Add possibility to create users with provider (such as LDAP)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
395675ce6a
commit
fa8cae681f
|
@ -6,6 +6,7 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
|||
import Mix.Tasks.Mobilizon.Common
|
||||
import Mix.Tasks.Mobilizon.Actors.Utils
|
||||
alias Mobilizon.Actors.Actor
|
||||
alias Mobilizon.Service.Auth.Authenticator
|
||||
alias Mobilizon.Users
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
|
@ -21,22 +22,15 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
|||
moderator: :boolean,
|
||||
admin: :boolean,
|
||||
profile_username: :string,
|
||||
profile_display_name: :string
|
||||
profile_display_name: :string,
|
||||
provider: :string
|
||||
],
|
||||
aliases: [
|
||||
p: :password
|
||||
]
|
||||
)
|
||||
|
||||
moderator? = Keyword.get(options, :moderator, false)
|
||||
admin? = Keyword.get(options, :admin, false)
|
||||
|
||||
role =
|
||||
cond do
|
||||
admin? -> :administrator
|
||||
moderator? -> :moderator
|
||||
true -> :user
|
||||
end
|
||||
start_mobilizon()
|
||||
|
||||
password =
|
||||
Keyword.get(
|
||||
|
@ -45,23 +39,16 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
|||
:crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16)
|
||||
)
|
||||
|
||||
start_mobilizon()
|
||||
provider = Keyword.get(options, :provider)
|
||||
|
||||
case Users.register(%{
|
||||
email: email,
|
||||
password: password,
|
||||
role: role,
|
||||
confirmed_at: DateTime.utc_now(),
|
||||
confirmation_sent_at: nil,
|
||||
confirmation_token: nil
|
||||
}) do
|
||||
case create_user(email, provider, password, options) do
|
||||
{:ok, %User{} = user} ->
|
||||
profile = maybe_create_profile(user, options)
|
||||
|
||||
shell_info("""
|
||||
An user has been created with the following information:
|
||||
- email: #{user.email}
|
||||
- password: #{password}
|
||||
- password: #{if is_nil(provider), do: password, else: "Your #{provider} password"}
|
||||
- Role: #{user.role}
|
||||
""")
|
||||
|
||||
|
@ -91,6 +78,39 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
|||
shell_error("mobilizon.users.new requires an email as argument")
|
||||
end
|
||||
|
||||
defp create_user(email, provider, password, options) do
|
||||
role = get_role(options)
|
||||
|
||||
if is_nil(provider) do
|
||||
create_database_user(email, password, role)
|
||||
else
|
||||
check_password_and_provider_options(options)
|
||||
|
||||
if provider != nil && provider != Authenticator.provider_name() do
|
||||
shell_info("""
|
||||
Warning: The #{provider} provider isn't currently configured as default authenticator.
|
||||
""")
|
||||
end
|
||||
|
||||
create_user_from_provider(email, provider, role)
|
||||
end
|
||||
end
|
||||
|
||||
defp create_database_user(email, password, role) do
|
||||
Users.register(%{
|
||||
email: email,
|
||||
password: password,
|
||||
role: role,
|
||||
confirmed_at: DateTime.utc_now(),
|
||||
confirmation_sent_at: nil,
|
||||
confirmation_token: nil
|
||||
})
|
||||
end
|
||||
|
||||
defp create_user_from_provider(email, provider, role) do
|
||||
Users.create_external(email, provider, %{role: role})
|
||||
end
|
||||
|
||||
@spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil
|
||||
defp maybe_create_profile(%User{} = user, options) do
|
||||
profile_username = Keyword.get(options, :profile_username)
|
||||
|
@ -102,4 +122,26 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
|||
nil
|
||||
end
|
||||
end
|
||||
|
||||
@type role :: :administrator | :moderator | :user
|
||||
|
||||
@spec get_role(Keyword.t()) :: role()
|
||||
defp get_role(options) do
|
||||
moderator? = Keyword.get(options, :moderator, false)
|
||||
admin? = Keyword.get(options, :admin, false)
|
||||
|
||||
cond do
|
||||
admin? -> :administrator
|
||||
moderator? -> :moderator
|
||||
true -> :user
|
||||
end
|
||||
end
|
||||
|
||||
defp check_password_and_provider_options(options) do
|
||||
if Keyword.get(options, :password) != nil && Keyword.get(options, :provider) != nil do
|
||||
shell_error("""
|
||||
The --password and --provider options can't be specified at the same time.
|
||||
""")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -42,11 +42,12 @@ defmodule Mobilizon.Users do
|
|||
end
|
||||
end
|
||||
|
||||
@spec create_external(String.t(), String.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
||||
def create_external(email, provider) do
|
||||
@spec create_external(String.t(), String.t(), Map.t()) ::
|
||||
{:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
||||
def create_external(email, provider, args \\ %{}) do
|
||||
with {:ok, %User{} = user} <-
|
||||
%User{}
|
||||
|> User.auth_provider_changeset(%{email: email, provider: provider})
|
||||
|> User.auth_provider_changeset(Map.merge(args, %{email: email, provider: provider}))
|
||||
|> Repo.insert() do
|
||||
Events.create_feed_token(%{user_id: user.id})
|
||||
|
||||
|
|
|
@ -34,6 +34,9 @@ defmodule Mobilizon.Service.Auth.Authenticator do
|
|||
@callback can_change_password?(User.t()) :: boolean
|
||||
def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
|
||||
|
||||
@callback provider_name :: String.t() | nil
|
||||
def provider_name, do: implementation().provider_name()
|
||||
|
||||
@spec has_password?(User.t()) :: boolean()
|
||||
def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
|
|||
@connection_timeout 10_000
|
||||
@search_timeout 10_000
|
||||
|
||||
@impl Authenticator
|
||||
def login(email, password) do
|
||||
with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])},
|
||||
%User{} = user <- ldap_user(email, password) do
|
||||
|
@ -39,10 +40,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
|
|||
end
|
||||
end
|
||||
|
||||
@impl Authenticator
|
||||
def can_change_email?(%User{provider: provider}), do: provider != "ldap"
|
||||
|
||||
@impl Authenticator
|
||||
def can_change_password?(%User{provider: provider}), do: provider != "ldap"
|
||||
|
||||
@impl Authenticator
|
||||
def provider_name, do: "ldap"
|
||||
|
||||
defp ldap_user(email, password) do
|
||||
ldap = Mobilizon.Config.get(:ldap, [])
|
||||
host = Keyword.get(ldap, :host, "localhost")
|
||||
|
|
|
@ -11,6 +11,7 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
|
|||
|
||||
@behaviour Authenticator
|
||||
|
||||
@impl Authenticator
|
||||
def login(email, password) do
|
||||
require Logger
|
||||
|
||||
|
@ -33,7 +34,12 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
|
|||
end
|
||||
end
|
||||
|
||||
@impl Authenticator
|
||||
def can_change_email?(%User{provider: provider}), do: is_nil(provider)
|
||||
|
||||
@impl Authenticator
|
||||
def can_change_password?(%User{provider: provider}), do: is_nil(provider)
|
||||
|
||||
@impl Authenticator
|
||||
def provider_name, do: nil
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
|||
|
||||
alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show}
|
||||
|
||||
alias Mobilizon.{Actors, Users}
|
||||
alias Mobilizon.{Actors, Config, Users}
|
||||
alias Mobilizon.Actors.Actor
|
||||
alias Mobilizon.Users.User
|
||||
|
||||
|
@ -16,7 +16,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
|||
test "create with no options" do
|
||||
New.run([@email])
|
||||
|
||||
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at}} =
|
||||
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at, provider: nil}} =
|
||||
Users.get_user_by_email(@email)
|
||||
|
||||
assert email == @email
|
||||
|
@ -53,7 +53,57 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
|||
assert_received {:mix_shell, :error, [message]}
|
||||
assert message =~ "User has not been created because of the above reason."
|
||||
end
|
||||
end
|
||||
|
||||
describe "create user from external provider" do
|
||||
test "create user from ldap" do
|
||||
New.run([@email, "--provider", "ldap"])
|
||||
|
||||
assert {:ok,
|
||||
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||
Users.get_user_by_email(@email)
|
||||
|
||||
assert_received {:mix_shell, :info, [message]}
|
||||
|
||||
assert message =~
|
||||
"Warning: The ldap provider isn't currently configured as default authenticator."
|
||||
end
|
||||
|
||||
test "create user from ldap when configured" do
|
||||
Config.put([Mobilizon.Service.Auth.Authenticator], Mobilizon.Service.Auth.LDAPAuthenticator)
|
||||
|
||||
New.run([@email, "--provider", "ldap"])
|
||||
|
||||
assert {:ok,
|
||||
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||
Users.get_user_by_email(@email)
|
||||
|
||||
assert_received {:mix_shell, :info, [message]}
|
||||
|
||||
refute message =~
|
||||
"Warning: The ldap provider isn't currently configured as default authenticator."
|
||||
|
||||
Config.put(
|
||||
[Mobilizon.Service.Auth.Authenticator],
|
||||
Mobilizon.Service.Auth.MobilizonAuthenticator
|
||||
)
|
||||
end
|
||||
|
||||
test "can't set --provider at the same time than --password" do
|
||||
New.run([@email, "--provider", "ldap", "--password", "random"])
|
||||
|
||||
assert {:ok,
|
||||
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||
Users.get_user_by_email(@email)
|
||||
|
||||
assert_received {:mix_shell, :error, [message]}
|
||||
|
||||
assert message =~
|
||||
"The --password and --provider options can't be specified at the same time."
|
||||
end
|
||||
end
|
||||
|
||||
describe "create user and profile" do
|
||||
@preferred_username "toto"
|
||||
@name "Léo Pandaï"
|
||||
@converted_username "leo_pandai"
|
||||
|
|
Loading…
Reference in a new issue