Update docs to account for unconfirmed users

Ensure oauth users cannot login with unconfirmed account team-alembic#443
dan-klasson · Aug 19, 2024 · ec7576d · ec7576d
1 parent 3cabfd5
commit ec7576d
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/documentation/tutorials/github.md b/documentation/tutorials/github.md
@@ -116,8 +116,12 @@ defmodule MyApp.Accounts.User do
     create :register_with_github do
       argument :user_info, :map, allow_nil?: false
       argument :oauth_tokens, :map, allow_nil?: false
+      # Add oauth2 if an account with this email address already exists
       upsert? true
       upsert_identity :unique_email
+      # Fields you want to set if a matching user exists, *don't* include `confirmed_at`
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
 
       # Required if you have token generation enabled.
       change AshAuthentication.GenerateTokenChange
@@ -130,6 +134,14 @@ defmodule MyApp.Accounts.User do
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Ensure non-confirmed users can't sign up with oauth
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end
 

diff --git a/documentation/tutorials/google.md b/documentation/tutorials/google.md
@@ -47,19 +47,31 @@ defmodule MyApp.Accounts.User do
     create :register_with_google do
       argument :user_info, :map, allow_nil?: false
       argument :oauth_tokens, :map, allow_nil?: false
+      # Add oauth2 if an account with this email address already exists
       upsert? true
       upsert_identity :unique_email
+      # Fields you want to set if a matching user exists, *don't* include `confirmed_at`
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
 
       change AshAuthentication.GenerateTokenChange
 
       # Required if you have the `identity_resource` configuration enabled.
       change AshAuthentication.Strategy.OAuth2.IdentityChange
 
-      change fn changeset, _ ->
+      change fn changeset, _context ->
         user_info = Ash.Changeset.get_argument(changeset, :user_info)
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Ensure non-confirmed users can't sign up with oauth
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end