chore(AshAuthenticationPhoenix): added library and updated ressources testing password strategy

2025-06-03 08:39:28 +02:00 · 2025-06-03 08:39:28 +02:00 · 192ceaed45
commit 192ceaed45
parent f154eea055
24 changed files with 682 additions and 25 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -1,26 +1,78 @@
 defmodule Mv.Accounts.User do
  use Ash.Resource,
    domain: Mv.Accounts,
-    data_layer: AshPostgres.DataLayer
+    data_layer: AshPostgres.DataLayer,
+    extensions: [AshAuthentication]
+
+  # authorizers: [Ash.Policy.Authorizer]

  postgres do
-    table("users")
-    repo(Mv.Repo)
+    table "users"
+    repo Mv.Repo
  end

-  attributes do
-    uuid_primary_key(:id)
+  authentication do
+    tokens do
+      enabled? true
+      token_resource Mv.Accounts.Token
+      signing_secret fn _, _ ->
+        {:ok, Application.get_env(:mv, :token_signing_secret)}
+      end
+    end

-    attribute(:email, :string, allow_nil?: true, public?: true)
-    attribute(:password_hash, :string, sensitive?: true)
-    attribute(:oicd_id, :string)
+    strategies do
+      password :password do
+        identity_field :email
+        hash_provider AshAuthentication.BcryptProvider
+        confirmation_required? false
+      end
+    end
  end

  actions do
-    defaults([:read, :destroy, :create, :update])
+    defaults [:read, :create, :destroy, :update]
+
+    read :get_by_subject do
+      description "Get a user by the subject claim in a JWT"
+      argument :subject, :string, allow_nil?: false
+      get? true
+      prepare AshAuthentication.Preparations.FilterBySubject
+    end
+
+    # read :sign_in_with_example do
+    #   argument :user_info, :map, allow_nil?: false
+    #   argument :oauth_tokens, :map, allow_nil?: false
+    #   prepare AshAuthentication.Strategy.OAuth2.SignInPreparation
+
+    #   filter expr(email == get_path(^arg(:user_info), [:email]))
+    # end
+  end
+
+  attributes do
+    uuid_primary_key :id
+
+    attribute :email, :ci_string, allow_nil?: false, public?: true
+    attribute :hashed_password, :string, sensitive?: true, allow_nil?: true
+    attribute :oicd_id, :string, allow_nil?: true
  end

  relationships do
-    belongs_to(:member, Mv.Membership.Member)
+    belongs_to :member, Mv.Membership.Member
  end
+
+  identities do
+    identity :unique_email, [:email]
+  end
+
+  # You can customize this if you wish, but this is a safe default that
+  # only allows user data to be interacted with via AshAuthentication.
+  # policies do
+  #   bypass AshAuthentication.Checks.AshAuthenticationInteraction do
+  #     authorize_if(always())
+  #   end
+
+  #   policy always() do
+  #     forbid_if(always())
+  #   end
+  # end
 end