diff --git a/.drone.yml b/.drone.yml index 9a459ec..7f0dead 100644 --- a/.drone.yml +++ b/.drone.yml @@ -48,7 +48,6 @@ trigger: event: - cron - custom - - push branch: - main diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..ccbd6ed --- /dev/null +++ b/.env.example @@ -0,0 +1 @@ +OIDC_CLIENT_SECRET= diff --git a/README.md b/README.md index 24419c7..38013f4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,18 @@ # mitgliederverwaltung +## Testing SSO with rauthy + +1. `just run` +1. go to [localhost:8080](http://localhost:8080), go to the Admin area +1. Login with "admin@localhost" and password from `BOOTSTRAP_ADMIN_PASSWORD_PLAIN` in docker-compose.yml +1. add client from the admin panel + - Client ID: mv + - redirect uris: http://localhost:4000/auth/user/rauthy/callback + - Authorization Flows: authorization_code + - allowed origins: http://localhost:4000 + - access/id token algortihm: RS256 (EDDSA did not work for me, found just few infos in the ashauthentication docs) +1. copy client secret to `.env` file +1. abort and run `just run` again + + + diff --git a/lib/accounts/user.ex b/lib/accounts/user.ex index d8c7a66..9294526 100644 --- a/lib/accounts/user.ex +++ b/lib/accounts/user.ex @@ -65,6 +65,7 @@ defmodule Mv.Accounts.User do create :create_user do accept [:email] + upsert? true end update :update_user do diff --git a/mix.lock b/mix.lock index 4392c65..6599c01 100644 --- a/mix.lock +++ b/mix.lock @@ -28,7 +28,7 @@ "expo": {:hex, :expo, "1.1.0", "f7b9ed7fb5745ebe1eeedf3d6f29226c5dd52897ac67c0f8af62a07e661e5c75", [:mix], [], "hexpm", "fbadf93f4700fb44c331362177bdca9eeb8097e8b0ef525c9cc501cb9917c960"}, "file_system": {:hex, :file_system, "1.1.0", "08d232062284546c6c34426997dd7ef6ec9f8bbd090eb91780283c9016840e8f", [:mix], [], "hexpm", "bfcf81244f416871f2a2e15c1b515287faa5db9c6bcf290222206d120b3d43f6"}, "finch": {:hex, :finch, "0.20.0", "5330aefb6b010f424dcbbc4615d914e9e3deae40095e73ab0c1bb0968933cadf", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.6.2 or ~> 1.7", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.1", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "2658131a74d051aabfcba936093c903b8e89da9a1b63e430bee62045fa9b2ee2"}, - "fine": {:hex, :fine, "0.1.2", "85cf7dd190c7c6c54c2840754ae977c9acc0417316255b674fad9f2678e4ecc7", [], [], "hexpm", "9113531982c2b60dbea6c7233917ddf16806947cd7104b5d03011bf436ca3072"}, + "fine": {:hex, :fine, "0.1.2", "85cf7dd190c7c6c54c2840754ae977c9acc0417316255b674fad9f2678e4ecc7", [:mix], [], "hexpm", "9113531982c2b60dbea6c7233917ddf16806947cd7104b5d03011bf436ca3072"}, "gettext": {:hex, :gettext, "0.26.2", "5978aa7b21fada6deabf1f6341ddba50bc69c999e812211903b169799208f2a8", [:mix], [{:expo, "~> 0.5.1 or ~> 1.0", [hex: :expo, repo: "hexpm", optional: false]}], "hexpm", "aa978504bcf76511efdc22d580ba08e2279caab1066b76bb9aa81c4a1e0a32a5"}, "glob_ex": {:hex, :glob_ex, "0.1.11", "cb50d3f1ef53f6ca04d6252c7fde09fd7a1cf63387714fe96f340a1349e62c93", [:mix], [], "hexpm", "342729363056e3145e61766b416769984c329e4378f1d558b63e341020525de4"}, "heroicons": {:git, "https://github.com/tailwindlabs/heroicons.git", "0435d4ca364a608cc75e2f8683d374e55abbae26", [tag: "v2.2.0", sparse: "optimized", depth: 1]}, diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs index 1497096..306b627 100644 --- a/priv/repo/seeds.exs +++ b/priv/repo/seeds.exs @@ -4,6 +4,7 @@ # alias Mv.Membership +alias Mv.Accounts for attrs <- [ %{ @@ -41,3 +42,8 @@ for attrs <- [ upsert_identity: :unique_name ) end + +# Create admin user for testing +Accounts.create_user!(%{email: "admin@mv.local"}, upsert?: true, upsert_identity: :unique_email) +|> Ash.Changeset.for_update(:admin_set_password, %{password: "testpassword"}) +|> Ash.update!()