Introduce authorizations with Rajska

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-03-17 18:10:59 +01:00
parent b6875f6a4b
commit 8984bd7636
95 changed files with 4560 additions and 1505 deletions
--- a/lib/web/auth/context.ex
+++ b/lib/web/auth/context.ex
@@ -38,7 +38,7 @@ defmodule Mobilizon.Web.Auth.Context do
          |> set_app_token_context(context, app_token)
          |> set_user_context(user)

-        nil ->
+        _ ->
          {conn, context}
      end

--- a/lib/web/auth/error_handler.ex
+++ b/lib/web/auth/error_handler.ex
@@ -3,11 +3,12 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
  In case we have an auth error
  """
  import Plug.Conn
+  require Logger

  # sobelow_skip ["XSS.SendResp"]
  @spec auth_error(Plug.Conn.t(), any(), any()) :: Plug.Conn.t()
-  def auth_error(conn, {type, _reason}, _opts) do
-    body = Jason.encode!(%{message: to_string(type)})
+  def auth_error(conn, {type, reason}, _opts) do
+    body = Jason.encode!(%{message: to_string(type), details: inspect(reason)})
    send_resp(conn, 401, body)
  end
 end
--- a/lib/web/auth/guardian.ex
+++ b/lib/web/auth/guardian.ex
@@ -43,7 +43,9 @@ defmodule Mobilizon.Web.Auth.Guardian do
          {:error, :invalid_id}
      end
    rescue
-      Ecto.NoResultsError -> {:error, :no_result}
+      e in Ecto.NoResultsError ->
+        Logger.warn("Received token claim for non existing user: #{inspect(e)}")
+        {:error, :no_result}
    end
  end

@@ -62,7 +64,9 @@ defmodule Mobilizon.Web.Auth.Guardian do
          {:error, :invalid_id}
      end
    rescue
-      Ecto.NoResultsError -> {:error, :no_result}
+      e in Ecto.NoResultsError ->
+        Logger.info("Received token claim for non existing app token: #{inspect(e.message)}")
+        {:error, :no_result}
    end
  end

@@ -79,6 +83,8 @@ defmodule Mobilizon.Web.Auth.Guardian do

  @spec on_verify(any(), any(), any()) :: {:ok, map()} | {:error, :token_not_found}
  def on_verify(claims, token, _options) do
+    Logger.debug("[Guardian] Called on_verify")
+
    with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
      {:ok, claims}
    end
@@ -86,6 +92,8 @@ defmodule Mobilizon.Web.Auth.Guardian do

  @spec on_revoke(any(), any(), any()) :: {:ok, map()} | {:error, :could_not_revoke_token}
  def on_revoke(claims, token, _options) do
+    Logger.debug("[Guardian] Called on_revoke")
+
    with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
      {:ok, claims}
    end
@@ -94,6 +102,8 @@ defmodule Mobilizon.Web.Auth.Guardian do
  @spec on_refresh({any(), any()}, {any(), any()}, any()) ::
          {:ok, {String.t(), map()}, {String.t(), map()}} | {:error, any()}
  def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
+    Logger.debug("[Guardian] Called on_refresh")
+
    with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
      {:ok, {old_token, old_claims}, {new_token, new_claims}}
    end
@@ -101,7 +111,10 @@ defmodule Mobilizon.Web.Auth.Guardian do

  @spec on_exchange(any(), any(), any()) ::
          {:ok, {String.t(), map()}, {String.t(), map()}} | {:error, any()}
-  def on_exchange(old_stuff, new_stuff, options), do: on_refresh(old_stuff, new_stuff, options)
+  def on_exchange(old_stuff, new_stuff, options) do
+    Logger.debug("[Guardian] Called on_exchange")
+    on_refresh(old_stuff, new_stuff, options)
+  end

  #  def build_claims(claims, _resource, opts) do
  #    claims = claims