Secrets: return MissingSecret when OIDC values nil to avoid crashes
This commit is contained in:
parent
4b31578f6c
commit
c49758fc46
GPG key ID:
1020A035E5DD0824
1 changed files with 25 additions and 11 deletions
|
|
@ -14,45 +14,59 @@ defmodule Mv.Secrets do
|
||||||
- OIDC_BASE_URL / settings.oidc_base_url
|
- OIDC_BASE_URL / settings.oidc_base_url
|
||||||
- OIDC_REDIRECT_URI / settings.oidc_redirect_uri
|
- OIDC_REDIRECT_URI / settings.oidc_redirect_uri
|
||||||
|
|
||||||
## Usage
|
When a value is nil, returns `{:error, MissingSecret}` so that AshAuthentication
|
||||||
This module is automatically called by AshAuthentication when resolving
|
does not crash (e.g. URI.new(nil)) and can redirect to sign-in with an error.
|
||||||
secrets for the User resource's OIDC strategy.
|
|
||||||
"""
|
"""
|
||||||
use AshAuthentication.Secret
|
use AshAuthentication.Secret
|
||||||
|
|
||||||
|
alias AshAuthentication.Errors.MissingSecret
|
||||||
|
|
||||||
def secret_for(
|
def secret_for(
|
||||||
[:authentication, :strategies, :oidc, :client_id],
|
[:authentication, :strategies, :oidc, :client_id],
|
||||||
Mv.Accounts.User,
|
resource,
|
||||||
_opts,
|
_opts,
|
||||||
_meth
|
_meth
|
||||||
) do
|
) do
|
||||||
{:ok, Mv.Config.oidc_client_id()}
|
secret_or_error(Mv.Config.oidc_client_id(), resource, :client_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
def secret_for(
|
def secret_for(
|
||||||
[:authentication, :strategies, :oidc, :redirect_uri],
|
[:authentication, :strategies, :oidc, :redirect_uri],
|
||||||
Mv.Accounts.User,
|
resource,
|
||||||
_opts,
|
_opts,
|
||||||
_meth
|
_meth
|
||||||
) do
|
) do
|
||||||
{:ok, Mv.Config.oidc_redirect_uri()}
|
secret_or_error(Mv.Config.oidc_redirect_uri(), resource, :redirect_uri)
|
||||||
end
|
end
|
||||||
|
|
||||||
def secret_for(
|
def secret_for(
|
||||||
[:authentication, :strategies, :oidc, :client_secret],
|
[:authentication, :strategies, :oidc, :client_secret],
|
||||||
Mv.Accounts.User,
|
resource,
|
||||||
_opts,
|
_opts,
|
||||||
_meth
|
_meth
|
||||||
) do
|
) do
|
||||||
{:ok, Mv.Config.oidc_client_secret()}
|
secret_or_error(Mv.Config.oidc_client_secret(), resource, :client_secret)
|
||||||
end
|
end
|
||||||
|
|
||||||
def secret_for(
|
def secret_for(
|
||||||
[:authentication, :strategies, :oidc, :base_url],
|
[:authentication, :strategies, :oidc, :base_url],
|
||||||
Mv.Accounts.User,
|
resource,
|
||||||
_opts,
|
_opts,
|
||||||
_meth
|
_meth
|
||||||
) do
|
) do
|
||||||
{:ok, Mv.Config.oidc_base_url()}
|
secret_or_error(Mv.Config.oidc_base_url(), resource, :base_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp secret_or_error(nil, resource, key) do
|
||||||
|
path = [:authentication, :strategies, :oidc, key]
|
||||||
|
{:error, MissingSecret.exception(path: path, resource: resource)}
|
||||||
|
end
|
||||||
|
|
||||||
|
defp secret_or_error(value, resource, key) when is_binary(value) do
|
||||||
|
if String.trim(value) == "" do
|
||||||
|
secret_or_error(nil, resource, key)
|
||||||
|
else
|
||||||
|
{:ok, value}
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue