dewetblomerus · dewetblomerus · Sep 30, 2023 · Sep 26, 2023 · Sep 27, 2023 · Sep 27, 2023
diff --git a/.gitignore b/.gitignore
@@ -35,3 +35,4 @@ red-*.tar
 npm-debug.log
 /assets/node_modules/
 
+/config/dev_secrets.exs
diff --git a/config/dev.exs b/config/dev.exs
@@ -77,3 +77,5 @@ config :phoenix, :plug_init_mode, :runtime
 
 # Disable swoosh api client as it is only required for production adapters.
 config :swoosh, :api_client, false
+
+import_config "dev_secrets.exs"
diff --git a/config/dev_secrets.example.exs b/config/dev_secrets.example.exs
@@ -0,0 +1,9 @@
+import Config
+
+config :red,
+  auth0: {
+    client_id: "auth0-client-id",
+    redirect_uri: "http://localhost:4000/auth",
+    client_secret: "auth0-client-secret",
+    site: "auth0-domain"
+  }
diff --git a/lib/red/accounts/accounts.ex b/lib/red/accounts/accounts.ex
@@ -3,6 +3,5 @@ defmodule Red.Accounts do
 
   resources do
     resource Red.Accounts.User
-    resource Red.Accounts.Token
   end
 end
diff --git a/lib/red/accounts/resources/token.ex b/lib/red/accounts/resources/token.ex
diff --git a/lib/red/accounts/resources/user.ex b/lib/red/accounts/resources/user.ex
@@ -6,29 +6,19 @@ defmodule Red.Accounts.User do
   attributes do
     uuid_primary_key :id
     attribute :email, :ci_string, allow_nil?: false
-    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
   end
 
   authentication do
     api Red.Accounts
 
     strategies do
-      password :password do
-        identity_field(:email)
-        sign_in_tokens_enabled?(true)
-
-        resettable do
-          sender Red.Accounts.User.Senders.SendPasswordResetEmail
-        end
+      auth0 do
+        client_id Red.Secrets
+        redirect_uri Red.Secrets
+        client_secret Red.Secrets
+        site Red.Secrets
       end
     end
-
-    tokens do
-      enabled?(true)
-      token_resource(Red.Accounts.Token)
-
-      signing_secret(Red.Accounts.Secrets)
-    end
   end
 
   postgres do
@@ -40,10 +30,24 @@ defmodule Red.Accounts.User do
     identity :unique_email, [:email]
   end
 
-  # If using policies, add the following bypass:
-  # policies do
-  #   bypass AshAuthentication.Checks.AshAuthenticationInteraction do
-  #     authorize_if always()
-  #   end
-  # end
+  actions do
+    create :register_with_auth0 do
+      argument :user_info, :map, allow_nil?: false
+      argument :oauth_tokens, :map, allow_nil?: false
+      upsert? true
+      upsert_identity :unique_email
+
+      # Required if you have token generation enabled.
+      change AshAuthentication.GenerateTokenChange
+
+      # Required if you have the `identity_resource` configuration enabled.
+      change AshAuthentication.Strategy.OAuth2.IdentityChange
+
+      change fn changeset, _ ->
+        user_info = Ash.Changeset.get_argument(changeset, :user_info)
+
+        Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
+      end
+    end
+  end
 end
diff --git a/lib/red/accounts/user/senders/send_password_reset_email.ex b/lib/red/accounts/user/senders/send_password_reset_email.ex
diff --git a/lib/red/secrets.ex b/lib/red/secrets.ex
@@ -0,0 +1,26 @@
+defmodule Red.Secrets do
+  use AshAuthentication.Secret
+
+  def secret_for([:authentication, :strategies, :auth0, :client_id], Red.Accounts.User, _) do
+    get_config(:client_id)
+  end
+
+  def secret_for([:authentication, :strategies, :auth0, :redirect_uri], Red.Accounts.User, _) do
+    get_config(:redirect_uri)
+  end
+
+  def secret_for([:authentication, :strategies, :auth0, :client_secret], Red.Accounts.User, _) do
+    get_config(:client_secret)
+  end
+
+  def secret_for([:authentication, :strategies, :auth0, :site], Red.Accounts.User, _) do
+    get_config(:site)
+  end
+
+  defp get_config(key) do
+    :red
+    |> Application.fetch_env!(:auth0)
+    |> Map.fetch!(key)
+    |> then(&{:ok, &1})
+  end
+end
diff --git a/...ons/20230923004958_add_user_and_token.exs → ...igrations/20230927133212_create_users.exs b/...ons/20230923004958_add_user_and_token.exs → ...igrations/20230927133212_create_users.exs
@@ -1,4 +1,4 @@
-defmodule Red.Repo.Migrations.AddUserAndToken do
+defmodule Red.Repo.Migrations.CreateUsers do
   @moduledoc """
   Updates resources based on their most recent snapshots.
 
@@ -11,27 +11,14 @@ defmodule Red.Repo.Migrations.AddUserAndToken do
     create table(:users, primary_key: false) do
       add :id, :uuid, null: false, default: fragment("uuid_generate_v4()"), primary_key: true
       add :email, :citext, null: false
-      add :hashed_password, :text, null: false
     end
 
     create unique_index(:users, [:email], name: "users_unique_email_index")
-
-    create table(:tokens, primary_key: false) do
-      add :updated_at, :utc_datetime_usec, null: false, default: fragment("now()")
-      add :created_at, :utc_datetime_usec, null: false, default: fragment("now()")
-      add :extra_data, :map
-      add :purpose, :text, null: false
-      add :expires_at, :utc_datetime, null: false
-      add :subject, :text, null: false
-      add :jti, :text, null: false, primary_key: true
-    end
   end
 
   def down do
-    drop table(:tokens)
-
     drop_if_exists unique_index(:users, [:email], name: "users_unique_email_index")
 
     drop table(:users)
   end
-end
+end
diff --git a/priv/resource_snapshots/repo/tokens/20230923004958.json b/priv/resource_snapshots/repo/tokens/20230923004958.json
diff --git a/..._snapshots/repo/users/20230923004958.json → ..._snapshots/repo/users/20230927133212.json b/..._snapshots/repo/users/20230923004958.json → ..._snapshots/repo/users/20230927133212.json
@@ -19,20 +19,10 @@
       "allow_nil?": false,
       "generated?": false,
       "primary_key?": false
-    },
-    {
-      "default": "nil",
-      "size": null,
-      "type": "text",
-      "source": "hashed_password",
-      "references": null,
-      "allow_nil?": false,
-      "generated?": false,
-      "primary_key?": false
     }
   ],
   "table": "users",
-  "hash": "C2F5033DBECAB717D8278AAB6F457B5F3240AB834AD3965E2E1823B8A52CE352",
+  "hash": "64AD5B7122C2C5151DE1E2493CC4D20B39C25252B389C8F83C9DDC30FBF58BED",
   "repo": "Elixir.Red.Repo",
   "identities": [
     {