Packages
boruta
2.3.6
3.0.0-beta.4
3.0.0-beta.3
3.0.0-beta.2
3.0.0-beta.1
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.2.2
2.2.1
2.2.0
2.1.5
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
2.0.0-rc.1
2.0.0-rc.0
1.2.1
1.2.0
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
1.0.0-rc.3
1.0.0-rc.2
1.0.0-rc.1
1.0.0-rc.0
0.2.1
0.2.0
0.1.1
0.1.0
0.1.0-rc.5
0.1.0-rc.4
0.1.0-rc.3
0.1.0-rc.2
0.1.0-rc.1
Core of an OAuth/OpenID Connect provider enabling authorization in your applications.
Current section
Files
Jump to
Current section
Files
lib/boruta/adapters/ecto/codes.ex
defmodule Boruta.Ecto.Codes do
@moduledoc false
@behaviour Boruta.Oauth.Codes
import Boruta.Config, only: [repo: 0]
import Boruta.Ecto.OauthMapper, only: [to_oauth_schema: 1]
alias Boruta.Ecto.Errors
alias Boruta.Ecto.Token
alias Boruta.Ecto.TokenStore
alias Boruta.Oauth
@impl Boruta.Oauth.Codes
def get_by(value: value, redirect_uri: redirect_uri) do
with {:ok, token} <- TokenStore.get(value: value),
true <- token.redirect_uri == redirect_uri do
token
else
{:error, "Not cached."} ->
with %Token{} = token <-
repo().get_by(Token, type: "code", value: value, redirect_uri: redirect_uri),
{:ok, token} <-
token
|> to_oauth_schema()
|> TokenStore.put() do
token
end
false ->
nil
end
end
@impl Boruta.Oauth.Codes
def create(
%{
client:
%Oauth.Client{
id: client_id,
authorization_code_ttl: authorization_code_ttl
} = client,
resource_owner: resource_owner,
redirect_uri: redirect_uri,
scope: scope,
state: state,
code_challenge: code_challenge,
code_challenge_method: code_challenge_method
} = params
) do
sub = params[:sub]
changeset =
apply(Token, changeset_method(client), [
%Token{resource_owner: resource_owner},
%{
client_id: client_id,
sub: sub,
redirect_uri: redirect_uri,
state: state,
nonce: params[:nonce],
scope: scope,
authorization_code_ttl: authorization_code_ttl,
code_challenge: code_challenge,
code_challenge_method: code_challenge_method
}
])
with {:ok, token} <- repo().insert(changeset),
{:ok, token} <- TokenStore.put(to_oauth_schema(token)) do
{:ok, token}
else
{:error, %Ecto.Changeset{} = changeset} ->
error_message = Errors.message_from_changeset(changeset)
{:error, "Could not create code : #{error_message}"}
end
end
defp changeset_method(%Oauth.Client{pkce: false}), do: :code_changeset
defp changeset_method(%Oauth.Client{pkce: true}), do: :pkce_code_changeset
@impl Boruta.Oauth.Codes
def revoke(%Oauth.Token{value: value} = code) do
with %Token{} = token <- repo().get_by(Token, value: value),
{:ok, token} <-
Token.revoke_changeset(token)
|> repo().update(),
{:ok, _token} <- TokenStore.invalidate(code) do
{:ok, token}
else
nil ->
{:error, "Code not found."}
error ->
error
end
end
@impl Boruta.Oauth.Codes
def revoke_previous_token(%Oauth.Token{value: value} = code) do
with %Token{} = previous_token <- repo().get_by(Token, previous_code: value),
{:ok, _token} <-
Token.revoke_changeset(previous_token)
|> repo().update() do
{:ok, code}
end
end
end