diff --git a/config/config.exs b/config/config.exs index 30f48e20f..aa6063423 100644 --- a/config/config.exs +++ b/config/config.exs @@ -31,12 +31,11 @@ config :mime, :types, %{ "application/vnd.api+json" => ["json-api"] } -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, issuer: "CodeCorps", ttl: { 30, :days }, verify_issuer: true, # optional - secret_key: System.get_env("GUARDIAN_SECRET_KEY"), - serializer: CodeCorpsWeb.GuardianSerializer + secret_key: System.get_env("GUARDIAN_SECRET_KEY") # Configures ex_aws with credentials config :ex_aws, :code_corps, diff --git a/config/dev.exs b/config/dev.exs index 5133971f8..62a346395 100644 --- a/config/dev.exs +++ b/config/dev.exs @@ -45,7 +45,7 @@ config :code_corps, CodeCorps.Repo, # CORS allowed origins config :code_corps, allowed_origins: ["http://localhost:4200"] -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, secret_key: "e62fb6e2746f6b1bf8b5b735ba816c2eae1d5d76e64f18f3fc647e308b0c159e" config :code_corps, :analytics, CodeCorps.Analytics.InMemoryAPI diff --git a/config/prod.exs b/config/prod.exs index bbf1922ec..4058f1e00 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -36,7 +36,7 @@ config :code_corps, allowed_origins: [ "https://www.codecorps.org" ] -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, secret_key: System.get_env("GUARDIAN_SECRET_KEY") # Timber logging diff --git a/config/remote-development.exs b/config/remote-development.exs index e82e48d91..34e5525cb 100644 --- a/config/remote-development.exs +++ b/config/remote-development.exs @@ -28,7 +28,7 @@ config :code_corps, CodeCorps.Repo, # CORS allowed origins config :code_corps, allowed_origins: "*" -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, secret_key: System.get_env("GUARDIAN_SECRET_KEY") # Do not print debug messages in production diff --git a/config/staging.exs b/config/staging.exs index 59b51f726..d197fef1d 100644 --- a/config/staging.exs +++ b/config/staging.exs @@ -35,7 +35,7 @@ config :code_corps, allowed_origins: [ "https://www.pbqrpbecf.org" ] -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, secret_key: System.get_env("GUARDIAN_SECRET_KEY") # Timber logging diff --git a/config/test.exs b/config/test.exs index fcd0c8f7c..95d2a1842 100644 --- a/config/test.exs +++ b/config/test.exs @@ -27,7 +27,7 @@ config :comeonin, :pbkdf2_rounds, 1 # CORS allowed origins config :code_corps, allowed_origins: ["http://localhost:4200"] -config :guardian, Guardian, +config :code_corps, CodeCorps.Guardian, secret_key: "e62fb6e2746f6b1bf8b5b735ba816c2eae1d5d76e64f18f3fc647e308b0c159e" config :code_corps, :analytics, CodeCorps.Analytics.TestAPI diff --git a/lib/code_corps/auth/bearer_auth_pipeline.ex b/lib/code_corps/auth/bearer_auth_pipeline.ex new file mode 100644 index 000000000..96e1aa221 --- /dev/null +++ b/lib/code_corps/auth/bearer_auth_pipeline.ex @@ -0,0 +1,8 @@ +defmodule CodeCorps.Auth.BearerAuthPipeline do + use Guardian.Plug.Pipeline, otp_app: :code_corps, + module: CodeCorps.Guardian, + error_handler: CodeCorps.Auth.ErrorHandler + + plug Guardian.Plug.VerifyHeader, realm: "Bearer" + plug Guardian.Plug.LoadResource, allow_blank: true +end diff --git a/lib/code_corps/auth/ensure_auth_pipeline.ex b/lib/code_corps/auth/ensure_auth_pipeline.ex new file mode 100644 index 000000000..acc52e067 --- /dev/null +++ b/lib/code_corps/auth/ensure_auth_pipeline.ex @@ -0,0 +1,7 @@ +defmodule CodeCorps.Auth.EnsureAuthPipeline do + use Guardian.Plug.Pipeline, otp_app: :code_corps, + module: CodeCorps.Guardian, + error_handler: CodeCorps.Auth.ErrorHandler + + plug Guardian.Plug.EnsureAuthenticated +end diff --git a/lib/code_corps/auth/error_handler.ex b/lib/code_corps/auth/error_handler.ex new file mode 100644 index 000000000..902c0b923 --- /dev/null +++ b/lib/code_corps/auth/error_handler.ex @@ -0,0 +1,9 @@ +defmodule CodeCorps.Auth.ErrorHandler do + use CodeCorpsWeb, :controller + + def auth_error(conn, {type, _reason}, _opts) do + conn + |> put_status(401) + |> render(CodeCorpsWeb.TokenView, "401.json", message: to_string(type)) + end +end diff --git a/lib/code_corps/guardian.ex b/lib/code_corps/guardian.ex new file mode 100644 index 000000000..7f8fd6695 --- /dev/null +++ b/lib/code_corps/guardian.ex @@ -0,0 +1,40 @@ +defmodule CodeCorps.Guardian do + use Guardian, otp_app: :code_corps + + alias CodeCorps.{Project, Repo, User} + + def subject_for_token(project = %Project{}, _claims) do + {:ok, "Project:#{project.id}"} + end + def subject_for_token(user = %User{}, _claims) do + {:ok, "User:#{user.id}"} + end + def subject_for_token(_, _) do + {:error, :unknown_resource_type} + end + + def resource_from_claims(%{"sub" => sub}), do: resource_from_subject(sub) + def resource_from_claims(_), do: {:error, :missing_subject} + + defp resource_from_subject("Project:" <> id), do: {:ok, Repo.get(Project, id)} + defp resource_from_subject("User:" <> id) do + user = Repo.get(User, id) + + if user do + name = full_name(user) + %Timber.Contexts.UserContext{id: user.id, email: user.email, name: name} + |> Timber.add_context() + end + + {:ok, user} + end + defp resource_from_subject(_), do: {:error, :unknown_resource_type} + + defp full_name(%User{first_name: nil, last_name: nil}), do: "" + defp full_name(%User{first_name: first_name, last_name: nil}), do: first_name + defp full_name(%User{first_name: nil, last_name: last_name}), do: last_name + defp full_name(%User{first_name: first_name, last_name: last_name}) do + first_name <> " " <> last_name + end + defp full_name(_), do: "" +end diff --git a/lib/code_corps/stripe_service/webhook_processing/webhook_processor.ex b/lib/code_corps/stripe_service/webhook_processing/webhook_processor.ex index 2fb1b55e4..67618c249 100644 --- a/lib/code_corps/stripe_service/webhook_processing/webhook_processor.ex +++ b/lib/code_corps/stripe_service/webhook_processing/webhook_processor.ex @@ -17,6 +17,7 @@ defmodule CodeCorps.StripeService.WebhookProcessing.WebhookProcessor do Returns `{:ok, pid}` """ + @spec process_async(map, module) :: Processor.result def process_async(event_params, handler) do Processor.process(fn -> process(event_params, handler) end) end diff --git a/lib/code_corps_web/controllers/category_controller.ex b/lib/code_corps_web/controllers/category_controller.ex index 48841d3b6..86008013b 100644 --- a/lib/code_corps_web/controllers/category_controller.ex +++ b/lib/code_corps_web/controllers/category_controller.ex @@ -22,7 +22,7 @@ defmodule CodeCorpsWeb.CategoryController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Category{}, params), {:ok, %Category{} = category} <- %Category{} |> Category.create_changeset(params) |> Repo.insert, category <- preload(category) @@ -34,7 +34,7 @@ defmodule CodeCorpsWeb.CategoryController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %Category{} = category <- Category |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, category), {:ok, %Category{} = category} <- category |> Category.changeset(params) |> Repo.update, category <- preload(category) diff --git a/lib/code_corps_web/controllers/comment_controller.ex b/lib/code_corps_web/controllers/comment_controller.ex index ddca868d4..2e9d914ca 100644 --- a/lib/code_corps_web/controllers/comment_controller.ex +++ b/lib/code_corps_web/controllers/comment_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.CommentController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Comment{}, params), {:ok, %Comment{} = comment} <- Comment.Service.create(params) do conn |> put_status(:created) |> render("show.json-api", data: comment) @@ -34,7 +34,7 @@ defmodule CodeCorpsWeb.CommentController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %Comment{} = comment <- Comment |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, comment), {:ok, %Comment{} = comment} <- comment |> Comment.Service.update(params) do conn |> render("show.json-api", data: comment) diff --git a/lib/code_corps_web/controllers/donation_goal_controller.ex b/lib/code_corps_web/controllers/donation_goal_controller.ex index 7b2f2e2ba..c166cd3ab 100644 --- a/lib/code_corps_web/controllers/donation_goal_controller.ex +++ b/lib/code_corps_web/controllers/donation_goal_controller.ex @@ -29,7 +29,7 @@ defmodule CodeCorpsWeb.DonationGoalController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %DonationGoal{}, params), {:ok, %DonationGoal{} = donation_goal} <- DonationGoalsService.create(params), donation_goal <- preload(donation_goal) @@ -41,7 +41,7 @@ defmodule CodeCorpsWeb.DonationGoalController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %DonationGoal{} = donation_goal <- DonationGoal |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, donation_goal), {:ok, %DonationGoal{} = _donation_goal} <- donation_goal |> Repo.delete do @@ -52,7 +52,7 @@ defmodule CodeCorpsWeb.DonationGoalController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %DonationGoal{} = donation_goal <- DonationGoal |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, donation_goal), {:ok, %DonationGoal{} = updated_donation_goal} <- donation_goal |> DonationGoalsService.update(params), updated_donation_goal <- preload(updated_donation_goal) diff --git a/lib/code_corps_web/controllers/fallback_controller.ex b/lib/code_corps_web/controllers/fallback_controller.ex index a47071147..6fab31836 100644 --- a/lib/code_corps_web/controllers/fallback_controller.ex +++ b/lib/code_corps_web/controllers/fallback_controller.ex @@ -26,6 +26,11 @@ defmodule CodeCorpsWeb.FallbackController do |> put_status(403) |> render(CodeCorpsWeb.TokenView, "403.json", message: "You are not authorized to perform this action.") end + def call(%Conn{} = conn, {:error, :expired}) do + conn + |> put_status(:not_found) + |> render(CodeCorpsWeb.ErrorView, "404.json") + end def call(%Conn{} = conn, nil) do conn |> put_status(:not_found) diff --git a/lib/code_corps_web/controllers/github_app_installation_controller.ex b/lib/code_corps_web/controllers/github_app_installation_controller.ex index 820a3c22c..f4a0b496a 100644 --- a/lib/code_corps_web/controllers/github_app_installation_controller.ex +++ b/lib/code_corps_web/controllers/github_app_installation_controller.ex @@ -30,7 +30,7 @@ defmodule CodeCorpsWeb.GithubAppInstallationController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %GithubAppInstallation{}, params), {:ok, %GithubAppInstallation{} = installation} <- %GithubAppInstallation{} |> GithubAppInstallation.create_changeset(params) |> Repo.insert, installation <- preload(installation) diff --git a/lib/code_corps_web/controllers/github_event_controller.ex b/lib/code_corps_web/controllers/github_event_controller.ex index 199836843..5432d26be 100644 --- a/lib/code_corps_web/controllers/github_event_controller.ex +++ b/lib/code_corps_web/controllers/github_event_controller.ex @@ -18,7 +18,7 @@ defmodule CodeCorpsWeb.GithubEventController do @spec index(Conn.t, map) :: Conn.t def index(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:index, %GithubEvent{}, params) do github_events = @@ -33,7 +33,7 @@ defmodule CodeCorpsWeb.GithubEventController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %GithubEvent{} = github_event <- GithubEvent |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, github_event, params) do @@ -54,7 +54,7 @@ defmodule CodeCorpsWeb.GithubEventController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %GithubEvent{} = github_event <- GithubEvent |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, github_event, params), changeset <- github_event |> GithubEvent.update_changeset(params), {:ok, updated_github_event} <- changeset |> retry_event() diff --git a/lib/code_corps_web/controllers/github_repo_controller.ex b/lib/code_corps_web/controllers/github_repo_controller.ex index 8781484e3..a8f4ac5c5 100644 --- a/lib/code_corps_web/controllers/github_repo_controller.ex +++ b/lib/code_corps_web/controllers/github_repo_controller.ex @@ -31,7 +31,7 @@ defmodule CodeCorpsWeb.GithubRepoController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %GithubRepo{} = github_repo <- GithubRepo |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, github_repo, params), {:ok, %GithubRepo{} = github_repo} <- github_repo |> GithubRepo.update_changeset(params) |> Repo.update() do diff --git a/lib/code_corps_web/controllers/organization_controller.ex b/lib/code_corps_web/controllers/organization_controller.ex index 0f65b3df6..23f1b74a4 100644 --- a/lib/code_corps_web/controllers/organization_controller.ex +++ b/lib/code_corps_web/controllers/organization_controller.ex @@ -28,7 +28,7 @@ defmodule CodeCorpsWeb.OrganizationController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Organization{}, params), {:ok, %Organization{} = organization} <- %Organization{} |> Organization.create_changeset(params) |> Repo.insert, organization <- preload(organization) @@ -40,7 +40,7 @@ defmodule CodeCorpsWeb.OrganizationController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %Organization{} = organization <- Organization |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, organization), {:ok, %Organization{} = organization} <- organization |> Organization.changeset(params) |> Repo.update, organization <- preload(organization) diff --git a/lib/code_corps_web/controllers/organization_github_app_installation_controller.ex b/lib/code_corps_web/controllers/organization_github_app_installation_controller.ex index 72b32f25c..334ae92cb 100644 --- a/lib/code_corps_web/controllers/organization_github_app_installation_controller.ex +++ b/lib/code_corps_web/controllers/organization_github_app_installation_controller.ex @@ -23,7 +23,7 @@ defmodule CodeCorpsWeb.OrganizationGithubAppInstallationController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %OrganizationGithubAppInstallation{}, params), {:ok, %OrganizationGithubAppInstallation{} = organization_installation} <- %OrganizationGithubAppInstallation{} |> OrganizationGithubAppInstallation.create_changeset(params) |> Repo.insert do conn |> put_status(:created) |> render("show.json-api", data: organization_installation) @@ -33,7 +33,7 @@ defmodule CodeCorpsWeb.OrganizationGithubAppInstallationController do @spec delete(Plug.Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = params) do with %OrganizationGithubAppInstallation{} = organization_github_installation <- OrganizationGithubAppInstallation |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, organization_github_installation, params), {:ok, _organization_github_installation} <- organization_github_installation diff --git a/lib/code_corps_web/controllers/organization_invite_controller.ex b/lib/code_corps_web/controllers/organization_invite_controller.ex index 12fd3f3f3..4803fb466 100644 --- a/lib/code_corps_web/controllers/organization_invite_controller.ex +++ b/lib/code_corps_web/controllers/organization_invite_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.OrganizationInviteController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %OrganizationInvite{}, params), {:ok, %OrganizationInvite{} = organization_invite} <- %OrganizationInvite{} |> OrganizationInvite.create_changeset(params) |> Repo.insert do @@ -39,7 +39,7 @@ defmodule CodeCorpsWeb.OrganizationInviteController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %OrganizationInvite{} = organization_invite <- OrganizationInvite |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, organization_invite), {:ok, %OrganizationInvite{} = organization_invite} <- organization_invite |> OrganizationInvite.changeset(params) |> Repo.update do conn |> render("show.json-api", data: organization_invite) diff --git a/lib/code_corps_web/controllers/password_controller.ex b/lib/code_corps_web/controllers/password_controller.ex index df141d019..a85019fb2 100644 --- a/lib/code_corps_web/controllers/password_controller.ex +++ b/lib/code_corps_web/controllers/password_controller.ex @@ -4,13 +4,15 @@ defmodule CodeCorpsWeb.PasswordController do alias CodeCorps.{Services.ForgotPasswordService} - @doc""" - forgot_password should take an email and generate an AuthToken model and send an email + @doc """ + Generates a `CodeCorps.AuthToken` model to verify against and sends an email. """ def forgot_password(conn, %{"email" => email}) do ForgotPasswordService.forgot_password(email) - conn = Guardian.Plug.sign_out(conn, :default) - conn |> put_status(:ok) |> render("show.json", email: email) - end + conn + |> CodeCorps.Guardian.Plug.sign_out() + |> put_status(:ok) + |> render("show.json", email: email) + end end diff --git a/lib/code_corps_web/controllers/password_reset_controller.ex b/lib/code_corps_web/controllers/password_reset_controller.ex index 11f64b6f9..55d938de8 100644 --- a/lib/code_corps_web/controllers/password_reset_controller.ex +++ b/lib/code_corps_web/controllers/password_reset_controller.ex @@ -2,37 +2,31 @@ defmodule CodeCorpsWeb.PasswordResetController do @moduledoc false use CodeCorpsWeb, :controller - alias CodeCorps.{User, AuthToken} - alias Ecto.Changeset + alias CodeCorps.{AuthToken, User} - @doc""" + action_fallback CodeCorpsWeb.FallbackController + + @doc """ Requires a `token`, `password`, and `password_confirmation` and checks: 1. The token exists in an `AuthToken` record, verified with `Phoenix.Token.verify` - 2. The `password` and `password_confirmation` match, and the auth token exists: - - If yes, a `200` response will return the email. - If no, a `422` response will return the error. """ def reset_password(conn, %{"token" => reset_token, "password" => _password, "password_confirmation" => _password_confirmation} = params) do - with %AuthToken{user: user} = auth_token <- AuthToken |> Repo.get_by(%{ value: reset_token }) |> Repo.preload(:user), + with %AuthToken{user: user} = auth_token <- AuthToken |> Repo.get_by(%{value: reset_token}) |> Repo.preload(:user), {:ok, _} <- Phoenix.Token.verify(conn, "user", reset_token, max_age: Application.get_env(:code_corps, :password_reset_timeout)), - {:ok, updated_user} <- user |> User.reset_password_changeset(params) |> Repo.update, - {:ok, _auth_token} <- auth_token |> Repo.delete, - {:ok, auth_token, _claims} = updated_user |> Guardian.encode_and_sign(:token) + {:ok, %User{} = updated_user} <- user |> User.reset_password_changeset(params) |> Repo.update(), + {:ok, _auth_token} <- auth_token |> Repo.delete(), + {:ok, auth_token, _claims} = updated_user |> CodeCorps.Guardian.encode_and_sign() do conn |> Plug.Conn.assign(:current_user, updated_user) |> put_status(:created) |> render("show.json", token: auth_token, user_id: updated_user.id, email: updated_user.email) - else - {:error, %Changeset{} = changeset} -> conn |> put_status(422) |> render(CodeCorpsWeb.ErrorView, :errors, data: changeset) - {:error, _} -> conn |> put_status(:not_found) |> render(CodeCorpsWeb.ErrorView, "404.json") - nil -> conn |> put_status(:not_found) |> render(CodeCorpsWeb.ErrorView, "404.json") end end - end diff --git a/lib/code_corps_web/controllers/preview_controller.ex b/lib/code_corps_web/controllers/preview_controller.ex index 712172aa1..92211295d 100644 --- a/lib/code_corps_web/controllers/preview_controller.ex +++ b/lib/code_corps_web/controllers/preview_controller.ex @@ -10,7 +10,7 @@ defmodule CodeCorpsWeb.PreviewController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Preview{}, params), {:ok, %Preview{} = preview} <- %Preview{} |> Preview.create_changeset(params) |> Repo.insert do conn |> put_status(:created) |> render("show.json-api", data: preview) diff --git a/lib/code_corps_web/controllers/project_category_controller.ex b/lib/code_corps_web/controllers/project_category_controller.ex index 936fa9589..f1d36705c 100644 --- a/lib/code_corps_web/controllers/project_category_controller.ex +++ b/lib/code_corps_web/controllers/project_category_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.ProjectCategoryController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %ProjectCategory{}, params), {:ok, %ProjectCategory{} = project_category} <- %ProjectCategory{} |> ProjectCategory.create_changeset(params) |> Repo.insert do conn |> put_status(:created) |> render("show.json-api", data: project_category) @@ -34,7 +34,7 @@ defmodule CodeCorpsWeb.ProjectCategoryController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %ProjectCategory{} = project_category <- ProjectCategory |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, project_category), {:ok, %ProjectCategory{} = _project_category} <- project_category |> Repo.delete do diff --git a/lib/code_corps_web/controllers/project_controller.ex b/lib/code_corps_web/controllers/project_controller.ex index 945e8af2f..9f16262ee 100644 --- a/lib/code_corps_web/controllers/project_controller.ex +++ b/lib/code_corps_web/controllers/project_controller.ex @@ -23,7 +23,7 @@ defmodule CodeCorpsWeb.ProjectController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Project{}, params), {:ok, %Project{} = project} <- %Project{} |> Project.create_changeset(params) |> Repo.insert, project <- preload(project) @@ -35,7 +35,7 @@ defmodule CodeCorpsWeb.ProjectController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{} = params) do with %Project{} = project <- Project.Query.find(params), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, project), {:ok, %Project{} = project} <- project |> Project.update_changeset(params) |> Repo.update, project <- preload(project) diff --git a/lib/code_corps_web/controllers/project_skill_controller.ex b/lib/code_corps_web/controllers/project_skill_controller.ex index cd0d45bf8..04ded3a50 100644 --- a/lib/code_corps_web/controllers/project_skill_controller.ex +++ b/lib/code_corps_web/controllers/project_skill_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.ProjectSkillController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %ProjectSkill{}, params), {:ok, %ProjectSkill{} = project_skill} <- %ProjectSkill{} |> ProjectSkill.create_changeset(params) |> Repo.insert do @@ -36,7 +36,7 @@ defmodule CodeCorpsWeb.ProjectSkillController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %ProjectSkill{} = project_skill <- ProjectSkill |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, project_skill), {:ok, %ProjectSkill{} = project_skill} <- project_skill |> Repo.delete do diff --git a/lib/code_corps_web/controllers/project_user_controller.ex b/lib/code_corps_web/controllers/project_user_controller.ex index bed792e7d..f842f5bfb 100644 --- a/lib/code_corps_web/controllers/project_user_controller.ex +++ b/lib/code_corps_web/controllers/project_user_controller.ex @@ -26,7 +26,7 @@ defmodule CodeCorpsWeb.ProjectUserController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %ProjectUser{}, params), {:ok, %ProjectUser{} = project_user} <- %ProjectUser{} |> ProjectUser.create_changeset(params) |> Repo.insert, _ <- maybe_send_create_email(project_user) @@ -38,7 +38,7 @@ defmodule CodeCorpsWeb.ProjectUserController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %ProjectUser{} = project_user <- ProjectUser |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, project_user, params), {:ok, %ProjectUser{} = updated_project_user} <- project_user |> ProjectUser.update_changeset(params) |> Repo.update, _ <- maybe_send_update_email(updated_project_user, project_user) @@ -50,7 +50,7 @@ defmodule CodeCorpsWeb.ProjectUserController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %ProjectUser{} = project_user <- ProjectUser |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, project_user), {:ok, %ProjectUser{} = _project_user} <- project_user |> Repo.delete do diff --git a/lib/code_corps_web/controllers/role_controller.ex b/lib/code_corps_web/controllers/role_controller.ex index c4d5bc79d..aabd09bee 100644 --- a/lib/code_corps_web/controllers/role_controller.ex +++ b/lib/code_corps_web/controllers/role_controller.ex @@ -23,7 +23,7 @@ defmodule CodeCorpsWeb.RoleController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Role{}, params), {:ok, %Role{} = role} <- %Role{} |> Role.changeset(params) |> Repo.insert, role = preload(role) diff --git a/lib/code_corps_web/controllers/role_skill_controller.ex b/lib/code_corps_web/controllers/role_skill_controller.ex index 23d7aab6e..e8812f8dc 100644 --- a/lib/code_corps_web/controllers/role_skill_controller.ex +++ b/lib/code_corps_web/controllers/role_skill_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.RoleSkillController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %RoleSkill{}, params), {:ok, %RoleSkill{} = role_skill} <- %RoleSkill{} |> RoleSkill.create_changeset(params) |> Repo.insert do @@ -35,7 +35,7 @@ defmodule CodeCorpsWeb.RoleSkillController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %RoleSkill{} = role_skill <- RoleSkill |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, role_skill), {:ok, %RoleSkill{} = _role_skill} <- role_skill |> Repo.delete do diff --git a/lib/code_corps_web/controllers/skill_controller.ex b/lib/code_corps_web/controllers/skill_controller.ex index 446a7ce9c..e3070b111 100644 --- a/lib/code_corps_web/controllers/skill_controller.ex +++ b/lib/code_corps_web/controllers/skill_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.SkillController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Skill{}, params), {:ok, %Skill{} = skill} <- %Skill{} |> Skill.changeset(params) |> Repo.insert, skill <- preload(skill) diff --git a/lib/code_corps_web/controllers/stripe_connect_account_controller.ex b/lib/code_corps_web/controllers/stripe_connect_account_controller.ex index 414bbda25..efbe47058 100644 --- a/lib/code_corps_web/controllers/stripe_connect_account_controller.ex +++ b/lib/code_corps_web/controllers/stripe_connect_account_controller.ex @@ -13,7 +13,7 @@ defmodule CodeCorpsWeb.StripeConnectAccountController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %StripeConnectAccount{} = account <- StripeConnectAccount |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, account, params) do @@ -29,7 +29,7 @@ defmodule CodeCorpsWeb.StripeConnectAccountController do |> Map.put("type", "custom") |> Map.put("tos_acceptance_ip", conn |> ConnUtils.extract_ip) |> Map.put("tos_acceptance_user_agent", conn |> ConnUtils.extract_user_agent) - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripeConnectAccount{}, params), {:ok, %StripeConnectAccount{} = account} <- StripeConnectAccountService.create(params), account <- preload(account) @@ -41,7 +41,7 @@ defmodule CodeCorpsWeb.StripeConnectAccountController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %StripeConnectAccount{} = account <- StripeConnectAccount |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, account, params), {:ok, %StripeConnectAccount{} = updated_account} <- account |> StripeConnectAccountService.update(params), updated_account <- preload(updated_account) diff --git a/lib/code_corps_web/controllers/stripe_connect_plan_controller.ex b/lib/code_corps_web/controllers/stripe_connect_plan_controller.ex index 89e67030f..5074e61bd 100644 --- a/lib/code_corps_web/controllers/stripe_connect_plan_controller.ex +++ b/lib/code_corps_web/controllers/stripe_connect_plan_controller.ex @@ -11,7 +11,7 @@ defmodule CodeCorpsWeb.StripeConnectPlanController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %StripeConnectPlan{} = stripe_platform_plan <- StripeConnectPlan |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_plan, params) do conn |> render("show.json-api", data: stripe_platform_plan) @@ -20,7 +20,7 @@ defmodule CodeCorpsWeb.StripeConnectPlanController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripeConnectPlan{}, params), {:ok, %StripeConnectPlan{} = stripe_platform_plan} <- StripeConnectPlanService.create(params) |> handle_create_result(conn) do conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_plan) diff --git a/lib/code_corps_web/controllers/stripe_connect_subscription_controller.ex b/lib/code_corps_web/controllers/stripe_connect_subscription_controller.ex index a79da9238..4d5a05557 100644 --- a/lib/code_corps_web/controllers/stripe_connect_subscription_controller.ex +++ b/lib/code_corps_web/controllers/stripe_connect_subscription_controller.ex @@ -11,7 +11,7 @@ defmodule CodeCorpsWeb.StripeConnectSubscriptionController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %StripeConnectSubscription{} = subscription <- StripeConnectSubscription |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, subscription, params) do @@ -22,7 +22,7 @@ defmodule CodeCorpsWeb.StripeConnectSubscriptionController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripeConnectSubscription{}, params), {:ok, %StripeConnectSubscription{} = subscription} <- StripeConnectSubscriptionService.find_or_create(params), subscription <- preload(subscription) diff --git a/lib/code_corps_web/controllers/stripe_platform_card_controller.ex b/lib/code_corps_web/controllers/stripe_platform_card_controller.ex index 7c3655ad0..481021c55 100644 --- a/lib/code_corps_web/controllers/stripe_platform_card_controller.ex +++ b/lib/code_corps_web/controllers/stripe_platform_card_controller.ex @@ -11,7 +11,7 @@ defmodule CodeCorpsWeb.StripePlatformCardController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %StripePlatformCard{} = stripe_platform_card <- StripePlatformCard |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_card, params) do conn |> render("show.json-api", data: stripe_platform_card) @@ -20,7 +20,7 @@ defmodule CodeCorpsWeb.StripePlatformCardController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripePlatformCard{}, params), {:ok, %StripePlatformCard{} = stripe_platform_card} <- StripePlatformCardService.create(params) do conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_card) diff --git a/lib/code_corps_web/controllers/stripe_platform_customer_controller.ex b/lib/code_corps_web/controllers/stripe_platform_customer_controller.ex index de9a2ddf2..da3633f6e 100644 --- a/lib/code_corps_web/controllers/stripe_platform_customer_controller.ex +++ b/lib/code_corps_web/controllers/stripe_platform_customer_controller.ex @@ -11,7 +11,7 @@ defmodule CodeCorpsWeb.StripePlatformCustomerController do @spec show(Conn.t, map) :: Conn.t def show(%Conn{} = conn, %{"id" => id} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, %StripePlatformCustomer{} = stripe_platform_customer <- StripePlatformCustomer |> Repo.get(id), {:ok, :authorized} <- current_user |> Policy.authorize(:show, stripe_platform_customer, params) do conn |> render("show.json-api", data: stripe_platform_customer) @@ -20,7 +20,7 @@ defmodule CodeCorpsWeb.StripePlatformCustomerController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %StripePlatformCustomer{}, params), {:ok, %StripePlatformCustomer{} = stripe_platform_customer} <- StripePlatformCustomerService.create(params) do conn |> put_status(:created) |> render("show.json-api", data: stripe_platform_customer) diff --git a/lib/code_corps_web/controllers/task_controller.ex b/lib/code_corps_web/controllers/task_controller.ex index e5954bbb2..85a03e437 100644 --- a/lib/code_corps_web/controllers/task_controller.ex +++ b/lib/code_corps_web/controllers/task_controller.ex @@ -30,7 +30,7 @@ defmodule CodeCorpsWeb.TaskController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %Task{}, params), {:ok, %Task{} = task} <- params |> Task.Service.create, task <- preload(task) @@ -45,7 +45,7 @@ defmodule CodeCorpsWeb.TaskController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{} = params) do with %Task{} = task <- Task.Query.find(params), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, task), {:ok, %Task{} = updated_task} <- task |> Task.Service.update(params), updated_task <- preload(updated_task) diff --git a/lib/code_corps_web/controllers/task_skill_controller.ex b/lib/code_corps_web/controllers/task_skill_controller.ex index 63e470be3..36d07b717 100644 --- a/lib/code_corps_web/controllers/task_skill_controller.ex +++ b/lib/code_corps_web/controllers/task_skill_controller.ex @@ -29,7 +29,7 @@ defmodule CodeCorpsWeb.TaskSkillController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %TaskSkill{}, params), {:ok, %TaskSkill{} = task_skill} <- %TaskSkill{} |> TaskSkill.create_changeset(params) |> Repo.insert do @@ -41,7 +41,7 @@ defmodule CodeCorpsWeb.TaskSkillController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %TaskSkill{} = task_skill <- TaskSkill |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, task_skill), {:ok, %TaskSkill{} = _task_skill} <- task_skill |> Repo.delete do diff --git a/lib/code_corps_web/controllers/token_controller.ex b/lib/code_corps_web/controllers/token_controller.ex index c64b3069d..9be02d505 100644 --- a/lib/code_corps_web/controllers/token_controller.ex +++ b/lib/code_corps_web/controllers/token_controller.ex @@ -2,14 +2,13 @@ defmodule CodeCorpsWeb.TokenController do @moduledoc false use CodeCorpsWeb, :controller import Comeonin.Bcrypt, only: [checkpw: 2, dummy_checkpw: 0] - alias CodeCorpsWeb.GuardianSerializer alias CodeCorps.Repo alias CodeCorps.User def create(conn, params = %{"username" => _, "password" => _}) do case login_by_email_and_pass(params) do {:ok, user} -> - {:ok, token, _claims} = user |> Guardian.encode_and_sign(:token) + {:ok, token, _claims} = user |> CodeCorps.Guardian.encode_and_sign() conn |> Plug.Conn.assign(:current_user, user) @@ -27,9 +26,9 @@ defmodule CodeCorpsWeb.TokenController do end def refresh(conn, %{"token" => current_token}) do - with {:ok, claims} <- Guardian.decode_and_verify(current_token), - {:ok, new_token, new_claims} <- Guardian.refresh!(current_token, claims, %{ttl: {30, :days}}), - {:ok, user} <- GuardianSerializer.from_token(new_claims["sub"]) do + with {:ok, _claims} <- CodeCorps.Guardian.decode_and_verify(current_token), + {:ok, _, {new_token, new_claims}} <- CodeCorps.Guardian.refresh(current_token), + {:ok, user} <- CodeCorps.Guardian.resource_from_claims(new_claims) do conn |> Plug.Conn.assign(:current_user, user) |> put_status(:created) diff --git a/lib/code_corps_web/controllers/user_category_controller.ex b/lib/code_corps_web/controllers/user_category_controller.ex index 9aefbc459..f114f515b 100644 --- a/lib/code_corps_web/controllers/user_category_controller.ex +++ b/lib/code_corps_web/controllers/user_category_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.UserCategoryController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %UserCategory{}, params), {:ok, %UserCategory{} = user_category} <- %UserCategory{} |> UserCategory.create_changeset(params) |> Repo.insert do @@ -35,7 +35,7 @@ defmodule CodeCorpsWeb.UserCategoryController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %UserCategory{} = user_category <- UserCategory |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, user_category), {:ok, %UserCategory{} = _user_category} <- user_category |> Repo.delete do diff --git a/lib/code_corps_web/controllers/user_controller.ex b/lib/code_corps_web/controllers/user_controller.ex index b0de51a90..d3ccbc30d 100644 --- a/lib/code_corps_web/controllers/user_controller.ex +++ b/lib/code_corps_web/controllers/user_controller.ex @@ -45,7 +45,7 @@ defmodule CodeCorpsWeb.UserController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %User{} = user <- User |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, user), {:ok, user, _, _} <- user |> UserService.update(params), user <- preload(user) diff --git a/lib/code_corps_web/controllers/user_role_controller.ex b/lib/code_corps_web/controllers/user_role_controller.ex index 13db8e825..c4991954a 100644 --- a/lib/code_corps_web/controllers/user_role_controller.ex +++ b/lib/code_corps_web/controllers/user_role_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.UserRoleController do @spec create(Plug.Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %UserRole{}, params), {:ok, %UserRole{} = user_role} <- %UserRole{} |> UserRole.create_changeset(params) |> Repo.insert do conn |> put_status(:created) |> render("show.json-api", data: user_role) @@ -34,7 +34,7 @@ defmodule CodeCorpsWeb.UserRoleController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %UserRole{} = user_role <- UserRole |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, user_role), {:ok, %UserRole{} = _user_role} <- user_role |> Repo.delete do diff --git a/lib/code_corps_web/controllers/user_skill_controller.ex b/lib/code_corps_web/controllers/user_skill_controller.ex index 6c9f6fe3e..e258c2d11 100644 --- a/lib/code_corps_web/controllers/user_skill_controller.ex +++ b/lib/code_corps_web/controllers/user_skill_controller.ex @@ -24,7 +24,7 @@ defmodule CodeCorpsWeb.UserSkillController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %UserSkill{}, params), {:ok, %UserSkill{} = user_skill} <- %UserSkill{} |> UserSkill.create_changeset(params) |> Repo.insert do @@ -35,7 +35,7 @@ defmodule CodeCorpsWeb.UserSkillController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %UserSkill{} = user_skill <- UserSkill |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, user_skill), {:ok, %UserSkill{} = _user_skill} <- user_skill |> Repo.delete do diff --git a/lib/code_corps_web/controllers/user_task_controller.ex b/lib/code_corps_web/controllers/user_task_controller.ex index a0d0a787e..21404f346 100644 --- a/lib/code_corps_web/controllers/user_task_controller.ex +++ b/lib/code_corps_web/controllers/user_task_controller.ex @@ -28,7 +28,7 @@ defmodule CodeCorpsWeb.UserTaskController do @spec create(Conn.t, map) :: Conn.t def create(%Conn{} = conn, %{} = params) do - with %User{} = current_user <- conn |> Guardian.Plug.current_resource, + with %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:create, %UserTask{}, params), {:ok, %UserTask{} = user_task} <- %UserTask{} |> UserTask.create_changeset(params) |> Repo.insert do @@ -41,7 +41,7 @@ defmodule CodeCorpsWeb.UserTaskController do @spec update(Conn.t, map) :: Conn.t def update(%Conn{} = conn, %{"id" => id} = params) do with %UserTask{} = user_task <- UserTask |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:update, user_task), {:ok, %UserTask{} = user_task} <- user_task |> UserTask.update_changeset(params) |> Repo.update do @@ -54,7 +54,7 @@ defmodule CodeCorpsWeb.UserTaskController do @spec delete(Conn.t, map) :: Conn.t def delete(%Conn{} = conn, %{"id" => id} = _params) do with %UserTask{} = user_task <- UserTask |> Repo.get(id), - %User{} = current_user <- conn |> Guardian.Plug.current_resource, + %User{} = current_user <- conn |> CodeCorps.Guardian.Plug.current_resource, {:ok, :authorized} <- current_user |> Policy.authorize(:delete, user_task), {:ok, %UserTask{} = _user_task} <- user_task |> Repo.delete do diff --git a/lib/code_corps_web/guardian_serializer.ex b/lib/code_corps_web/guardian_serializer.ex deleted file mode 100644 index bfdb921c5..000000000 --- a/lib/code_corps_web/guardian_serializer.ex +++ /dev/null @@ -1,33 +0,0 @@ -defmodule CodeCorpsWeb.GuardianSerializer do - alias CodeCorps.Project - alias CodeCorps.Repo - alias CodeCorps.User - - @behaviour Guardian.Serializer - - def for_token(project = %Project{}), do: {:ok, "Project:#{project.id}"} - def for_token(user = %User{}), do: {:ok, "User:#{user.id}"} - def for_token(_), do: {:error, "Unknown resource type"} - - def from_token("Project:" <> id), do: {:ok, Repo.get(Project, id)} - def from_token("User:" <> id) do - user = Repo.get(User, id) - - if user do - name = full_name(user) - %Timber.Contexts.UserContext{id: user.id, email: user.email, name: name} - |> Timber.add_context() - end - - {:ok, user} - end - def from_token(_), do: {:error, "Unknown resource type"} - - defp full_name(%User{first_name: nil, last_name: nil}), do: "" - defp full_name(%User{first_name: first_name, last_name: nil}), do: first_name - defp full_name(%User{first_name: nil, last_name: last_name}), do: last_name - defp full_name(%User{first_name: first_name, last_name: last_name}) do - first_name <> " " <> last_name - end - defp full_name(_), do: "" -end diff --git a/lib/code_corps_web/router.ex b/lib/code_corps_web/router.ex index 2f9599ac0..25eed5668 100644 --- a/lib/code_corps_web/router.ex +++ b/lib/code_corps_web/router.ex @@ -17,12 +17,11 @@ defmodule CodeCorpsWeb.Router do end pipeline :bearer_auth do - plug Guardian.Plug.VerifyHeader, realm: "Bearer" - plug Guardian.Plug.LoadResource + plug CodeCorps.Auth.BearerAuthPipeline end pipeline :ensure_auth do - plug Guardian.Plug.EnsureAuthenticated + plug CodeCorps.Auth.EnsureAuthPipeline end pipeline :current_user do diff --git a/mix.exs b/mix.exs index bc8aec455..7905e8094 100644 --- a/mix.exs +++ b/mix.exs @@ -64,7 +64,7 @@ defmodule CodeCorps.Mixfile do {:excoveralls, "~> 0.7", only: :test}, # Test coverage {:ex_doc, "~> 0.17", only: [:dev, :test]}, {:ex_machina, "~> 2.0", only: :test}, # test factories - {:guardian, "~> 0.14"}, # Authentication (JWT) + {:guardian, "~> 1.0"}, # Authentication (JWT) {:hackney, ">= 1.4.4"}, {:httpoison, "~> 0.13"}, {:inch_ex, "~> 0.5", only: [:dev, :test]}, # Inch CI @@ -220,7 +220,6 @@ defmodule CodeCorps.Mixfile do CodeCorpsWeb.Endpoint, CodeCorpsWeb.ErrorHelpers, CodeCorpsWeb.Gettext, - CodeCorpsWeb.GuardianSerializer, CodeCorpsWeb.Router, CodeCorpsWeb.Router.Helpers, CodeCorpsWeb.UserSocket diff --git a/mix.lock b/mix.lock index c9d942bd1..b989d112d 100644 --- a/mix.lock +++ b/mix.lock @@ -29,7 +29,7 @@ "file_system": {:hex, :file_system, "0.2.2", "7f1e9de4746f4eb8a4ca8f2fbab582d84a4e40fa394cce7bfcb068b988625b06", [], [], "hexpm"}, "fs": {:hex, :fs, "0.9.2", "ed17036c26c3f70ac49781ed9220a50c36775c6ca2cf8182d123b6566e49ec59", [:rebar], []}, "gettext": {:hex, :gettext, "0.13.1", "5e0daf4e7636d771c4c71ad5f3f53ba09a9ae5c250e1ab9c42ba9edccc476263", [:mix], []}, - "guardian": {:hex, :guardian, "0.14.5", "6d4e89b673accdacbc092ad000dc7494019426bd898eebf699caf1d19000cdcd", [:mix], [{:jose, "~> 1.8", [hex: :jose, optional: false]}, {:phoenix, "~> 1.2 and < 1.4.0", [hex: :phoenix, optional: true]}, {:plug, "~> 1.3", [hex: :plug, optional: false]}, {:poison, ">= 1.3.0 and < 4.0.0", [hex: :poison, optional: false]}, {:uuid, ">=1.1.1", [hex: :uuid, optional: false]}]}, + "guardian": {:hex, :guardian, "1.0.0", "21bae2a8c0b4ed5943d9da0c6aeb16e52874c1f675de5d7920ae35471c6263f9", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}, {:uuid, ">= 1.1.1", [hex: :uuid, repo: "hexpm", optional: false]}], "hexpm"}, "hackney": {:hex, :hackney, "1.10.1", "c38d0ca52ea80254936a32c45bb7eb414e7a96a521b4ce76d00a69753b157f21", [:rebar3], [{:certifi, "2.0.0", [hex: :certifi, optional: false]}, {:idna, "5.1.0", [hex: :idna, optional: false]}, {:metrics, "1.0.1", [hex: :metrics, optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, optional: false]}]}, "httpoison": {:hex, :httpoison, "0.13.0", "bfaf44d9f133a6599886720f3937a7699466d23bb0cd7a88b6ba011f53c6f562", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, optional: false]}]}, "idna": {:hex, :idna, "5.1.0", "d72b4effeb324ad5da3cab1767cb16b17939004e789d8c0ad5b70f3cea20c89a", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, optional: false]}]}, diff --git a/test/lib/code_corps/emails/project_user_request_email_test.exs b/test/lib/code_corps/emails/project_user_request_email_test.exs index 46a07cb6e..c7f54cb93 100644 --- a/test/lib/code_corps/emails/project_user_request_email_test.exs +++ b/test/lib/code_corps/emails/project_user_request_email_test.exs @@ -12,7 +12,9 @@ defmodule CodeCorps.Emails.ProjectUserRequestEmailTest do email = ProjectUserRequestEmail.create(project_user) assert email.from == "Code Corps" - assert email.to == [owner1.email, owner2.email] + assert Enum.count(email.to) == 2 + assert Enum.member?(email.to, owner1.email) + assert Enum.member?(email.to, owner2.email) template_model = email.private.template_model diff --git a/test/lib/code_corps_web/controllers/password_controller_test.exs b/test/lib/code_corps_web/controllers/password_controller_test.exs index b578940b2..08f8942b5 100644 --- a/test/lib/code_corps_web/controllers/password_controller_test.exs +++ b/test/lib/code_corps_web/controllers/password_controller_test.exs @@ -30,7 +30,7 @@ defmodule CodeCorpsWeb.PasswordControllerTest do %AuthToken{value: token} = Repo.get_by(AuthToken, user_id: user.id) assert_delivered_email CodeCorps.Emails.ForgotPasswordEmail.create(user, token) - refute Guardian.Plug.authenticated?(conn) + refute CodeCorps.Guardian.Plug.authenticated?(conn) end test "does not create resource and renders 200 when email is invalid", %{conn: conn} do diff --git a/test/lib/code_corps_web/controllers/password_reset_controller_test.exs b/test/lib/code_corps_web/controllers/password_reset_controller_test.exs index 0c158a5f7..9e3205425 100644 --- a/test/lib/code_corps_web/controllers/password_reset_controller_test.exs +++ b/test/lib/code_corps_web/controllers/password_reset_controller_test.exs @@ -1,16 +1,12 @@ defmodule CodeCorpsWeb.PasswordResetControllerTest do - @moduledoc false - use CodeCorpsWeb.ApiCase, resource_name: :password_reset - import CodeCorps.TestEnvironmentHelper - alias CodeCorps.{User, AuthToken} + import CodeCorps.TestEnvironmentHelper, only: [modify_env: 2] + alias CodeCorps.{AuthToken, User} test "updates user password when data is valid and deletes auth token model", %{conn: conn} do current_user = insert(:user) {:ok, auth_token} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert - assert AuthToken |> Repo.get(auth_token.id) |> Map.get(:id) == auth_token.id - attrs = %{"token" => auth_token.value, "password" => "123456", "password_confirmation" => "123456"} conn = post conn, password_reset_path(conn, :reset_password), attrs response = json_response(conn, 201) @@ -24,7 +20,7 @@ defmodule CodeCorpsWeb.PasswordResetControllerTest do test "does not create resource and renders errors when password does not match", %{conn: conn} do current_user = insert(:user) - {:ok, auth_token} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert + {:ok, auth_token} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert() attrs = %{"token" => auth_token.value, "password" => "123456", "password_confirmation" => "another"} conn = post conn, password_reset_path(conn, :reset_password), attrs response = json_response(conn, 422) @@ -34,7 +30,7 @@ defmodule CodeCorpsWeb.PasswordResetControllerTest do test "does not create resource and renders errors when token is invalid", %{conn: conn} do current_user = insert(:user) - {:ok, _} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert + {:ok, _} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert() attrs = %{"token" => "random token", "password" => "123456", "password_confirmation" => "123456"} conn = post conn, password_reset_path(conn, :reset_password), attrs @@ -45,10 +41,10 @@ defmodule CodeCorpsWeb.PasswordResetControllerTest do modify_env(:code_corps, password_reset_timeout: 0) current_user = insert(:user) - {:ok, auth_token} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert + {:ok, auth_token} = AuthToken.changeset(%AuthToken{}, current_user) |> Repo.insert() attrs = %{"token" => auth_token.value, "password" => "123456", "password_confirmation" => "123456"} conn = post conn, password_reset_path(conn, :reset_password), attrs + assert json_response(conn, 404) end - end diff --git a/test/lib/code_corps_web/controllers/token_controller_test.exs b/test/lib/code_corps_web/controllers/token_controller_test.exs index 082d37a6a..2956e6093 100644 --- a/test/lib/code_corps_web/controllers/token_controller_test.exs +++ b/test/lib/code_corps_web/controllers/token_controller_test.exs @@ -78,8 +78,8 @@ defmodule CodeCorpsWeb.TokenControllerTest do describe "refresh" do test "refreshes JWT and returns JWT and user ID when data is valid", %{conn: conn} do - user = build(:user, %{password: "password"}) |> set_password("password") |> insert - {:ok, token, _claims} = user |> Guardian.encode_and_sign(:token) + user = build(:user, %{password: "password"}) |> set_password("password") |> insert() + {:ok, token, _claims} = user |> CodeCorps.Guardian.encode_and_sign() conn = post conn, token_path(conn, :refresh), %{token: token} @@ -89,8 +89,9 @@ defmodule CodeCorpsWeb.TokenControllerTest do end test "does not authenticate and renders errors when the token is expired", %{conn: conn} do - user = build(:user, %{password: "password"}) |> set_password("password") |> insert - {:ok, token, _claims} = user |> Guardian.encode_and_sign(:token, %{ "exp" => Guardian.Utils.timestamp - 10}) + user = build(:user, %{password: "password"}) |> set_password("password") |> insert() + claims = %{ "exp" => Guardian.timestamp - 10} + {:ok, token, _claims} = user |> CodeCorps.Guardian.encode_and_sign(claims) conn = post conn, token_path(conn, :refresh), %{token: token} diff --git a/test/lib/code_corps_web/plugs/current_user_test.exs b/test/lib/code_corps_web/plugs/current_user_test.exs index 2c94c58e2..65c801737 100644 --- a/test/lib/code_corps_web/plugs/current_user_test.exs +++ b/test/lib/code_corps_web/plugs/current_user_test.exs @@ -1,13 +1,9 @@ defmodule CodeCorpsWeb.Plug.CurrentUserTest do - use CodeCorpsWeb.ConnCase test "sets conn.assigns[:current_user] if user is authenticated" do user = build(:user, first_name: "John"); - conn = Guardian.Plug.set_current_resource( - build_conn(), - user - ) + conn = CodeCorps.Guardian.Plug.put_current_resource(build_conn(), user) result_conn = CodeCorpsWeb.Plug.CurrentUser.call(conn, []) assert result_conn.assigns[:current_user] == user end @@ -16,5 +12,6 @@ defmodule CodeCorpsWeb.Plug.CurrentUserTest do conn = build_conn() result_conn = CodeCorpsWeb.Plug.CurrentUser.call(conn, []) assert result_conn == conn + refute result_conn.assigns[:current_user] end end diff --git a/test/support/authentication_test_helpers.ex b/test/support/authentication_test_helpers.ex index c4a5f7ed6..9e6e04f74 100644 --- a/test/support/authentication_test_helpers.ex +++ b/test/support/authentication_test_helpers.ex @@ -10,9 +10,9 @@ defmodule CodeCorps.AuthenticationTestHelpers do end def authenticate(conn, user) do - {:ok, jwt, _} = Guardian.encode_and_sign(user) + {:ok, token, _} = user |> CodeCorps.Guardian.encode_and_sign() conn - |> put_req_header("authorization", "Bearer #{jwt}") + |> put_req_header("authorization", "Bearer #{token}") end end