-
Notifications
You must be signed in to change notification settings - Fork 3
/
users_live_handler.ex
executable file
·189 lines (161 loc) · 5.2 KB
/
users_live_handler.ex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
defmodule Bonfire.Me.Users.LiveHandler do
use Bonfire.UI.Common.Web, :live_handler
alias Bonfire.Me.Users
def handle_event("autocomplete", %{"value" => search}, socket),
do: handle_event("autocomplete", search, socket)
def handle_event("autocomplete", search, socket) when is_binary(search) do
options =
(Users.search(search) || [])
|> Enum.map(&to_tuple/1)
# debug(matches)
{:noreply, assign_global(socket, users_autocomplete: options)}
end
def handle_event("delete_user", %{"password" => password}, socket) do
delete = current_user_auth!(socket, password)
after_delete(
Bonfire.Me.DeleteWorker.enqueue_delete(delete),
"/settings/deleted/user/#{id(delete)}",
socket
)
end
def handle_event("delete_account", %{"password" => password}, socket) do
delete = current_account_auth!(socket, password)
after_delete(
Bonfire.Me.DeleteWorker.enqueue_delete(delete),
"/settings/deleted/account/#{id(delete)}",
socket
)
end
def handle_event("fetch_outbox", _, socket) do
ActivityPub.Federator.Fetcher.fetch_outbox([pointer: assigns(socket)[:user]],
fetch_collection: :async
)
{:noreply, socket}
end
def handle_event(
"share_user",
%{"add_shared_user" => emails_or_usernames} = attrs,
socket
) do
with {:ok, shared_user} <-
Bonfire.Common.Utils.maybe_apply(
Bonfire.Me.SharedUsers,
:add_accounts,
[current_user_required!(socket), emails_or_usernames, attrs]
) do
{:noreply,
socket
|> assign_flash(:info, l("Access granted to the team!"))
|> assign(members: e(assigns(socket), :team, []) ++ [shared_user])}
end
end
def handle_event(
"make_admin",
params,
socket
) do
with true <- Bonfire.Me.Accounts.is_admin?(assigns(socket)[:__context__]),
{:ok, user} <-
Bonfire.Me.Users.make_admin(assigns(socket)[:user] || params["username_or_id"]) do
{:noreply,
socket
|> assign_flash(:info, l("They are now an admin!"))
|> assign(user: user)}
end
end
def handle_event(
"revoke_admin",
params,
socket
) do
with true <- Bonfire.Me.Accounts.is_admin?(assigns(socket)[:__context__]),
{:ok, user} <-
Bonfire.Me.Users.revoke_admin(assigns(socket)[:user] || params["username_or_id"]) do
{:noreply,
socket
|> assign_flash(:info, l("They are no longer an admin."))
|> assign(user: user)}
end
end
def to_tuple(u) do
{e(u, :profile, :name, "Someone"), uid(u)}
end
@doc "This function disconnects the user but leaves the account session alone"
def disconnect_user_session(%{assigns: assigns} = conn) do
disconnect_user_sockets(assigns)
conn
|> Plug.Conn.delete_session(:current_user_id)
end
@doc "This function disconnects the user and account, erases the session and CSRF token, and starts a new session"
def disconnect_account_session(%{assigns: assigns} = conn) do
disconnect_sockets(assigns)
renew_session(conn)
end
# This function renews the session ID and erases the whole
# session to avoid fixation attacks. If there is any data
# in the session you may want to preserve after log in/log out,
# you must explicitly fetch the session data before clearing
# and then immediately set it after clearing, for example:
#
# defp renew_session(conn) do
# preferred_locale = get_session(conn, :preferred_locale)
#
# conn
# |> configure_session(renew: true)
# |> clear_session()
# |> put_session(:preferred_locale, preferred_locale)
# end
#
defp renew_session(conn) do
Phoenix.Controller.delete_csrf_token()
conn
|> Plug.Conn.configure_session(renew: true)
|> Plug.Conn.clear_session()
end
def disconnect_sockets(context) do
disconnect_user_sockets(context)
disconnect_account_sockets(context)
end
defp disconnect_user_sockets(context) do
# see https://hexdocs.pm/phoenix_live_view/security-model.html#disconnecting-all-instances-of-a-live-user
case current_user_id(context) do
nil ->
debug("no user sockets found to broadcast the logout to")
user_id ->
Utils.maybe_apply(
Bonfire.Web.Endpoint,
:broadcast,
["socket_user:#{user_id}", "disconnect", %{}]
)
end
end
defp disconnect_account_sockets(context) do
case current_account_id(context) do
nil ->
debug("no account sockets found to broadcast the logout to")
account_id ->
Utils.maybe_apply(
Bonfire.Web.Endpoint,
:broadcast,
["socket_account:#{account_id}", "disconnect", %{}]
)
end
end
defp after_delete(result, redirect_after, socket) do
with {:ok, _} <- result do
Bonfire.UI.Common.OpenModalLive.close()
{:noreply,
socket
|> assign_flash(
:info,
l(
"Queued for deletion. Should be done in a few minutes... So long, and thanks for all the fish!"
)
)
|> redirect_to(
redirect_after,
fallback: current_url(socket)
)}
end
end
end