doc: added comments and updated to latest ashautentication version and required changes

2025-06-19 15:34:24 +02:00 · 2025-06-19 15:34:24 +02:00 · 7bfde5e230
commit 7bfde5e230
parent a6fcaa1640
19 changed files with 74 additions and 478 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -1,4 +1,7 @@
 defmodule Mv.Accounts.User do
+  @moduledoc """
+  The ressource for keeping user-specific data related to the login process. It is used by AshAuthentication to handle the Authentication strategies like SSO.
+  """
  use Ash.Resource,
    domain: Mv.Accounts,
    data_layer: AshPostgres.DataLayer,
@ -11,10 +14,17 @@ defmodule Mv.Accounts.User do
    repo Mv.Repo
  end

+  @doc """
+  AshAuthentication specific: Defines the strategies we want to use for authentication.
+  Currently password and SSO with Rauthy as OIDC provider
+  """
  authentication do
    tokens do
      enabled? true
      token_resource Mv.Accounts.Token
+      require_token_presence_for_authentication? true
+      store_all_tokens? true
+
      signing_secret fn _, _ ->
        {:ok, Application.get_env(:mv, :token_signing_secret)}
      end
@ -22,18 +32,14 @@ defmodule Mv.Accounts.User do

    strategies do
      oidc :rauthy do
-          client_id "mv"
-          base_url "http://localhost:8080/auth/v1"
-          redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
-          auth_method :client_secret_jwt
-          #id_token_signed_response_alg "EdDSA"
-          #user_url "http://localhost:8080/auth/v1/oidc/userinfo"
-          #token_url "http://localhost:8080/auth/v1/oidc/token"
-          #authorize_url "http://localhost:8080/auth/v1/oidc/authorize"
-          registration_enabled? false
-          code_verifier true
-          client_secret fn _, _ ->
-            Application.fetch_env(:mv, :oicd_client_secret)
+        client_id "mv"
+        base_url "http://localhost:8080/auth/v1"
+        redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
+        auth_method :client_secret_jwt
+        code_verifier true
+
+        client_secret fn _, _ ->
+          Application.fetch_env(:mv, :oicd_client_secret)
        end
      end

@ -62,9 +68,24 @@ defmodule Mv.Accounts.User do

      filter expr(email == get_path(^arg(:user_info), [:email]))
    end
-  end

-  ## TODO: registration ergänzen, seed rausnehmen, oidc_id aus user_info map holen
+    create :register_with_rauthy do
+      argument :user_info, :map, allow_nil?: false
+      argument :oauth_tokens, :map, allow_nil?: false
+      upsert? true
+      upsert_identity :unique_email
+
+      change AshAuthentication.GenerateTokenChange
+
+      change fn changeset, _ctx ->
+        user_info = Ash.Changeset.get_argument(changeset, :user_info)
+
+        changeset
+        |> Ash.Changeset.change_attribute(:email, user_info["preferred_username"])
+        |> Ash.Changeset.change_attribute(:oidc_id, user_info["id"])
+      end
+    end
+  end

  attributes do
    uuid_primary_key :id