logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

token.ex (2772B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.MFA.Token do
  6.   use Ecto.Schema
  7.   import Ecto.Query
  8.   import Ecto.Changeset
  10.   alias Pleroma.Repo
  11.   alias Pleroma.User
  12.   alias Pleroma.Web.OAuth.Authorization
  14.   @expires 300
  16.   @type t() :: %__MODULE__{}
  18.   schema "mfa_tokens" do
  19.     field(:token, :string)
  20.     field(:valid_until, :naive_datetime_usec)
  22.     belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
  23.     belongs_to(:authorization, Authorization)
  25.     timestamps()
  26.   end
  28.   @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
  29.   def get_by_token(token) do
  30.     from(
  31.       t in __MODULE__,
  32.       where: t.token == ^token,
  33.       preload: [:user, :authorization]
  34.     )
  35.     |> Repo.find_resource()
  36.   end
  38.   @spec validate(String.t()) :: {:ok, t()} | {:error, :not_found} | {:error, :expired_token}
  39.   def validate(token_str) do
  40.     with {:ok, token} <- get_by_token(token_str),
  41.          false <- expired?(token) do
  42.       {:ok, token}
  43.     end
  44.   end
  46.   defp expired?(%__MODULE__{valid_until: valid_until}) do
  47.     with true <- NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0 do
  48.       {:error, :expired_token}
  49.     end
  50.   end
  52.   @spec create(User.t(), Authorization.t() | nil) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
  53.   def create(user, authorization \\ nil) do
  54.     with {:ok, token} <- do_create(user, authorization) do
  55.       Pleroma.Workers.PurgeExpiredToken.new(
  56.         %{
  57.           token_id: token.id,
  58.           mod: __MODULE__
  59.         },
  60.         scheduled_at: DateTime.from_naive!(token.valid_until, "Etc/UTC")
  61.       )
  62.       |> Oban.insert()
  64.       {:ok, token}
  65.     end
  66.   end
  68.   defp do_create(user, authorization) do
  69.     %__MODULE__{}
  70.     |> change()
  71.     |> assign_user(user)
  72.     |> maybe_assign_authorization(authorization)
  73.     |> put_token()
  74.     |> put_valid_until()
  75.     |> Repo.insert()
  76.   end
  78.   defp assign_user(changeset, user) do
  79.     changeset
  80.     |> put_assoc(:user, user)
  81.     |> validate_required([:user])
  82.   end
  84.   defp maybe_assign_authorization(changeset, %Authorization{} = authorization) do
  85.     changeset
  86.     |> put_assoc(:authorization, authorization)
  87.     |> validate_required([:authorization])
  88.   end
  90.   defp maybe_assign_authorization(changeset, _), do: changeset
  92.   defp put_token(changeset) do
  93.     token = Pleroma.Web.OAuth.Token.Utils.generate_token()
  95.     changeset
  96.     |> change(%{token: token})
  97.     |> validate_required([:token])
  98.     |> unique_constraint(:token)
  99.   end
  101.   defp put_valid_until(changeset) do
  102.     expires_in = NaiveDateTime.add(NaiveDateTime.utc_now(), @expires)
  104.     changeset
  105.     |> change(%{valid_until: expires_in})
  106.     |> validate_required([:valid_until])
  107.   end
  108. end