Add possibility to create users with provider (such as LDAP)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
395675ce6a
commit
fa8cae681f
|
@ -6,6 +6,7 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
||||||
import Mix.Tasks.Mobilizon.Common
|
import Mix.Tasks.Mobilizon.Common
|
||||||
import Mix.Tasks.Mobilizon.Actors.Utils
|
import Mix.Tasks.Mobilizon.Actors.Utils
|
||||||
alias Mobilizon.Actors.Actor
|
alias Mobilizon.Actors.Actor
|
||||||
|
alias Mobilizon.Service.Auth.Authenticator
|
||||||
alias Mobilizon.Users
|
alias Mobilizon.Users
|
||||||
alias Mobilizon.Users.User
|
alias Mobilizon.Users.User
|
||||||
|
|
||||||
|
@ -21,22 +22,15 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
||||||
moderator: :boolean,
|
moderator: :boolean,
|
||||||
admin: :boolean,
|
admin: :boolean,
|
||||||
profile_username: :string,
|
profile_username: :string,
|
||||||
profile_display_name: :string
|
profile_display_name: :string,
|
||||||
|
provider: :string
|
||||||
],
|
],
|
||||||
aliases: [
|
aliases: [
|
||||||
p: :password
|
p: :password
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
moderator? = Keyword.get(options, :moderator, false)
|
start_mobilizon()
|
||||||
admin? = Keyword.get(options, :admin, false)
|
|
||||||
|
|
||||||
role =
|
|
||||||
cond do
|
|
||||||
admin? -> :administrator
|
|
||||||
moderator? -> :moderator
|
|
||||||
true -> :user
|
|
||||||
end
|
|
||||||
|
|
||||||
password =
|
password =
|
||||||
Keyword.get(
|
Keyword.get(
|
||||||
|
@ -45,23 +39,16 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
||||||
:crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16)
|
:crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16)
|
||||||
)
|
)
|
||||||
|
|
||||||
start_mobilizon()
|
provider = Keyword.get(options, :provider)
|
||||||
|
|
||||||
case Users.register(%{
|
case create_user(email, provider, password, options) do
|
||||||
email: email,
|
|
||||||
password: password,
|
|
||||||
role: role,
|
|
||||||
confirmed_at: DateTime.utc_now(),
|
|
||||||
confirmation_sent_at: nil,
|
|
||||||
confirmation_token: nil
|
|
||||||
}) do
|
|
||||||
{:ok, %User{} = user} ->
|
{:ok, %User{} = user} ->
|
||||||
profile = maybe_create_profile(user, options)
|
profile = maybe_create_profile(user, options)
|
||||||
|
|
||||||
shell_info("""
|
shell_info("""
|
||||||
An user has been created with the following information:
|
An user has been created with the following information:
|
||||||
- email: #{user.email}
|
- email: #{user.email}
|
||||||
- password: #{password}
|
- password: #{if is_nil(provider), do: password, else: "Your #{provider} password"}
|
||||||
- Role: #{user.role}
|
- Role: #{user.role}
|
||||||
""")
|
""")
|
||||||
|
|
||||||
|
@ -91,6 +78,39 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
||||||
shell_error("mobilizon.users.new requires an email as argument")
|
shell_error("mobilizon.users.new requires an email as argument")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp create_user(email, provider, password, options) do
|
||||||
|
role = get_role(options)
|
||||||
|
|
||||||
|
if is_nil(provider) do
|
||||||
|
create_database_user(email, password, role)
|
||||||
|
else
|
||||||
|
check_password_and_provider_options(options)
|
||||||
|
|
||||||
|
if provider != nil && provider != Authenticator.provider_name() do
|
||||||
|
shell_info("""
|
||||||
|
Warning: The #{provider} provider isn't currently configured as default authenticator.
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
|
||||||
|
create_user_from_provider(email, provider, role)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp create_database_user(email, password, role) do
|
||||||
|
Users.register(%{
|
||||||
|
email: email,
|
||||||
|
password: password,
|
||||||
|
role: role,
|
||||||
|
confirmed_at: DateTime.utc_now(),
|
||||||
|
confirmation_sent_at: nil,
|
||||||
|
confirmation_token: nil
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
defp create_user_from_provider(email, provider, role) do
|
||||||
|
Users.create_external(email, provider, %{role: role})
|
||||||
|
end
|
||||||
|
|
||||||
@spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil
|
@spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil
|
||||||
defp maybe_create_profile(%User{} = user, options) do
|
defp maybe_create_profile(%User{} = user, options) do
|
||||||
profile_username = Keyword.get(options, :profile_username)
|
profile_username = Keyword.get(options, :profile_username)
|
||||||
|
@ -102,4 +122,26 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@type role :: :administrator | :moderator | :user
|
||||||
|
|
||||||
|
@spec get_role(Keyword.t()) :: role()
|
||||||
|
defp get_role(options) do
|
||||||
|
moderator? = Keyword.get(options, :moderator, false)
|
||||||
|
admin? = Keyword.get(options, :admin, false)
|
||||||
|
|
||||||
|
cond do
|
||||||
|
admin? -> :administrator
|
||||||
|
moderator? -> :moderator
|
||||||
|
true -> :user
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp check_password_and_provider_options(options) do
|
||||||
|
if Keyword.get(options, :password) != nil && Keyword.get(options, :provider) != nil do
|
||||||
|
shell_error("""
|
||||||
|
The --password and --provider options can't be specified at the same time.
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -42,11 +42,12 @@ defmodule Mobilizon.Users do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@spec create_external(String.t(), String.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
@spec create_external(String.t(), String.t(), Map.t()) ::
|
||||||
def create_external(email, provider) do
|
{:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
||||||
|
def create_external(email, provider, args \\ %{}) do
|
||||||
with {:ok, %User{} = user} <-
|
with {:ok, %User{} = user} <-
|
||||||
%User{}
|
%User{}
|
||||||
|> User.auth_provider_changeset(%{email: email, provider: provider})
|
|> User.auth_provider_changeset(Map.merge(args, %{email: email, provider: provider}))
|
||||||
|> Repo.insert() do
|
|> Repo.insert() do
|
||||||
Events.create_feed_token(%{user_id: user.id})
|
Events.create_feed_token(%{user_id: user.id})
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,9 @@ defmodule Mobilizon.Service.Auth.Authenticator do
|
||||||
@callback can_change_password?(User.t()) :: boolean
|
@callback can_change_password?(User.t()) :: boolean
|
||||||
def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
|
def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
|
||||||
|
|
||||||
|
@callback provider_name :: String.t() | nil
|
||||||
|
def provider_name, do: implementation().provider_name()
|
||||||
|
|
||||||
@spec has_password?(User.t()) :: boolean()
|
@spec has_password?(User.t()) :: boolean()
|
||||||
def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"
|
def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
|
||||||
@connection_timeout 10_000
|
@connection_timeout 10_000
|
||||||
@search_timeout 10_000
|
@search_timeout 10_000
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def login(email, password) do
|
def login(email, password) do
|
||||||
with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])},
|
with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])},
|
||||||
%User{} = user <- ldap_user(email, password) do
|
%User{} = user <- ldap_user(email, password) do
|
||||||
|
@ -39,10 +40,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def can_change_email?(%User{provider: provider}), do: provider != "ldap"
|
def can_change_email?(%User{provider: provider}), do: provider != "ldap"
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def can_change_password?(%User{provider: provider}), do: provider != "ldap"
|
def can_change_password?(%User{provider: provider}), do: provider != "ldap"
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
|
def provider_name, do: "ldap"
|
||||||
|
|
||||||
defp ldap_user(email, password) do
|
defp ldap_user(email, password) do
|
||||||
ldap = Mobilizon.Config.get(:ldap, [])
|
ldap = Mobilizon.Config.get(:ldap, [])
|
||||||
host = Keyword.get(ldap, :host, "localhost")
|
host = Keyword.get(ldap, :host, "localhost")
|
||||||
|
|
|
@ -11,6 +11,7 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
|
||||||
|
|
||||||
@behaviour Authenticator
|
@behaviour Authenticator
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def login(email, password) do
|
def login(email, password) do
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
@ -33,7 +34,12 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def can_change_email?(%User{provider: provider}), do: is_nil(provider)
|
def can_change_email?(%User{provider: provider}), do: is_nil(provider)
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
def can_change_password?(%User{provider: provider}), do: is_nil(provider)
|
def can_change_password?(%User{provider: provider}), do: is_nil(provider)
|
||||||
|
|
||||||
|
@impl Authenticator
|
||||||
|
def provider_name, do: nil
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,7 +5,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
||||||
|
|
||||||
alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show}
|
alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show}
|
||||||
|
|
||||||
alias Mobilizon.{Actors, Users}
|
alias Mobilizon.{Actors, Config, Users}
|
||||||
alias Mobilizon.Actors.Actor
|
alias Mobilizon.Actors.Actor
|
||||||
alias Mobilizon.Users.User
|
alias Mobilizon.Users.User
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
||||||
test "create with no options" do
|
test "create with no options" do
|
||||||
New.run([@email])
|
New.run([@email])
|
||||||
|
|
||||||
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at}} =
|
assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at, provider: nil}} =
|
||||||
Users.get_user_by_email(@email)
|
Users.get_user_by_email(@email)
|
||||||
|
|
||||||
assert email == @email
|
assert email == @email
|
||||||
|
@ -53,7 +53,57 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
|
||||||
assert_received {:mix_shell, :error, [message]}
|
assert_received {:mix_shell, :error, [message]}
|
||||||
assert message =~ "User has not been created because of the above reason."
|
assert message =~ "User has not been created because of the above reason."
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "create user from external provider" do
|
||||||
|
test "create user from ldap" do
|
||||||
|
New.run([@email, "--provider", "ldap"])
|
||||||
|
|
||||||
|
assert {:ok,
|
||||||
|
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||||
|
Users.get_user_by_email(@email)
|
||||||
|
|
||||||
|
assert_received {:mix_shell, :info, [message]}
|
||||||
|
|
||||||
|
assert message =~
|
||||||
|
"Warning: The ldap provider isn't currently configured as default authenticator."
|
||||||
|
end
|
||||||
|
|
||||||
|
test "create user from ldap when configured" do
|
||||||
|
Config.put([Mobilizon.Service.Auth.Authenticator], Mobilizon.Service.Auth.LDAPAuthenticator)
|
||||||
|
|
||||||
|
New.run([@email, "--provider", "ldap"])
|
||||||
|
|
||||||
|
assert {:ok,
|
||||||
|
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||||
|
Users.get_user_by_email(@email)
|
||||||
|
|
||||||
|
assert_received {:mix_shell, :info, [message]}
|
||||||
|
|
||||||
|
refute message =~
|
||||||
|
"Warning: The ldap provider isn't currently configured as default authenticator."
|
||||||
|
|
||||||
|
Config.put(
|
||||||
|
[Mobilizon.Service.Auth.Authenticator],
|
||||||
|
Mobilizon.Service.Auth.MobilizonAuthenticator
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "can't set --provider at the same time than --password" do
|
||||||
|
New.run([@email, "--provider", "ldap", "--password", "random"])
|
||||||
|
|
||||||
|
assert {:ok,
|
||||||
|
%User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
|
||||||
|
Users.get_user_by_email(@email)
|
||||||
|
|
||||||
|
assert_received {:mix_shell, :error, [message]}
|
||||||
|
|
||||||
|
assert message =~
|
||||||
|
"The --password and --provider options can't be specified at the same time."
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "create user and profile" do
|
||||||
@preferred_username "toto"
|
@preferred_username "toto"
|
||||||
@name "Léo Pandaï"
|
@name "Léo Pandaï"
|
||||||
@converted_username "leo_pandai"
|
@converted_username "leo_pandai"
|
||||||
|
|
Loading…
Reference in a new issue