local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions

OIDC-only sign-in, Vereinfacht connection test, locale defaults, and settings/docs cleanup #445

Merged
moritz merged 17 commits from feature/settings into main 2026-02-24 15:51:51 +01:00
Conversation 0 Commits 17 Files changed 45 +25 -11
1 changed files with 25 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit c49758fc46 - Show all commits

36
lib/mv/secrets.ex
View file

@ -14,45 +14,59 @@ defmodule Mv.Secrets do
- OIDC_BASE_URL / settings.oidc_base_url
- OIDC_REDIRECT_URI / settings.oidc_redirect_uri
## Usage
This module is automatically called by AshAuthentication when resolving
secrets for the User resource's OIDC strategy.
When a value is nil, returns `{:error, MissingSecret}` so that AshAuthentication
does not crash (e.g. URI.new(nil)) and can redirect to sign-in with an error.
"""
use AshAuthentication.Secret
alias AshAuthentication.Errors.MissingSecret
def secret_for(
[:authentication, :strategies, :oidc, :client_id],
Mv.Accounts.User,
resource,
_opts,
_meth
) do
{:ok, Mv.Config.oidc_client_id()}
secret_or_error(Mv.Config.oidc_client_id(), resource, :client_id)
end
def secret_for(
[:authentication, :strategies, :oidc, :redirect_uri],
Mv.Accounts.User,
resource,
_opts,
_meth
) do
{:ok, Mv.Config.oidc_redirect_uri()}
secret_or_error(Mv.Config.oidc_redirect_uri(), resource, :redirect_uri)
end
def secret_for(
[:authentication, :strategies, :oidc, :client_secret],
Mv.Accounts.User,
resource,
_opts,
_meth
) do
{:ok, Mv.Config.oidc_client_secret()}
secret_or_error(Mv.Config.oidc_client_secret(), resource, :client_secret)
end
def secret_for(
[:authentication, :strategies, :oidc, :base_url],
Mv.Accounts.User,
resource,
_opts,
_meth
) do
{:ok, Mv.Config.oidc_base_url()}
secret_or_error(Mv.Config.oidc_base_url(), resource, :base_url)
end
defp secret_or_error(nil, resource, key) do
path = [:authentication, :strategies, :oidc, key]
{:error, MissingSecret.exception(path: path, resource: resource)}
end
defp secret_or_error(value, resource, key) when is_binary(value) do
if String.trim(value) == "" do
secret_or_error(nil, resource, key)
else
{:ok, value}
end
end
end