Repo
+  alias Pleroma.User
+  alias Pleroma.Web.Plugs.AuthenticationPlug
 
-  @behaviour Pleroma.Web.Auth.Authenticator
-
-  def get_user(%Plug.Conn{} = _conn, params) do
-    {name, password} =
-      case params do
-        %{"authorization" => %{"name" => name, "password" => password}} ->
-          {name, password}
+  import Pleroma.Web.Auth.Authenticator,
+    only: [fetch_credentials: 1, fetch_user: 1]
 
-        %{"grant_type" => "password", "username" => name, "password" => password} ->
-          {name, password}
-      end
+  @behaviour Pleroma.Web.Auth.Authenticator
 
-    with {_, %User{} = user} <- {:user, User.get_by_nickname_or_email(name)},
-         {_, true} <- {:checkpw, Pbkdf2.checkpw(password, user.password_hash)} do
+  def get_user(%Plug.Conn{} = conn) do
+    with {:ok, {name, password}} <- fetch_credentials(conn),
+         {_, %User{} = user} <- {:user, fetch_user(name)},
+         {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)},
+         {:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do
       {:ok, user}
     else
-      error ->
-        {:error, error}
+      {:error, _reason} = error -> error
+      error -> {:error, error}
     end
   end
 
-  def get_registration(
-        %Plug.Conn{assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}},
-        _params
-      ) do
+  @doc """
+  Gets or creates Pleroma.Registration record from Ueberauth assigns.
+  Note: some strategies (like `keycloak`) might need extra configuration to fill `uid` from callback response â
+    see [`docs/config.md`](docs/config.md).
+  """
+  def get_registration(%Plug.Conn{assigns: %{ueberauth_auth: %{uid: nil}}}),
+    do: {:error, :missing_uid}
+
+  def get_registration(%Plug.Conn{
+        assigns: %{ueberauth_auth: %{provider: provider, uid: uid} = auth}
+      }) do
     registration = Registration.get_by_provider_uid(provider, uid)
 
     if registration do
@@ -40,7 +43,8 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
     else
       info = auth.info
 
-      Registration.changeset(%Registration{}, %{
+      %Registration{}
+      |> Registration.changeset(%{
         provider: to_string(provider),
         uid: to_string(uid),
         info: %{
@@ -54,13 +58,17 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
     end
   end
 
-  def get_registration(%Plug.Conn{} = _conn, _params), do: {:error, :missing_credentials}
+  def get_registration(%Plug.Conn{} = _conn), do: {:error, :missing_credentials}
 
-  def create_from_registration(_conn, params, registration) do
-    nickname = value([params["nickname"], Registration.nickname(registration)])
-    email = value([params["email"], Registration.email(registration)])
-    name = value([params["name"], Registration.name(registration)]) || nickname
-    bio = value([params["bio"], Registration.description(registration)])
+  @doc "Creates Pleroma.User record basing on params and Pleroma.Registration record."
+  def create_from_registration(
+        %Plug.Conn{params: %{"authorization" => registration_attrs}},
+        %Registration{} = registration
+      ) do
+    nickname = value([registration_attrs["nickname"], Registration.nickname(registration)])
+    email = value([registration_attrs["email"], Registration.email(registration)])
+    name = value([registration_attrs["name"], Registration.name(registration)]) || nickname
+    bio = value([registration_attrs["bio"], Registration.description(registration)]) || ""
 
     random_password = :crypto.strong_rand_bytes(64) |> Base.encode64()
 
@@ -76,7 +84,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do
                password_confirmation: random_password
              },
              external: true,
-             confirmed: true
+             need_confirmation: false
            )
            |> Repo.insert(),
          {:ok, _} <-