Packages
boruta
1.1.0
3.0.0-beta.4
3.0.0-beta.3
3.0.0-beta.2
3.0.0-beta.1
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.2.2
2.2.1
2.2.0
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
2.0.0-rc.1
2.0.0-rc.0
1.2.1
1.2.0
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
1.0.0-rc.3
1.0.0-rc.2
1.0.0-rc.1
1.0.0-rc.0
0.2.1
0.2.0
0.1.1
0.1.0
0.1.0-rc.5
0.1.0-rc.4
0.1.0-rc.3
0.1.0-rc.2
0.1.0-rc.1
Core of an OAuth/OpenID Connect provider enabling authorization in your applications.
Current section
Files
Jump to
Current section
Files
lib/boruta/adapters/ecto/clients.ex
defmodule Boruta.Ecto.Clients do
@moduledoc false
@behaviour Boruta.Oauth.Clients
import Ecto.Query, only: [from: 2]
import Boruta.Config, only: [repo: 0]
import Boruta.Ecto.OauthMapper, only: [to_oauth_schema: 1]
alias Boruta.Ecto
alias Boruta.Ecto.ClientStore
alias Boruta.Oauth
@impl Boruta.Oauth.Clients
def get_by(attrs) do
case get_by(:from_cache, attrs) do
{:ok, client} -> client
{:error, _reason} -> get_by(:from_database, attrs)
end
end
defp get_by(:from_cache, attrs), do: ClientStore.get(attrs)
defp get_by(:from_database, id: nil, secret: _secret), do: nil
defp get_by(:from_database, id: id, secret: secret) do
with %Ecto.Client{} = client <- repo().get_by(Ecto.Client, id: id, secret: secret),
{:ok, client} <- to_oauth_schema(client) |> ClientStore.put() do
client
end
end
defp get_by(:from_database, id: nil, redirect_uri: _redirect_uri), do: nil
defp get_by(:from_database, id: id, redirect_uri: redirect_uri) do
redirect_uri_regex = "^#{redirect_uri}$"
with %Ecto.Client{} = client <-
repo().one(
from c in Ecto.Client,
where: c.id == ^id and fragment("SELECT true FROM unnest(redirect_uris) AS r WHERE r ~ ?", ^redirect_uri_regex)
),
{:ok, client} <- to_oauth_schema(client) |> ClientStore.put() do
client
end
end
def invalidate(client) do
ClientStore.invalidate(client)
end
@impl Boruta.Oauth.Clients
def authorized_scopes(client) do
case ClientStore.authorized_scopes(client) do
{:ok, authorized_scopes} -> authorized_scopes
{:error, _reason} -> authorized_scopes(:from_database, client)
end
end
defp authorized_scopes(:from_database, %Oauth.Client{id: id}) do
case repo().get_by(Ecto.Client, id: id) do
%Ecto.Client{} = client ->
{:ok, client} = to_oauth_schema(client) |> ClientStore.put()
client.authorized_scopes
nil ->
[]
end
end
@spec check_secret(client :: Oauth.Client.t(), secret :: String.t()) ::
:ok | {:error, String.t()}
def check_secret(%Oauth.Client{secret: client_secret}, secret) do
case client_secret == secret do
true -> :ok
false -> {:error, "Client secret do not match."}
end
end
@spec check_redirect_uri(client :: Oauth.Client.t(), redirect_uri :: String.t()) ::
:ok | {:error, String.t()}
def check_redirect_uri(%Oauth.Client{redirect_uris: client_redirect_uris}, redirect_uri) do
case Enum.member?(client_redirect_uris, redirect_uri) do
true -> :ok
false -> {:error, "Client redirect_uri do not match."}
end
end
end