From eeeb3817640b770a6bd45e5b3524734ea5c79143 Mon Sep 17 00:00:00 2001 From: Pichonnier Emric Date: Thu, 23 Feb 2023 16:46:51 +0100 Subject: [PATCH 1/5] feat: make session cookie --- .../lenra_web/controllers/user_controller.ex | 19 ++++++++++--------- .../guardian/plug/verify_cookie_simple.ex | 10 +++++++++- .../lib/lenra_web/guardian/token_helper.ex | 19 ++++++++++--------- apps/lenra_web/lib/lenra_web/router.ex | 1 + 4 files changed, 30 insertions(+), 19 deletions(-) diff --git a/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex b/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex index 34b28b4b..b6300908 100644 --- a/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex +++ b/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex @@ -4,7 +4,7 @@ defmodule LenraWeb.UserController do alias Lenra.Accounts alias Lenra.Accounts.User alias Lenra.Repo - alias LenraWeb.Guardian.Plug + alias LenraWeb.Guardian alias LenraWeb.TokenHelper alias Lenra.Errors.BusinessError @@ -26,14 +26,15 @@ defmodule LenraWeb.UserController do end def refresh_token(conn, _params) do - conn - |> Plug.current_token() + token = Guardian.Plug.current_token(conn) || Plug.Conn.get_session(conn, :guardian_default_token) + + token |> TokenHelper.create_access_token() |> case do {:ok, access_token} -> conn |> TokenHelper.assign_access_token(access_token) - |> reply(Plug.current_resource(conn)) + |> reply(Guardian.Plug.current_resource(conn)) err -> err @@ -41,7 +42,7 @@ defmodule LenraWeb.UserController do end def validate_user(conn, params) do - with user <- Plug.current_resource(conn), + with user <- Guardian.Plug.current_resource(conn), {:ok, %{updated_user: updated_user}} <- Accounts.validate_user(user, params["code"]) do conn |> TokenHelper.revoke_current_refresh() @@ -51,14 +52,14 @@ defmodule LenraWeb.UserController do end def resend_registration_token(conn, _params) do - with user <- Plug.current_resource(conn), + with user <- Guardian.Plug.current_resource(conn), {:ok, _any} <- Accounts.resend_registration_code(user) do reply(conn) end end def validate_dev(conn, _params) do - with user <- Plug.current_resource(conn), + with user <- Guardian.Plug.current_resource(conn), {:ok, %{updated_user: updated_user}} <- Accounts.validate_dev(user) do conn |> TokenHelper.revoke_current_refresh() @@ -70,12 +71,12 @@ defmodule LenraWeb.UserController do def logout(conn, _params) do conn |> TokenHelper.revoke_current_refresh() - |> Plug.clear_remember_me() + |> Guardian.Plug.clear_remember_me() |> reply() end def change_password(conn, params) do - with user <- Plug.current_resource(conn), + with user <- Guardian.Plug.current_resource(conn), {:ok, _} <- Accounts.update_user_password(user, params) do reply(conn) end diff --git a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex index 768b7764..6734dba4 100644 --- a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex +++ b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex @@ -8,7 +8,7 @@ defmodule LenraWeb.Plug.VerifyCookieSimple do def call(conn, opts) do with nil <- Guardian.Plug.current_token(conn, opts), - {:ok, token} <- Guardian.Plug.find_token_from_cookies(conn, opts), + {:ok, token} <- get_token(conn, opts), claims_to_check <- Keyword.get(opts, :claims, %{}), key <- Pipeline.fetch_key(conn, opts), {:ok, claims} <- LenraWeb.Guardian.decode_and_verify(token, claims_to_check, opts) do @@ -29,4 +29,12 @@ defmodule LenraWeb.Plug.VerifyCookieSimple do conn end end + + defp get_token(conn, opts) do + if Plug.Conn.get_session(conn, :guardian_default_token) == nil do + Guardian.Plug.find_token_from_cookies(conn, opts) + else + {:ok, Plug.Conn.get_session(conn, :guardian_default_token)} + end + end end diff --git a/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex b/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex index 57f46b90..92d77031 100644 --- a/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex +++ b/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex @@ -21,15 +21,16 @@ defmodule LenraWeb.TokenHelper do end def assign_access_and_refresh_token(conn, user) do - conn = Guardian.Plug.remember_me(conn, user, %{typ: "refresh"}, ttl: {0, :days}) - - # Do not use create_access_token because sometimes the function returns an error because refresh_token has expired. - case Guardian.encode_and_sign(user, %{typ: "access"}) do - {:ok, access_token, _claims} -> - assign_access_token(conn, access_token) - - error -> - ErrorHandler.auth_error(conn, error, []) + with {:ok, refresh, _claims} <- Guardian.encode_and_sign(user, %{typ: "refresh"}), + conn <- Guardian.Plug.put_session_token(conn, refresh, key: "guardian_default") do + # Do not use create_access_token because sometimes the function returns an error because refresh_token has expired. + case Guardian.encode_and_sign(user, %{typ: "access"}) do + {:ok, access_token, _claims} -> + assign_access_token(conn, access_token) + + error -> + ErrorHandler.auth_error(conn, error, []) + end end end diff --git a/apps/lenra_web/lib/lenra_web/router.ex b/apps/lenra_web/lib/lenra_web/router.ex index daf44b0f..b057a677 100644 --- a/apps/lenra_web/lib/lenra_web/router.ex +++ b/apps/lenra_web/lib/lenra_web/router.ex @@ -9,6 +9,7 @@ defmodule LenraWeb.Router do pipeline :api do plug(:accepts, ["json"]) + plug(:fetch_session) end pipeline :runner do From 258c0a80007c32cf7ff3eeffd5986252eb8f6254 Mon Sep 17 00:00:00 2001 From: Emric Pichonnier Date: Fri, 24 Feb 2023 09:32:27 +0100 Subject: [PATCH 2/5] fix: credo --- apps/lenra_web/lib/lenra_web/guardian/token_helper.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex b/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex index 92d77031..81a60190 100644 --- a/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex +++ b/apps/lenra_web/lib/lenra_web/guardian/token_helper.ex @@ -23,7 +23,7 @@ defmodule LenraWeb.TokenHelper do def assign_access_and_refresh_token(conn, user) do with {:ok, refresh, _claims} <- Guardian.encode_and_sign(user, %{typ: "refresh"}), conn <- Guardian.Plug.put_session_token(conn, refresh, key: "guardian_default") do - # Do not use create_access_token because sometimes the function returns an error because refresh_token has expired. + # Do not use create_access_token, sometimes the function returns an error because refresh_token has expired. case Guardian.encode_and_sign(user, %{typ: "access"}) do {:ok, access_token, _claims} -> assign_access_token(conn, access_token) From 09025f7573df11cc1de4e9675728348c4fd2349a Mon Sep 17 00:00:00 2001 From: Emric Pichonnier Date: Fri, 24 Feb 2023 10:57:23 +0100 Subject: [PATCH 3/5] feat: some fix --- .../lib/lenra_web/guardian/plug/verify_cookie_simple.ex | 4 ++++ config/test.exs | 1 + 2 files changed, 5 insertions(+) diff --git a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex index 6734dba4..ead9e624 100644 --- a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex +++ b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex @@ -4,6 +4,8 @@ defmodule LenraWeb.Plug.VerifyCookieSimple do """ alias Guardian.Plug.Pipeline + require Logger + def init(opt \\ []), do: opt def call(conn, opts) do @@ -31,6 +33,8 @@ defmodule LenraWeb.Plug.VerifyCookieSimple do end defp get_token(conn, opts) do + conn = Plug.Conn.fetch_session(conn, :guardian_default_token) + if Plug.Conn.get_session(conn, :guardian_default_token) == nil do Guardian.Plug.find_token_from_cookies(conn, opts) else diff --git a/config/test.exs b/config/test.exs index b602edc8..8d76fcba 100644 --- a/config/test.exs +++ b/config/test.exs @@ -3,6 +3,7 @@ import Config # you can enable the server option below. config :lenra_web, LenraWeb.Endpoint, http: [port: 4002], + secret_key_base: "FuEn07fjnCLaC53BiDoBagPYdsv/S65QTfxWgusKP1BA5NiaFzXGYMHLZ6JAYxt1", server: false # Hide logs during test From 5daa347267aae248d9d576a5cd0d9c00a97f3dfd Mon Sep 17 00:00:00 2001 From: Emric Pichonnier Date: Fri, 24 Feb 2023 11:01:28 +0100 Subject: [PATCH 4/5] feat: clear_session --- apps/lenra_web/lib/lenra_web/controllers/user_controller.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex b/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex index b6300908..19e44ff2 100644 --- a/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex +++ b/apps/lenra_web/lib/lenra_web/controllers/user_controller.ex @@ -72,6 +72,7 @@ defmodule LenraWeb.UserController do conn |> TokenHelper.revoke_current_refresh() |> Guardian.Plug.clear_remember_me() + |> Plug.Conn.clear_session() |> reply() end From 4101aa59b53ededfd62bb2cd216689ff4092bf12 Mon Sep 17 00:00:00 2001 From: Emric Pichonnier Date: Fri, 24 Feb 2023 11:17:38 +0100 Subject: [PATCH 5/5] fix: dialyzer --- .../lib/lenra_web/guardian/plug/verify_cookie_simple.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex index ead9e624..57e152b8 100644 --- a/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex +++ b/apps/lenra_web/lib/lenra_web/guardian/plug/verify_cookie_simple.ex @@ -33,7 +33,7 @@ defmodule LenraWeb.Plug.VerifyCookieSimple do end defp get_token(conn, opts) do - conn = Plug.Conn.fetch_session(conn, :guardian_default_token) + conn = Plug.Conn.fetch_session(conn) if Plug.Conn.get_session(conn, :guardian_default_token) == nil do Guardian.Plug.find_token_from_cookies(conn, opts)