Add possibility to create users with provider (such as LDAP)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-07-22 15:09:12 +02:00
parent 395675ce6a
commit fa8cae681f
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
6 changed files with 133 additions and 25 deletions

View file

@ -6,6 +6,7 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
import Mix.Tasks.Mobilizon.Common
import Mix.Tasks.Mobilizon.Actors.Utils
alias Mobilizon.Actors.Actor
alias Mobilizon.Service.Auth.Authenticator
alias Mobilizon.Users
alias Mobilizon.Users.User
@ -21,22 +22,15 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
moderator: :boolean,
admin: :boolean,
profile_username: :string,
profile_display_name: :string
profile_display_name: :string,
provider: :string
],
aliases: [
p: :password
]
)
moderator? = Keyword.get(options, :moderator, false)
admin? = Keyword.get(options, :admin, false)
role =
cond do
admin? -> :administrator
moderator? -> :moderator
true -> :user
end
start_mobilizon()
password =
Keyword.get(
@ -45,23 +39,16 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
:crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16)
)
start_mobilizon()
provider = Keyword.get(options, :provider)
case Users.register(%{
email: email,
password: password,
role: role,
confirmed_at: DateTime.utc_now(),
confirmation_sent_at: nil,
confirmation_token: nil
}) do
case create_user(email, provider, password, options) do
{:ok, %User{} = user} ->
profile = maybe_create_profile(user, options)
shell_info("""
An user has been created with the following information:
- email: #{user.email}
- password: #{password}
- password: #{if is_nil(provider), do: password, else: "Your #{provider} password"}
- Role: #{user.role}
""")
@ -91,6 +78,39 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
shell_error("mobilizon.users.new requires an email as argument")
end
defp create_user(email, provider, password, options) do
role = get_role(options)
if is_nil(provider) do
create_database_user(email, password, role)
else
check_password_and_provider_options(options)
if provider != nil && provider != Authenticator.provider_name() do
shell_info("""
Warning: The #{provider} provider isn't currently configured as default authenticator.
""")
end
create_user_from_provider(email, provider, role)
end
end
defp create_database_user(email, password, role) do
Users.register(%{
email: email,
password: password,
role: role,
confirmed_at: DateTime.utc_now(),
confirmation_sent_at: nil,
confirmation_token: nil
})
end
defp create_user_from_provider(email, provider, role) do
Users.create_external(email, provider, %{role: role})
end
@spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil
defp maybe_create_profile(%User{} = user, options) do
profile_username = Keyword.get(options, :profile_username)
@ -102,4 +122,26 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
nil
end
end
@type role :: :administrator | :moderator | :user
@spec get_role(Keyword.t()) :: role()
defp get_role(options) do
moderator? = Keyword.get(options, :moderator, false)
admin? = Keyword.get(options, :admin, false)
cond do
admin? -> :administrator
moderator? -> :moderator
true -> :user
end
end
defp check_password_and_provider_options(options) do
if Keyword.get(options, :password) != nil && Keyword.get(options, :provider) != nil do
shell_error("""
The --password and --provider options can't be specified at the same time.
""")
end
end
end

View file

@ -42,11 +42,12 @@ defmodule Mobilizon.Users do
end
end
@spec create_external(String.t(), String.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
def create_external(email, provider) do
@spec create_external(String.t(), String.t(), Map.t()) ::
{:ok, User.t()} | {:error, Ecto.Changeset.t()}
def create_external(email, provider, args \\ %{}) do
with {:ok, %User{} = user} <-
%User{}
|> User.auth_provider_changeset(%{email: email, provider: provider})
|> User.auth_provider_changeset(Map.merge(args, %{email: email, provider: provider}))
|> Repo.insert() do
Events.create_feed_token(%{user_id: user.id})

View file

@ -34,6 +34,9 @@ defmodule Mobilizon.Service.Auth.Authenticator do
@callback can_change_password?(User.t()) :: boolean
def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
@callback provider_name :: String.t() | nil
def provider_name, do: implementation().provider_name()
@spec has_password?(User.t()) :: boolean()
def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"

View file

@ -22,6 +22,7 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
@connection_timeout 10_000
@search_timeout 10_000
@impl Authenticator
def login(email, password) do
with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])},
%User{} = user <- ldap_user(email, password) do
@ -39,10 +40,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
end
end
@impl Authenticator
def can_change_email?(%User{provider: provider}), do: provider != "ldap"
@impl Authenticator
def can_change_password?(%User{provider: provider}), do: provider != "ldap"
@impl Authenticator
def provider_name, do: "ldap"
defp ldap_user(email, password) do
ldap = Mobilizon.Config.get(:ldap, [])
host = Keyword.get(ldap, :host, "localhost")

View file

@ -11,6 +11,7 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
@behaviour Authenticator
@impl Authenticator
def login(email, password) do
require Logger
@ -33,7 +34,12 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
end
end
@impl Authenticator
def can_change_email?(%User{provider: provider}), do: is_nil(provider)
@impl Authenticator
def can_change_password?(%User{provider: provider}), do: is_nil(provider)
@impl Authenticator
def provider_name, do: nil
end

View file

@ -5,7 +5,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show}
alias Mobilizon.{Actors, Users}
alias Mobilizon.{Actors, Config, Users}
alias Mobilizon.Actors.Actor
alias Mobilizon.Users.User
@ -16,7 +16,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
test "create with no options" do
New.run([@email])
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at}} =
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at, provider: nil}} =
Users.get_user_by_email(@email)
assert email == @email
@ -53,7 +53,57 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
assert_received {:mix_shell, :error, [message]}
assert message =~ "User has not been created because of the above reason."
end
end
describe "create user from external provider" do
test "create user from ldap" do
New.run([@email, "--provider", "ldap"])
assert {:ok,
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
Users.get_user_by_email(@email)
assert_received {:mix_shell, :info, [message]}
assert message =~
"Warning: The ldap provider isn't currently configured as default authenticator."
end
test "create user from ldap when configured" do
Config.put([Mobilizon.Service.Auth.Authenticator], Mobilizon.Service.Auth.LDAPAuthenticator)
New.run([@email, "--provider", "ldap"])
assert {:ok,
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
Users.get_user_by_email(@email)
assert_received {:mix_shell, :info, [message]}
refute message =~
"Warning: The ldap provider isn't currently configured as default authenticator."
Config.put(
[Mobilizon.Service.Auth.Authenticator],
Mobilizon.Service.Auth.MobilizonAuthenticator
)
end
test "can't set --provider at the same time than --password" do
New.run([@email, "--provider", "ldap", "--password", "random"])
assert {:ok,
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
Users.get_user_by_email(@email)
assert_received {:mix_shell, :error, [message]}
assert message =~
"The --password and --provider options can't be specified at the same time."
end
end
describe "create user and profile" do
@preferred_username "toto"
@name "Léo Pandaï"
@converted_username "leo_pandai"