2020-05-07 10:14:54 +02:00
|
|
|
# Pleroma: A lightweight social networking server
|
2020-05-18 14:15:51 +02:00
|
|
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
2020-05-07 10:14:54 +02:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.MFA.Token do
|
|
|
|
use Ecto.Schema
|
|
|
|
import Ecto.Query
|
|
|
|
import Ecto.Changeset
|
|
|
|
|
|
|
|
alias Pleroma.Repo
|
|
|
|
alias Pleroma.User
|
|
|
|
alias Pleroma.Web.OAuth.Authorization
|
|
|
|
|
|
|
|
@expires 300
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
@type t() :: %__MODULE__{}
|
|
|
|
|
2020-05-07 10:14:54 +02:00
|
|
|
schema "mfa_tokens" do
|
|
|
|
field(:token, :string)
|
|
|
|
field(:valid_until, :naive_datetime_usec)
|
|
|
|
|
|
|
|
belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
|
|
|
|
belongs_to(:authorization, Authorization)
|
|
|
|
|
|
|
|
timestamps()
|
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
|
2020-05-07 10:14:54 +02:00
|
|
|
def get_by_token(token) do
|
|
|
|
from(
|
|
|
|
t in __MODULE__,
|
|
|
|
where: t.token == ^token,
|
|
|
|
preload: [:user, :authorization]
|
|
|
|
)
|
|
|
|
|> Repo.find_resource()
|
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
@spec validate(String.t()) :: {:ok, t()} | {:error, :not_found} | {:error, :expired_token}
|
|
|
|
def validate(token_str) do
|
|
|
|
with {:ok, token} <- get_by_token(token_str),
|
|
|
|
false <- expired?(token) do
|
2020-05-07 10:14:54 +02:00
|
|
|
{:ok, token}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
defp expired?(%__MODULE__{valid_until: valid_until}) do
|
|
|
|
with true <- NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0 do
|
|
|
|
{:error, :expired_token}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@spec create(User.t(), Authorization.t() | nil) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
|
|
|
|
def create(user, authorization \\ nil) do
|
|
|
|
with {:ok, token} <- do_create(user, authorization) do
|
|
|
|
Pleroma.Workers.PurgeExpiredToken.enqueue(%{
|
|
|
|
token_id: token.id,
|
|
|
|
valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC"),
|
|
|
|
mod: __MODULE__
|
|
|
|
})
|
|
|
|
|
|
|
|
{:ok, token}
|
|
|
|
end
|
2020-05-07 10:14:54 +02:00
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
defp do_create(user, authorization) do
|
2020-05-07 10:14:54 +02:00
|
|
|
%__MODULE__{}
|
2020-09-05 17:35:01 +02:00
|
|
|
|> change()
|
2020-05-07 10:14:54 +02:00
|
|
|
|> assign_user(user)
|
2020-09-05 17:35:01 +02:00
|
|
|
|> maybe_assign_authorization(authorization)
|
|
|
|
|> put_token()
|
|
|
|
|> put_valid_until()
|
2020-05-07 10:14:54 +02:00
|
|
|
|> Repo.insert()
|
|
|
|
end
|
|
|
|
|
|
|
|
defp assign_user(changeset, user) do
|
|
|
|
changeset
|
|
|
|
|> put_assoc(:user, user)
|
|
|
|
|> validate_required([:user])
|
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
defp maybe_assign_authorization(changeset, %Authorization{} = authorization) do
|
2020-05-07 10:14:54 +02:00
|
|
|
changeset
|
|
|
|
|> put_assoc(:authorization, authorization)
|
|
|
|
|> validate_required([:authorization])
|
|
|
|
end
|
|
|
|
|
2020-09-05 17:35:01 +02:00
|
|
|
defp maybe_assign_authorization(changeset, _), do: changeset
|
|
|
|
|
2020-05-07 10:14:54 +02:00
|
|
|
defp put_token(changeset) do
|
2020-09-05 17:35:01 +02:00
|
|
|
token = Pleroma.Web.OAuth.Token.Utils.generate_token()
|
|
|
|
|
2020-05-07 10:14:54 +02:00
|
|
|
changeset
|
2020-09-05 17:35:01 +02:00
|
|
|
|> change(%{token: token})
|
2020-05-07 10:14:54 +02:00
|
|
|
|> validate_required([:token])
|
|
|
|
|> unique_constraint(:token)
|
|
|
|
end
|
|
|
|
|
|
|
|
defp put_valid_until(changeset) do
|
|
|
|
expires_in = NaiveDateTime.add(NaiveDateTime.utc_now(), @expires)
|
|
|
|
|
|
|
|
changeset
|
|
|
|
|> change(%{valid_until: expires_in})
|
|
|
|
|> validate_required([:valid_until])
|
|
|
|
end
|
|
|
|
end
|