moritz/putzplan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
putzplan/lib/putzplan/accounts/user.ex

88 lines
2 KiB
Elixir
Raw Blame History

defmodule Putzplan.Accounts.User do
use Ash.Resource,
otp_app: :putzplan,
domain: Putzplan.Accounts,
authorizers: [Ash.Policy.Authorizer],
extensions: [AshAuthentication],
data_layer: AshSqlite.DataLayer
authentication do
add_ons do
log_out_everywhere do
apply_on_password_change? true
end
end
tokens do
enabled? true
token_resource Putzplan.Accounts.Token
signing_secret Putzplan.Secrets
store_all_tokens? true
require_token_presence_for_authentication? true
end
strategies do
oidc :oidc do
client_id "putzplan"
base_url "http://127.0.0.1:9091"
client_secret "insecure_secret"
nonce true
redirect_uri "http://127.0.0.1:4000/auth"
authorization_params [scope: "profile email"]
end
end
end
identities do
identity :id, [:id]
end
sqlite do
table "users"
repo Putzplan.Repo
end
actions do
defaults [:read]
read :get_by_subject do
description "Get a user by the subject claim in a JWT"
argument :subject, :string, allow_nil?: false
get? true
prepare AshAuthentication.Preparations.FilterBySubject
end
create :register_with_oidc do
argument :user_info, :map, allow_nil?: false
argument :oauth_tokens, :map, allow_nil?: false
upsert? true
upsert_identity :id
change AshAuthentication.GenerateTokenChange
change fn changeset, _ctx ->
user_info = Ash.Changeset.get_argument(changeset, :user_info)
dbg(user_info)
changeset
|> Ash.Changeset.change_attribute(:name, user_info["name"])
|> Ash.Changeset.change_attribute(:id, user_info["sub"])
end
end
end
policies do
bypass AshAuthentication.Checks.AshAuthenticationInteraction do
authorize_if always()
end
policy always() do
forbid_if always()
end
end
attributes do
attribute :id, :uuid, allow_nil?: false, primary_key?: true
attribute :name, :string, allow_nil?: false
end
end
Reference in a new issue View git blame Copy permalink