202 lines
5.6 KiB
Elixir
202 lines
5.6 KiB
Elixir
defmodule Ueberauth.Strategy.IcyNet do
|
|
@moduledoc """
|
|
Provides an Ueberauth strategy for authenticating with Icy Network.
|
|
|
|
### Setup
|
|
|
|
Obtain a Client ID and Secret from Icy Network.
|
|
|
|
Include the provider in your configuration for Ueberauth
|
|
|
|
config :ueberauth, Ueberauth,
|
|
providers: [
|
|
icynet: { Ueberauth.Strategy.IcyNet, [] }
|
|
]
|
|
|
|
Then include the configuration for icynet.
|
|
|
|
config :ueberauth, Ueberauth.Strategy.IcyNet.OAuth,
|
|
client_id: System.get_env("ICYNET_CLIENT_ID"),
|
|
client_secret: System.get_env("ICYNET_CLIENT_SECRET")
|
|
|
|
If you haven't already, create a pipeline and setup routes for your callback handler
|
|
|
|
pipeline :auth do
|
|
Ueberauth.plug "/auth"
|
|
end
|
|
|
|
scope "/auth" do
|
|
pipe_through [:browser, :auth]
|
|
|
|
get "/:provider/callback", AuthController, :callback
|
|
end
|
|
|
|
|
|
Create an endpoint for the callback where you will handle the `Ueberauth.Auth` struct
|
|
|
|
defmodule MyApp.AuthController do
|
|
use MyApp.Web, :controller
|
|
|
|
def callback_phase(%{ assigns: %{ ueberauth_failure: fails } } = conn, _params) do
|
|
# do things with the failure
|
|
end
|
|
|
|
def callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do
|
|
# do things with the auth
|
|
end
|
|
end
|
|
|
|
You can edit the behaviour of the Strategy by including some options when you register your provider.
|
|
|
|
To set the `uid_field`
|
|
|
|
config :ueberauth, Ueberauth,
|
|
providers: [
|
|
icynet: { Ueberauth.Strategy.IcyNet, [uid_field: :email] }
|
|
]
|
|
|
|
Default is `:id`
|
|
|
|
To set the default 'scopes' (permissions):
|
|
|
|
config :ueberauth, Ueberauth,
|
|
providers: [
|
|
icynet: { Ueberauth.Strategy.IcyNet, [default_scope: "email,image"] }
|
|
]
|
|
|
|
Default is empty ("") which "Grants read-only access to public information (includes public user profile info, public repository info, and gists)"
|
|
"""
|
|
use Ueberauth.Strategy,
|
|
uid_field: :id,
|
|
default_scope: "",
|
|
oauth2_module: Ueberauth.Strategy.IcyNet.OAuth
|
|
|
|
alias Ueberauth.Auth.Info
|
|
alias Ueberauth.Auth.Credentials
|
|
alias Ueberauth.Auth.Extra
|
|
|
|
@doc """
|
|
Handles the initial redirect to the icynet authentication page.
|
|
|
|
To customize the scope (permissions) that are requested by icynet include them as part of your url:
|
|
|
|
"/auth/icynet?scope=email,image,privilege"
|
|
|
|
You can also include a `state` param that icynet will return to you.
|
|
"""
|
|
def handle_request!(conn) do
|
|
scopes = conn.params["scope"] || option(conn, :default_scope)
|
|
|
|
opts = [redirect_uri: callback_url(conn), scope: scopes]
|
|
|
|
opts =
|
|
if conn.params["state"], do: Keyword.put(opts, :state, conn.params["state"]), else: opts
|
|
|
|
module = option(conn, :oauth2_module)
|
|
redirect!(conn, apply(module, :authorize_url!, [opts]))
|
|
end
|
|
|
|
@doc """
|
|
Handles the callback from IcyNet. When there is a failure from IcyNet the failure is included in the
|
|
`ueberauth_failure` struct. Otherwise the information returned from IcyNet is returned in the `Ueberauth.Auth` struct.
|
|
"""
|
|
def handle_callback!(%Plug.Conn{params: %{"code" => code}} = conn) do
|
|
module = option(conn, :oauth2_module)
|
|
token = apply(module, :get_token!, [[code: code]])
|
|
|
|
if token.access_token == nil do
|
|
set_errors!(conn, [
|
|
error(token.other_params["error"], token.other_params["error_description"])
|
|
])
|
|
else
|
|
fetch_user(conn, token)
|
|
end
|
|
end
|
|
|
|
@doc false
|
|
def handle_callback!(conn) do
|
|
set_errors!(conn, [error("missing_code", "No code received")])
|
|
end
|
|
|
|
@doc """
|
|
Cleans up the private area of the connection used for passing the raw IcyNet response around during the callback.
|
|
"""
|
|
def handle_cleanup!(conn) do
|
|
conn
|
|
|> put_private(:icynet_user, nil)
|
|
|> put_private(:icynet_token, nil)
|
|
end
|
|
|
|
@doc """
|
|
Fetches the uid field from the IcyNet response. This defaults to the option `uid_field` which in-turn defaults to `id`
|
|
"""
|
|
def uid(conn) do
|
|
uid_field =
|
|
conn
|
|
|> option(:uid_field)
|
|
|> to_string
|
|
|
|
conn.private.icynet_user[uid_field]
|
|
end
|
|
|
|
@doc """
|
|
Includes the credentials from the IcyNet response.
|
|
"""
|
|
def credentials(conn) do
|
|
token = conn.private.icynet_token
|
|
|
|
%Credentials{
|
|
token: token.access_token,
|
|
refresh_token: token.refresh_token,
|
|
expires_at: nil,
|
|
token_type: token.token_type,
|
|
expires: false
|
|
}
|
|
end
|
|
|
|
@doc """
|
|
Fetches the fields to populate the info section of the `Ueberauth.Auth` struct.
|
|
"""
|
|
def info(conn) do
|
|
user = conn.private.icynet_user
|
|
|
|
%Info{
|
|
name: user["display_name"],
|
|
nickname: user["username"],
|
|
email: user["email"],
|
|
image: user["image"],
|
|
}
|
|
end
|
|
|
|
@doc """
|
|
Stores the raw information (including the token) obtained from the IcyNet callback.
|
|
"""
|
|
def extra(conn) do
|
|
%Extra{
|
|
raw_info: %{
|
|
token: conn.private.icynet_token,
|
|
user: conn.private.icynet_user
|
|
}
|
|
}
|
|
end
|
|
|
|
defp fetch_user(conn, token) do
|
|
conn = put_private(conn, :icynet_token, token)
|
|
case Ueberauth.Strategy.IcyNet.OAuth.get(token, "/oauth2/user") do
|
|
{:ok, %OAuth2.Response{status_code: 401, body: _body}} ->
|
|
set_errors!(conn, [error("token", "unauthorized")])
|
|
|
|
{:ok, %OAuth2.Response{status_code: status_code, body: user}}
|
|
when status_code in 200..399 ->
|
|
put_private(conn, :icynet_user, user)
|
|
|
|
{:error, %OAuth2.Error{reason: reason}} ->
|
|
set_errors!(conn, [error("OAuth2", reason)])
|
|
end
|
|
end
|
|
|
|
defp option(conn, key) do
|
|
Keyword.get(options(conn), key, Keyword.get(default_options(), key))
|
|
end
|
|
end
|