14.2 KiB · text 5af55d9
defmodule GitGud.Accounts do
@moduledoc """
The Accounts context.
"""
import Ecto.Query, warn: false
alias GitGud.Repo
alias GitGud.Accounts.{User, UserToken, UserNotifier}
alias GitGud.Accounts.PersonalAccessToken
@pat_prefix "ggp_"
# ── personal access tokens (REST API) ────────────────────────────────
@doc "A user's API tokens, by name."
def list_personal_access_tokens(%User{id: uid}) do
from(t in PersonalAccessToken, where: t.user_id == ^uid, order_by: [asc: t.name])
|> Repo.all()
end
@doc """
Mint a token for `user` with `scopes` (subset of
`PersonalAccessToken.scopes/0`). Returns `{:ok, token, plaintext}`;
the `ggp_…` plaintext is only available here — we store its hash.
"""
def create_personal_access_token(%User{id: uid}, name, scopes) do
plaintext = @pat_prefix <> (:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false))
%PersonalAccessToken{user_id: uid}
|> PersonalAccessToken.changeset(%{name: name, token_hash: pat_hash(plaintext), scopes: scopes})
|> Repo.insert()
|> case do
{:ok, token} -> {:ok, token, plaintext}
{:error, _} = err -> err
end
end
def delete_personal_access_token(%User{id: uid}, id) do
Repo.delete_all(from t in PersonalAccessToken, where: t.user_id == ^uid and t.id == ^id)
:ok
end
@doc """
Verify a presented API token. On a match, bumps `last_used_at` and
returns `{:ok, %User{}, scopes}`; otherwise `:error`.
"""
def verify_personal_access_token(@pat_prefix <> _ = plaintext) do
case Repo.get_by(PersonalAccessToken, token_hash: pat_hash(plaintext)) do
%PersonalAccessToken{} = token ->
token = Repo.preload(token, :user)
Repo.update_all(
from(t in PersonalAccessToken, where: t.id == ^token.id),
set: [last_used_at: DateTime.utc_now(:second)]
)
{:ok, token.user, token.scopes}
nil ->
:error
end
end
def verify_personal_access_token(_), do: :error
defp pat_hash(plaintext), do: :crypto.hash(:sha256, plaintext)
## Database getters
@doc """
Gets a user by email.
## Examples
iex> get_user_by_email("foo@example.com")
%User{}
iex> get_user_by_email("unknown@example.com")
nil
"""
def get_user_by_email(email) when is_binary(email) do
Repo.get_by(User, email: email)
end
@doc """
Gets a user by email and password.
## Examples
iex> get_user_by_email_and_password("foo@example.com", "correct_password")
%User{}
iex> get_user_by_email_and_password("foo@example.com", "invalid_password")
nil
"""
def get_user_by_email_and_password(email, password)
when is_binary(email) and is_binary(password) do
user = Repo.get_by(User, email: email)
if User.valid_password?(user, password), do: user
end
@doc """
Gets a single user.
Raises `Ecto.NoResultsError` if the User does not exist.
## Examples
iex> get_user!(123)
%User{}
iex> get_user!(456)
** (Ecto.NoResultsError)
"""
def get_user!(id), do: Repo.get!(User, id)
## User registration
@doc """
Registers a user.
## Examples
iex> register_user(%{field: value})
{:ok, %User{}}
iex> register_user(%{field: bad_value})
{:error, %Ecto.Changeset{}}
"""
def register_user(attrs) do
if registration_mode() == :closed do
{:error, :registration_closed}
else
do_register_user(attrs, 0)
end
end
# Up to a few retries with `_N` suffix on the handle, so a duplicate
# email-local-part doesn't reject the whole registration. Email
# uniqueness errors still bubble up as before.
defp do_register_user(attrs, attempt) when attempt < 8 do
changeset = User.email_changeset(%User{}, attrs)
changeset =
if attempt > 0 do
base = Ecto.Changeset.get_field(changeset, :handle)
if is_binary(base) do
Ecto.Changeset.put_change(
changeset,
:handle,
base <> "_" <> Integer.to_string(attempt)
)
else
changeset
end
else
changeset
end
case Repo.insert(changeset) do
{:ok, user} ->
# Best-effort: profile README repo. Failures are logged but
# don't roll back the registration — a missing profile repo is
# backfillable via `Repositories.ensure_profile_repo/1`.
case GitGud.Repositories.ensure_profile_repo(user) do
{:ok, _} ->
:ok
{:error, reason} ->
require Logger
Logger.warning("could not create profile repo for #{user.handle}: #{inspect(reason)}")
end
{:ok, user}
{:error, %Ecto.Changeset{errors: errors} = cs} ->
if Keyword.get(errors, :handle) do
do_register_user(attrs, attempt + 1)
else
{:error, cs}
end
end
end
defp do_register_user(_attrs, _attempt),
do: {:error, :handle_collision_retry_exhausted}
@doc "Look up a user by their `handle`. Returns `nil` if not found."
def get_user_by_handle(handle) when is_binary(handle) do
Repo.get_by(User, handle: String.downcase(handle))
end
## Registration modes -------------------------------------------------------
alias GitGud.Accounts.Invite
@doc """
Returns the configured registration mode. One of:
* `:open` — anyone can register
* `:invite_only` (default) — visitors must carry a valid `?invite=token`
* `:closed` — registration is fully disabled
"""
@spec registration_mode() :: :open | :invite_only | :closed
def registration_mode do
case Application.get_env(:git_gud, :registration_mode, :invite_only) do
m when m in [:open, :invite_only, :closed] -> m
other when is_binary(other) -> string_to_mode(other)
_ -> :invite_only
end
end
defp string_to_mode("open"), do: :open
defp string_to_mode("invite_only"), do: :invite_only
defp string_to_mode("closed"), do: :closed
defp string_to_mode(_), do: :invite_only
@doc "Convenience: true when public registration is open."
def registration_open?, do: registration_mode() == :open
## Invites ------------------------------------------------------------------
@doc "Create an invite owned by the given user."
def create_invite(%User{id: id}, attrs \\ %{}) do
attrs = attrs |> Map.new() |> Map.put(:created_by_id, id)
%Invite{}
|> Invite.create_changeset(attrs)
|> Repo.insert()
end
@doc "List invites created by a user, newest first, with redeemer preloaded."
def list_invites(%User{id: id}) do
import Ecto.Query
from(i in Invite,
where: i.created_by_id == ^id,
order_by: [desc: i.inserted_at],
preload: [:consumed_by]
)
|> Repo.all()
end
@doc "Look up an invite by token; returns it only if still active."
@spec get_active_invite(binary() | any()) :: Invite.t() | nil
def get_active_invite(token) when is_binary(token) do
case Repo.get_by(Invite, token: token) do
nil -> nil
invite -> if Invite.active?(invite), do: invite, else: nil
end
end
def get_active_invite(_), do: nil
@doc "Mark an invite as consumed by the given user."
def consume_invite(%Invite{} = invite, %User{} = user) do
invite
|> Invite.consume_changeset(user)
|> Repo.update()
end
@doc "Revoke an invite (sets consumed_at without a consumer)."
def revoke_invite(%User{id: owner_id}, %Invite{created_by_id: owner_id} = invite) do
invite
|> Ecto.Changeset.change(
consumed_at: DateTime.utc_now() |> DateTime.truncate(:second),
consumed_by_id: nil
)
|> Repo.update()
end
def revoke_invite(_, _), do: {:error, :forbidden}
@doc "Apply a profile-fields update."
def update_user_profile(%User{} = user, attrs) do
user |> User.profile_changeset(attrs) |> Repo.update()
end
## Settings
@doc """
Checks whether the user is in sudo mode.
The user is in sudo mode when the last authentication was done no further
than 20 minutes ago. The limit can be given as second argument in minutes.
"""
def sudo_mode?(user, minutes \\ -20)
def sudo_mode?(%User{authenticated_at: ts}, minutes) when is_struct(ts, DateTime) do
DateTime.after?(ts, DateTime.utc_now() |> DateTime.add(minutes, :minute))
end
def sudo_mode?(_user, _minutes), do: false
@doc """
Returns an `%Ecto.Changeset{}` for changing the user email.
See `GitGud.Accounts.User.email_changeset/3` for a list of supported options.
## Examples
iex> change_user_email(user)
%Ecto.Changeset{data: %User{}}
"""
def change_user_email(user, attrs \\ %{}, opts \\ []) do
User.email_changeset(user, attrs, opts)
end
@doc """
Updates the user email using the given token.
If the token matches, the user email is updated and the token is deleted.
"""
def update_user_email(user, token) do
context = "change:#{user.email}"
Repo.transact(fn ->
with {:ok, query} <- UserToken.verify_change_email_token_query(token, context),
%UserToken{sent_to: email} <- Repo.one(query),
{:ok, user} <- Repo.update(User.email_changeset(user, %{email: email})),
{_count, _result} <-
Repo.delete_all(from(UserToken, where: [user_id: ^user.id, context: ^context])) do
{:ok, user}
else
_ -> {:error, :transaction_aborted}
end
end)
end
@doc """
Returns an `%Ecto.Changeset{}` for changing the user password.
See `GitGud.Accounts.User.password_changeset/3` for a list of supported options.
## Examples
iex> change_user_password(user)
%Ecto.Changeset{data: %User{}}
"""
def change_user_password(user, attrs \\ %{}, opts \\ []) do
User.password_changeset(user, attrs, opts)
end
@doc """
Updates the user password.
Returns a tuple with the updated user, as well as a list of expired tokens.
## Examples
iex> update_user_password(user, %{password: ...})
{:ok, {%User{}, [...]}}
iex> update_user_password(user, %{password: "too short"})
{:error, %Ecto.Changeset{}}
"""
def update_user_password(user, attrs) do
user
|> User.password_changeset(attrs)
|> update_user_and_delete_all_tokens()
end
## Session
@doc """
Generates a session token.
"""
def generate_user_session_token(user) do
{token, user_token} = UserToken.build_session_token(user)
Repo.insert!(user_token)
token
end
@doc """
Gets the user with the given signed token.
If the token is valid `{user, token_inserted_at}` is returned, otherwise `nil` is returned.
"""
def get_user_by_session_token(token) do
{:ok, query} = UserToken.verify_session_token_query(token)
Repo.one(query)
end
@doc """
Gets the user with the given magic link token.
"""
def get_user_by_magic_link_token(token) do
with {:ok, query} <- UserToken.verify_magic_link_token_query(token),
{user, _token} <- Repo.one(query) do
user
else
_ -> nil
end
end
@doc """
Logs the user in by magic link.
There are three cases to consider:
1. The user has already confirmed their email. They are logged in
and the magic link is expired.
2. The user has not confirmed their email and no password is set.
In this case, the user gets confirmed, logged in, and all tokens -
including session ones - are expired. In theory, no other tokens
exist but we delete all of them for best security practices.
3. The user has not confirmed their email but a password is set.
This cannot happen in the default implementation but may be the
source of security pitfalls. See the "Mixing magic link and password registration" section of
`mix help phx.gen.auth`.
"""
def login_user_by_magic_link(token) do
{:ok, query} = UserToken.verify_magic_link_token_query(token)
case Repo.one(query) do
# Prevent session fixation attacks by disallowing magic links for unconfirmed users with password
{%User{confirmed_at: nil, hashed_password: hash}, _token} when not is_nil(hash) ->
raise """
magic link log in is not allowed for unconfirmed users with a password set!
This cannot happen with the default implementation, which indicates that you
might have adapted the code to a different use case. Please make sure to read the
"Mixing magic link and password registration" section of `mix help phx.gen.auth`.
"""
{%User{confirmed_at: nil} = user, _token} ->
user
|> User.confirm_changeset()
|> update_user_and_delete_all_tokens()
{user, token} ->
Repo.delete!(token)
{:ok, {user, []}}
nil ->
{:error, :not_found}
end
end
@doc ~S"""
Delivers the update email instructions to the given user.
## Examples
iex> deliver_user_update_email_instructions(user, current_email, &url(~p"/users/settings/confirm-email/#{&1}"))
{:ok, %{to: ..., body: ...}}
"""
def deliver_user_update_email_instructions(%User{} = user, current_email, update_email_url_fun)
when is_function(update_email_url_fun, 1) do
{encoded_token, user_token} = UserToken.build_email_token(user, "change:#{current_email}")
Repo.insert!(user_token)
UserNotifier.deliver_update_email_instructions(user, update_email_url_fun.(encoded_token))
end
@doc """
Delivers the magic link login instructions to the given user.
"""
def deliver_login_instructions(%User{} = user, magic_link_url_fun)
when is_function(magic_link_url_fun, 1) do
{encoded_token, user_token} = UserToken.build_email_token(user, "login")
Repo.insert!(user_token)
UserNotifier.deliver_login_instructions(user, magic_link_url_fun.(encoded_token))
end
@doc """
Deletes the signed token with the given context.
"""
def delete_user_session_token(token) do
Repo.delete_all(from(UserToken, where: [token: ^token, context: "session"]))
:ok
end
## Token helper
defp update_user_and_delete_all_tokens(changeset) do
Repo.transact(fn ->
with {:ok, user} <- Repo.update(changeset) do
tokens_to_expire = Repo.all_by(UserToken, user_id: user.id)
Repo.delete_all(from(t in UserToken, where: t.id in ^Enum.map(tokens_to_expire, & &1.id)))
{:ok, {user, tokens_to_expire}}
end
end)
end
end