Skip to content

Commit

Permalink
Update docs to account for unconfirmed users
Browse files Browse the repository at this point in the history
Ensure oauth users cannot login with unconfirmed account team-alembic#443
  • Loading branch information
dan-klasson committed Aug 19, 2024
1 parent 5d4f20b commit 8b940a2
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
13 changes: 13 additions & 0 deletions documentation/tutorials/github.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,14 @@ defmodule MyApp.Accounts.User do
create :register_with_github do
argument :user_info, :map, allow_nil?: false
argument :oauth_tokens, :map, allow_nil?: false
# Add oauth2 if an account with this email address already exists
upsert? true
upsert_identity :email

# Fields you want to set if a matching user exists, *don't* include `confirmed_at`
upsert_fields []
change set_attribute(:confirmed_at, &DateTime.utc_now/0)

# Required if you have token generation enabled.
change AshAuthentication.GenerateTokenChange

Expand All @@ -130,6 +135,14 @@ defmodule MyApp.Accounts.User do

Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
end

# Ensure non-confirmed users can't sign up with oauth
change after_action(fn _changeset, user, _context ->
case user.confirmed_at do
nil -> {:error, "Unconfirmed user exists already"}
_ -> {:ok, user}
end
end)
end
end

Expand Down
15 changes: 14 additions & 1 deletion documentation/tutorials/google.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,19 +46,32 @@ defmodule MyApp.Accounts.User do
create :register_with_google do
argument :user_info, :map, allow_nil?: false
argument :oauth_tokens, :map, allow_nil?: false
# Add oauth2 if an account with this email address already exists
upsert? true
upsert_identity :email

# Fields you want to set if a matching user exists, *don't* include `confirmed_at`
upsert_fields []
change set_attribute(:confirmed_at, &DateTime.utc_now/0)

change AshAuthentication.GenerateTokenChange

# Required if you have the `identity_resource` configuration enabled.
change AshAuthentication.Strategy.OAuth2.IdentityChange

change fn changeset, _ ->
change fn changeset, _context ->
user_info = Ash.Changeset.get_argument(changeset, :user_info)

Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
end

# Ensure non-confirmed users can't sign up with oauth
change after_action(fn _changeset, user, _context ->
case user.confirmed_at do
nil -> {:error, "Unconfirmed user exists already"}
_ -> {:ok, user}
end
end)
end
end

Expand Down

0 comments on commit 8b940a2

Please sign in to comment.