Add possibility to create users with provider (such as LDAP)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/mix/tasks/mobilizon/users/new.ex

@@ -6,6 +6,7 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
   import Mix.Tasks.Mobilizon.Common
   import Mix.Tasks.Mobilizon.Actors.Utils
   alias Mobilizon.Actors.Actor
+  alias Mobilizon.Service.Auth.Authenticator
   alias Mobilizon.Users
   alias Mobilizon.Users.User
 
@@ -21,22 +22,15 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
           moderator: :boolean,
           admin: :boolean,
           profile_username: :string,
-          profile_display_name: :string
+          profile_display_name: :string,
+          provider: :string
         ],
         aliases: [
           p: :password
         ]
       )
 
-    moderator? = Keyword.get(options, :moderator, false)
+    start_mobilizon()
-    admin? = Keyword.get(options, :admin, false)
-
-    role =
-      cond do
-        admin? -> :administrator
-        moderator? -> :moderator
-        true -> :user
-      end
 
     password =
       Keyword.get(
@@ -45,23 +39,16 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
         :crypto.strong_rand_bytes(16) |> Base.encode64() |> binary_part(0, 16)
       )
 
-    start_mobilizon()
+    provider = Keyword.get(options, :provider)
 
-    case Users.register(%{
+    case create_user(email, provider, password, options) do
-           email: email,
-           password: password,
-           role: role,
-           confirmed_at: DateTime.utc_now(),
-           confirmation_sent_at: nil,
-           confirmation_token: nil
-         }) do
       {:ok, %User{} = user} ->
         profile = maybe_create_profile(user, options)
 
         shell_info("""
         An user has been created with the following information:
           - email: #{user.email}
-          - password: #{password}
+          - password: #{if is_nil(provider), do: password, else: "Your #{provider} password"}
           - Role: #{user.role}
         """)
 
@@ -91,6 +78,39 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
     shell_error("mobilizon.users.new requires an email as argument")
   end
 
+  defp create_user(email, provider, password, options) do
+    role = get_role(options)
+
+    if is_nil(provider) do
+      create_database_user(email, password, role)
+    else
+      check_password_and_provider_options(options)
+
+      if provider != nil && provider != Authenticator.provider_name() do
+        shell_info("""
+        Warning: The #{provider} provider isn't currently configured as default authenticator.
+        """)
+      end
+
+      create_user_from_provider(email, provider, role)
+    end
+  end
+
+  defp create_database_user(email, password, role) do
+    Users.register(%{
+      email: email,
+      password: password,
+      role: role,
+      confirmed_at: DateTime.utc_now(),
+      confirmation_sent_at: nil,
+      confirmation_token: nil
+    })
+  end
+
+  defp create_user_from_provider(email, provider, role) do
+    Users.create_external(email, provider, %{role: role})
+  end
+
   @spec maybe_create_profile(User.t(), Keyword.t()) :: Actor.t() | nil
   defp maybe_create_profile(%User{} = user, options) do
     profile_username = Keyword.get(options, :profile_username)
@@ -102,4 +122,26 @@ defmodule Mix.Tasks.Mobilizon.Users.New do
       nil
     end
   end
+
+  @type role :: :administrator | :moderator | :user
+
+  @spec get_role(Keyword.t()) :: role()
+  defp get_role(options) do
+    moderator? = Keyword.get(options, :moderator, false)
+    admin? = Keyword.get(options, :admin, false)
+
+    cond do
+      admin? -> :administrator
+      moderator? -> :moderator
+      true -> :user
+    end
+  end
+
+  defp check_password_and_provider_options(options) do
+    if Keyword.get(options, :password) != nil && Keyword.get(options, :provider) != nil do
+      shell_error("""
+      The --password and --provider options can't be specified at the same time.
+      """)
+    end
+  end
 end

lib/mobilizon/users/users.ex

@@ -42,11 +42,12 @@ defmodule Mobilizon.Users do
     end
   end
 
-  @spec create_external(String.t(), String.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+  @spec create_external(String.t(), String.t(), Map.t()) ::
-  def create_external(email, provider) do
+          {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+  def create_external(email, provider, args \\ %{}) do
     with {:ok, %User{} = user} <-
            %User{}
-           |> User.auth_provider_changeset(%{email: email, provider: provider})
+           |> User.auth_provider_changeset(Map.merge(args, %{email: email, provider: provider}))
            |> Repo.insert() do
       Events.create_feed_token(%{user_id: user.id})
 

lib/service/auth/authenticator.ex

@@ -34,6 +34,9 @@ defmodule Mobilizon.Service.Auth.Authenticator do
   @callback can_change_password?(User.t()) :: boolean
   def can_change_password?(%User{} = user), do: implementation().can_change_password?(user)
 
+  @callback provider_name :: String.t() | nil
+  def provider_name, do: implementation().provider_name()
+
   @spec has_password?(User.t()) :: boolean()
   def has_password?(%User{provider: provider}), do: is_nil(provider) or provider == "ldap"
 

lib/service/auth/ldap_authenticator.ex

@@ -22,6 +22,7 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
   @connection_timeout 10_000
   @search_timeout 10_000
 
+  @impl Authenticator
   def login(email, password) do
     with {:ldap, true} <- {:ldap, Mobilizon.Config.get([:ldap, :enabled])},
          %User{} = user <- ldap_user(email, password) do
@@ -39,10 +40,15 @@ defmodule Mobilizon.Service.Auth.LDAPAuthenticator do
     end
   end
 
+  @impl Authenticator
   def can_change_email?(%User{provider: provider}), do: provider != "ldap"
 
+  @impl Authenticator
   def can_change_password?(%User{provider: provider}), do: provider != "ldap"
 
+  @impl Authenticator
+  def provider_name, do: "ldap"
+
   defp ldap_user(email, password) do
     ldap = Mobilizon.Config.get(:ldap, [])
     host = Keyword.get(ldap, :host, "localhost")

lib/service/auth/mobilizon_authenticator.ex

@@ -11,6 +11,7 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
 
   @behaviour Authenticator
 
+  @impl Authenticator
   def login(email, password) do
     require Logger
 
@@ -33,7 +34,12 @@ defmodule Mobilizon.Service.Auth.MobilizonAuthenticator do
     end
   end
 
+  @impl Authenticator
   def can_change_email?(%User{provider: provider}), do: is_nil(provider)
 
+  @impl Authenticator
   def can_change_password?(%User{provider: provider}), do: is_nil(provider)
+
+  @impl Authenticator
+  def provider_name, do: nil
 end

test/tasks/users_test.exs

@@ -5,7 +5,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
 
   alias Mix.Tasks.Mobilizon.Users.{Delete, Modify, New, Show}
 
-  alias Mobilizon.{Actors, Users}
+  alias Mobilizon.{Actors, Config, Users}
   alias Mobilizon.Actors.Actor
   alias Mobilizon.Users.User
 
@@ -16,7 +16,7 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
     test "create with no options" do
       New.run([@email])
 
-      assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at}} =
+      assert {:ok, %User{email: email, role: role, confirmed_at: confirmed_at, provider: nil}} =
                Users.get_user_by_email(@email)
 
       assert email == @email
@@ -53,7 +53,57 @@ defmodule Mix.Tasks.Mobilizon.UsersTest do
       assert_received {:mix_shell, :error, [message]}
       assert message =~ "User has not been created because of the above reason."
     end
+  end
 
+  describe "create user from external provider" do
+    test "create user from ldap" do
+      New.run([@email, "--provider", "ldap"])
+
+      assert {:ok,
+              %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
+               Users.get_user_by_email(@email)
+
+      assert_received {:mix_shell, :info, [message]}
+
+      assert message =~
+               "Warning: The ldap provider isn't currently configured as default authenticator."
+    end
+
+    test "create user from ldap when configured" do
+      Config.put([Mobilizon.Service.Auth.Authenticator], Mobilizon.Service.Auth.LDAPAuthenticator)
+
+      New.run([@email, "--provider", "ldap"])
+
+      assert {:ok,
+              %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
+               Users.get_user_by_email(@email)
+
+      assert_received {:mix_shell, :info, [message]}
+
+      refute message =~
+               "Warning: The ldap provider isn't currently configured as default authenticator."
+
+      Config.put(
+        [Mobilizon.Service.Auth.Authenticator],
+        Mobilizon.Service.Auth.MobilizonAuthenticator
+      )
+    end
+
+    test "can't set --provider at the same time than --password" do
+      New.run([@email, "--provider", "ldap", "--password", "random"])
+
+      assert {:ok,
+              %User{email: @email, password: nil, provider: "ldap", confirmed_at: %DateTime{}}} =
+               Users.get_user_by_email(@email)
+
+      assert_received {:mix_shell, :error, [message]}
+
+      assert message =~
+               "The --password and --provider options can't be specified at the same time."
+    end
+  end
+
+  describe "create user and profile" do
     @preferred_username "toto"
     @name "Léo Pandaï"
     @converted_username "leo_pandai"