doc: added comments and updated to latest ashautentication version and required changes

lib/accounts/accounts.ex

@@ -1,4 +1,7 @@
 defmodule Mv.Accounts do
+  @moduledoc """
+  AshAuthentication specific domain to handle Authentication for users.
+  """
   use Ash.Domain,
     extensions: [AshPhoenix]
 

lib/accounts/token.ex

@@ -1,4 +1,7 @@
 defmodule Mv.Accounts.Token do
+  @moduledoc """
+  AshAuthentication specific ressource
+  """
   use Ash.Resource,
     data_layer: AshPostgres.DataLayer,
     extensions: [AshAuthentication.TokenResource],

lib/accounts/user.ex

@@ -1,4 +1,7 @@
 defmodule Mv.Accounts.User do
+  @moduledoc """
+  The ressource for keeping user-specific data related to the login process. It is used by AshAuthentication to handle the Authentication strategies like SSO.
+  """
   use Ash.Resource,
     domain: Mv.Accounts,
     data_layer: AshPostgres.DataLayer,
@@ -11,10 +14,17 @@ defmodule Mv.Accounts.User do
     repo Mv.Repo
   end
 
+  @doc """
+  AshAuthentication specific: Defines the strategies we want to use for authentication.
+  Currently password and SSO with Rauthy as OIDC provider
+  """
   authentication do
     tokens do
       enabled? true
       token_resource Mv.Accounts.Token
+      require_token_presence_for_authentication? true
+      store_all_tokens? true
+
       signing_secret fn _, _ ->
         {:ok, Application.get_env(:mv, :token_signing_secret)}
       end
@@ -22,18 +32,14 @@ defmodule Mv.Accounts.User do
 
     strategies do
       oidc :rauthy do
-          client_id "mv"
-          base_url "http://localhost:8080/auth/v1"
-          redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
-          auth_method :client_secret_jwt
-          #id_token_signed_response_alg "EdDSA"
-          #user_url "http://localhost:8080/auth/v1/oidc/userinfo"
-          #token_url "http://localhost:8080/auth/v1/oidc/token"
-          #authorize_url "http://localhost:8080/auth/v1/oidc/authorize"
-          registration_enabled? false
-          code_verifier true
-          client_secret fn _, _ ->
-            Application.fetch_env(:mv, :oicd_client_secret)
+        client_id "mv"
+        base_url "http://localhost:8080/auth/v1"
+        redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
+        auth_method :client_secret_jwt
+        code_verifier true
+
+        client_secret fn _, _ ->
+          Application.fetch_env(:mv, :oicd_client_secret)
         end
       end
 
@@ -62,9 +68,24 @@ defmodule Mv.Accounts.User do
 
       filter expr(email == get_path(^arg(:user_info), [:email]))
     end
-  end
 
-  ## TODO: registration ergänzen, seed rausnehmen, oidc_id aus user_info map holen
+    create :register_with_rauthy do
+      argument :user_info, :map, allow_nil?: false
+      argument :oauth_tokens, :map, allow_nil?: false
+      upsert? true
+      upsert_identity :unique_email
+
+      change AshAuthentication.GenerateTokenChange
+
+      change fn changeset, _ctx ->
+        user_info = Ash.Changeset.get_argument(changeset, :user_info)
+
+        changeset
+        |> Ash.Changeset.change_attribute(:email, user_info["preferred_username"])
+        |> Ash.Changeset.change_attribute(:oidc_id, user_info["id"])
+      end
+    end
+  end
 
   attributes do
     uuid_primary_key :id

lib/accounts/user_identity.exs

@@ -1,15 +1,18 @@
 defmodule Mv.Accounts.UserIdentity do
+  @moduledoc """
+  AshAuthentication specific ressource
+  """
   use Ash.Resource,
     data_layer: AshPostgres.DataLayer,
     extensions: [AshAuthentication.UserIdentity],
     domain: Mv.Accounts
 
-  user_identity do
-    user_resource Mv.Accounts.User
-  end
-
   postgres do
     table "user_identities"
     repo Mv.Repo
   end
+
+  user_identity do
+    user_resource Mv.Accounts.User
+  end
 end

lib/mv_web/controllers/auth_controller.ex

@@ -22,8 +22,6 @@ defmodule MvWeb.AuthController do
   end
 
   def failure(conn, activity, reason) do
-    IO.puts(inspect(reason))
-
     message =
       case {activity, reason} do
         {_,
@@ -50,7 +48,7 @@ defmodule MvWeb.AuthController do
     return_to = get_session(conn, :return_to) || ~p"/"
 
     conn
-    |> clear_session()
+    |> clear_session(:mv)
     |> put_flash(:info, "You are now signed out")
     |> redirect(to: return_to)
   end

lib/mv_web/controllers/page_html/home.html.heex

@@ -1,3 +1,6 @@
+<!--
+THIS IS JUST THE ASHAUTHENTICATION EXAMPLE - WE NEED TO CHANGE IT LATER
+-->
 <nav class="bg-gray-800">
   <div class="px-2 mx-auto max-w-7xl sm:px-6 lg:px-8">
     <div class="relative flex items-center justify-between h-16">
@@ -5,7 +8,7 @@
         <div class="block ml-6">
           <div class="flex space-x-4">
             <div class="px-3 py-2 text-xl font-medium text-white ">
-              Ash Demo
+              Mitgliederverwaltung
             </div>
           </div>
         </div>

lib/mv_web/live_user_auth.ex

@@ -11,10 +11,12 @@ defmodule MvWeb.LiveUserAuth do
   # on_mount {MvWeb.LiveUserAuth, :current_user}
   def on_mount(:current_user, _params, session, socket) do
     return_to = session[:return_to]
+
     socket =
       socket
       |> assign(:return_to, return_to)
       |> AshAuthentication.Phoenix.LiveSession.assign_new_resources(session)
+
     {:cont, session, socket}
   end
 

lib/mv_web/router.ex

@@ -42,9 +42,11 @@ defmodule MvWeb.Router do
   scope "/", MvWeb do
     pipe_through :browser
 
+    @doc """
+    AshAuthentication-specific: We define that all routes can only be accessed when the user is signed in.
+    """
     ash_authentication_live_session :authentication_required,
       on_mount: {MvWeb.LiveUserAuth, :live_user_required} do
-
       get "/", PageController, :home
 
       live "/members", MemberLive.Index, :index