This module provides api for registration and login users in your site (or any other system). Supports login with email/password and socials (facebook.com, vk.com, google.com). It also provides api that helps to build OAuth2 authentication service, i.e. methods to manage OAuth entities such as OAuth client, authorization code and access token.
Requires tarantool >= 1.7.4.168
Using tarantoolctl:
$ tarantoolctl rocks install authman
Also available .rpm and .deb packages:
# CentOS
$ yum install tarantool-authman
# Ubuntu
$ apt-get install tarantool-authman
Create tarantool instance file /etc/tarantool/instances.available/tarantool-authman.lua:
box.cfg {
listen = 3302,
}
local config = {
-- configuration table, details below
}
auth = require('authman').api(config)
Create symlink in /etc/tarantool/instances.enabled:
$ ln -s /etc/tarantool/instances.available/tarantool-authman.lua .
Run tarantool and connect to it:
$ tarantoolctl start tarantool-authman
$ tarantoolctl enter tarantool-authman
Use auth api:
tarantool> ok, user = auth.registration('example@mail.ru')
tarantool> ok, user = auth.complete_registration('example@mail.ru', user.code, 'Pa$$wOrD')
tarantool> ok, user = auth.set_profile(user['id'], {first_name='name', laste_name='surname'})
tarantool> ok, user = auth.auth('example@mail.ru', 'Pa$$wOrD')
tarantool> session = user['session']
tarantool> ok, user = auth.check_auth(session) -- user can get new session
Example of my_config.lua module, fill empty strings with your values:
return {
activation_secret = '',
session_secret = '',
restore_secret = '',
session_lifetime = 7 * 24 * 60 * 60,
session_update_timedelta = 2 * 24 * 60* 60,
social_check_time = 60 * 60* 24,
-- password_strength can be:
-- none, whocares, easy, common, moderate, violence, nightmare,
password_strength = 'common', -- default value
facebook = {
client_id = '',
client_secret = '',
redirect_uri='',
},
google = {
client_id = '',
client_secret = '',
redirect_uri=''
},
vk = {
client_id = '',
client_secret = '',
redirect_uri='',
},
}
tarantool> ok, user = auth.registration('aaa@mail.ru')
tarantool> user.code
- 022c1ff1f0b171e51cb6c6e32aefd6ab
Creates user, return user with code for email confirmation.
tarantool> ok, user = auth.complete_registration('aaa@mail.ru', code, '123')
tarantool> user
- is_active: true
email: aaa@mail.ru
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
Set user is_active=true and password, return user table (without session)
tarantool> ok, user = auth.set_profile(id, {first_name='name', last_name='surname'})
tarantool> user
- is_active: true
email: aaa@mail.ru
profile: {'first_name': 'name', last_name='surname'}
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
Set user profile first_name and last_name
tarantool> ok, user = auth.get_profile(id)
tarantool> user
---
- is_active: true
email: aaa@mail.ru
profile: {'first_name': 'name', last_name='surname'}
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
...
Get user profile details by id
tarantool> auth.delete_user(id)
---
- is_active: true
email: aaa@mail.ru
profile: {'first_name': 'name', last_name='surname'}
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
...
Delete user from space
tarantool> ok, user = auth.auth('aaa@mail.ru', '123')
tarantool> user
- is_active: true
email: aaa@mail.ru
session:'eyJ1c2VyX2lkIjoiYjhjOWVlOWQtYWUxN....'
id: b8c9ee9d-ae15-469d-a16f-415594121ece
Sign in user, return user table (with session)
tarantool> ok, user = auth.check_auth(session)
tarantool> user
- is_active: true
email: aaa@mail.ru
session: 'eyJ1c2VyX2lkIjoiYjhjOWVlOWQtYWUxNS00Nj.....'
id: b8c9ee9d-ae15-469d-a16f-415594121ece
Check user is signed in, return user table (with new session)
Session can be renewed, so set it again after each call oh this method
User will contain social info, if passed session generated by using auth.social_auth() method:
tarantool> user
- is_active: true
social:
provider: facebook
social_id: '123123....'
email: aaa@mail.ru
session: 'eyJ1c2VyX2lkIjoiYjhjOWVlOWQtYWUxNS00Nj.....'
id: b8c9ee9d-ae15-469d-a16f-415594121ece
tarantool> ok, deleted = auth.drop_session(session)
tarantool> deleted
- true
Drop user session
tarantool> ok, token = auth.restore_password('aaa@mail.ru')
tarantool> token
- 8b9c03b7786a465e2175bb1a8bd8a59f
Get restore password token
tarantool> ok, user = auth.complete_restore_password('aaa@mail.ru', code, '234')
tarantool> user
- is_active: true
email: aaa@mail.ru
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
Set new password, return user table (without session)
tarantool> ok, url = auth.social_auth_url('facebook', 'some-state-string')
tarantool> url
- https://www.facebook.com/v2.8/dialog/oauth?client_id=1813230128941062&redirect_uri={redirect}&scope=email&state=some-state-string
Return url for social auth. State is optional but recommended for csrf protection.
tarantool> ok, user = auth.social_auth('facebook', code)
tarantool> user
- is_active: true
social:
provider: facebook
social_id: '123123....'
profile: {'first_name': 'a', 'last_name': 'aa'}
id: bcb6e00a-1148-4b7d-9ab1-9a9a3b21ce2a
email: aaa@mail.ru
session: 'eyJ1c2VyX2lkIj.....'
Sign in user, return user table (with session)
If first parametr (ok - bool) is false then error is occured. Error description will be stored in second param like:
error = {code = description}
Example:
tarantool> ok, user = auth.registration('aaa@mail.ru')
tarantool> ok
- false
tarantool> user
- '2': User already exists
Complete list of error codes:
error.USER_NOT_FOUND = '1'
error.USER_ALREADY_EXISTS = '2'
error.INVALID_PARAMS = '3'
error.USER_NOT_ACTIVE = '4'
error.WRONG_PASSWORD = '5'
error.WRONG_ACTIVATION_CODE = '6'
error.WRONG_SESSION_SIGN = '7'
error.NOT_AUTHENTICATED = '8'
error.WRONG_RESTORE_TOKEN = '9'
error.USER_ALREADY_ACTIVE = '10'
error.WRONG_AUTH_CODE = '11'
error.IMPROPERLY_CONFIGURED = '12'
error.WRONG_PROVIDER = '13'
error.WEAK_PASSWORD = '14'
error.SOCIAL_AUTH_ERROR = '15'
error.OAUTH_APP_ALREADY_EXISTS = '16'
error.OAUTH_APP_NOT_FOUND = '17'
error.OAUTH_CONSUMER_NOT_FOUND = '18'
error.OAUTH_MAX_APPS_REACHED = '19'
error.OAUTH_CODE_NOT_FOUND = '20'
error.OAUTH_ACCESS_TOKEN_NOT_FOUND = '21'
To perform tests run this in directory with tarantool-authman module:
$ tarantool test/authman.test.lua