feat: set password for new and for existing user

2025-07-22 22:12:43 +02:00 · 2025-07-22 22:12:43 +02:00 · 662e80cc74
commit 662e80cc74
parent 2e256a0206
4 changed files with 218 additions and 21 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -71,6 +71,19 @@ defmodule Mv.Accounts.User do
      accept [:email]
    end

+    # Admin action for direct password changes in admin panel
+    # Uses the official Ash Authentication HashPasswordChange with correct context
+    update :admin_set_password do
+      accept [:email]
+      argument :password, :string, allow_nil?: false, sensitive?: true
+      
+      # Set the strategy context that HashPasswordChange expects
+      change set_context(%{strategy_name: :password})
+      
+      # Use the official Ash Authentication password change
+      change AshAuthentication.Strategy.Password.HashPasswordChange
+    end
+
    read :get_by_subject do
      description "Get a user by the subject claim in a JWT"
      argument :subject, :string, allow_nil?: false
@ -121,6 +134,14 @@ defmodule Mv.Accounts.User do
    identity :unique_oidc_id, [:oidc_id]
  end

+  # Global validations - applied to all relevant actions
+  validations do
+    # Password strength policy: minimum 8 characters for all password-related actions
+    validate string_length(:password, min: 8) do
+      where action_is([:register_with_password, :admin_set_password])
+    end
+  end
+
  # You can customize this if you wish, but this is a safe default that
  # only allows user data to be interacted with via AshAuthentication.
  # policies do