From 53d19a3a184d093be42ba4fbaed25cc7c03c87ff Mon Sep 17 00:00:00 2001 From: Bent Witthold Date: Fri, 20 Feb 2026 13:09:55 +0100 Subject: [PATCH] After "mix phx.gen.auth Admins Admin admins" with added working register and login path. --- config/config.exs | 13 + lib/beet_round_server/admins.ex | 328 +++++++++++++++ lib/beet_round_server/admins/admin.ex | 134 ++++++ .../admins/admin_notifier.ex | 84 ++++ lib/beet_round_server/admins/admin_token.ex | 195 +++++++++ lib/beet_round_server/admins/scope.ex | 33 ++ lib/beet_round_server_web/admin_auth.ex | 219 ++++++++++ .../controllers/admin_controller.ex | 56 +++ .../controllers/admin_json.ex | 47 +++ .../admin_registration_controller.ex | 32 ++ .../controllers/admin_registration_html.ex | 5 + .../admin_registration_html/new.html.heex | 31 ++ .../controllers/admin_session_controller.ex | 88 ++++ .../controllers/admin_session_html.ex | 9 + .../admin_session_html/confirm.html.heex | 59 +++ .../admin_session_html/new.html.heex | 70 +++ .../controllers/admin_settings_controller.ex | 77 ++++ .../controllers/admin_settings_html.ex | 5 + .../admin_settings_html/edit.html.heex | 40 ++ lib/beet_round_server_web/router.ex | 35 ++ ...260220064646_create_admins_auth_tables.exs | 32 ++ test/beet_round_server/admins_test.exs | 397 ++++++++++++++++++ .../beet_round_server_web/admin_auth_test.exs | 293 +++++++++++++ .../admin_registration_controller_test.exs | 50 +++ .../admin_session_controller_test.exs | 220 ++++++++++ .../admin_settings_controller_test.exs | 148 +++++++ test/support/conn_case.ex | 41 ++ test/support/fixtures/admins_fixtures.ex | 89 ++++ 28 files changed, 2830 insertions(+) create mode 100644 lib/beet_round_server/admins.ex create mode 100644 lib/beet_round_server/admins/admin.ex create mode 100644 lib/beet_round_server/admins/admin_notifier.ex create mode 100644 lib/beet_round_server/admins/admin_token.ex create mode 100644 lib/beet_round_server/admins/scope.ex create mode 100644 lib/beet_round_server_web/admin_auth.ex create mode 100644 lib/beet_round_server_web/controllers/admin_controller.ex create mode 100644 lib/beet_round_server_web/controllers/admin_json.ex create mode 100644 lib/beet_round_server_web/controllers/admin_registration_controller.ex create mode 100644 lib/beet_round_server_web/controllers/admin_registration_html.ex create mode 100644 lib/beet_round_server_web/controllers/admin_registration_html/new.html.heex create mode 100644 lib/beet_round_server_web/controllers/admin_session_controller.ex create mode 100644 lib/beet_round_server_web/controllers/admin_session_html.ex create mode 100644 lib/beet_round_server_web/controllers/admin_session_html/confirm.html.heex create mode 100644 lib/beet_round_server_web/controllers/admin_session_html/new.html.heex create mode 100644 lib/beet_round_server_web/controllers/admin_settings_controller.ex create mode 100644 lib/beet_round_server_web/controllers/admin_settings_html.ex create mode 100644 lib/beet_round_server_web/controllers/admin_settings_html/edit.html.heex create mode 100644 priv/repo/migrations/20260220064646_create_admins_auth_tables.exs create mode 100644 test/beet_round_server/admins_test.exs create mode 100644 test/beet_round_server_web/admin_auth_test.exs create mode 100644 test/beet_round_server_web/controllers/admin_registration_controller_test.exs create mode 100644 test/beet_round_server_web/controllers/admin_session_controller_test.exs create mode 100644 test/beet_round_server_web/controllers/admin_settings_controller_test.exs create mode 100644 test/support/fixtures/admins_fixtures.ex diff --git a/config/config.exs b/config/config.exs index a2252b2..0c80d7b 100644 --- a/config/config.exs +++ b/config/config.exs @@ -7,6 +7,19 @@ # General application configuration import Config +config :beet_round_server, :scopes, + admin: [ + default: false, + module: BeetRoundServer.Admins.Scope, + assign_key: :current_scope, + access_path: [:admin, :id], + schema_key: :admin_id, + schema_type: :binary_id, + schema_table: :admins, + test_data_fixture: BeetRoundServer.AdminsFixtures, + test_setup_helper: :register_and_log_in_admin + ] + config :beet_round_server, :scopes, user: [ default: true, diff --git a/lib/beet_round_server/admins.ex b/lib/beet_round_server/admins.ex new file mode 100644 index 0000000..5defa4f --- /dev/null +++ b/lib/beet_round_server/admins.ex @@ -0,0 +1,328 @@ +defmodule BeetRoundServer.Admins do + @moduledoc """ + The Admins context. + """ + + import Ecto.Query, warn: false + alias BeetRoundServer.Repo + + alias BeetRoundServer.Admins.{Admin, AdminToken, AdminNotifier} + + ## Database getters + + @doc """ + Gets a admin by email. + + ## Examples + + iex> get_admin_by_email("foo@example.com") + %Admin{} + + iex> get_admin_by_email("unknown@example.com") + nil + + """ + def get_admin_by_email(email) when is_binary(email) do + Repo.get_by(Admin, email: email) + end + + @doc """ + Gets a admin by email and password. + + ## Examples + + iex> get_admin_by_email_and_password("foo@example.com", "correct_password") + %Admin{} + + iex> get_admin_by_email_and_password("foo@example.com", "invalid_password") + nil + + """ + def get_admin_by_email_and_password(email, password) + when is_binary(email) and is_binary(password) do + admin = Repo.get_by(Admin, email: email) + if Admin.valid_password?(admin, password), do: admin + end + + @doc """ + Gets a single admin. + + Raises `Ecto.NoResultsError` if the Admin does not exist. + + ## Examples + + iex> get_admin!(123) + %Admin{} + + iex> get_admin!(456) + ** (Ecto.NoResultsError) + + """ + def get_admin!(id), do: Repo.get!(Admin, id) + + ## Admin registration + + @doc """ + Registers a admin. + + ## Examples + + iex> register_admin(%{field: value}) + {:ok, %Admin{}} + + iex> register_admin(%{field: bad_value}) + {:error, %Ecto.Changeset{}} + + """ + def register_admin(attrs) do + %Admin{} + |> Admin.email_changeset(attrs) + |> Admin.password_changeset(attrs) + |> Repo.insert() + end + + ## Settings + + @doc """ + Checks whether the admin is in sudo mode. + + The admin is in sudo mode when the last authentication was done no further + than 20 minutes ago. The limit can be given as second argument in minutes. + """ + def sudo_mode?(admin, minutes \\ -20) + + def sudo_mode?(%Admin{authenticated_at: ts}, minutes) when is_struct(ts, DateTime) do + DateTime.after?(ts, DateTime.utc_now() |> DateTime.add(minutes, :minute)) + end + + def sudo_mode?(_admin, _minutes), do: false + + @doc """ + Returns an `%Ecto.Changeset{}` for changing the admin email. + + See `BeetRoundServer.Admins.Admin.email_changeset/3` for a list of supported options. + + ## Examples + + iex> change_admin_email(admin) + %Ecto.Changeset{data: %Admin{}} + + """ + def change_admin_email(admin, attrs \\ %{}, opts \\ []) do + Admin.email_changeset(admin, attrs, opts) + end + + @doc """ + Updates the admin email using the given token. + + If the token matches, the admin email is updated and the token is deleted. + """ + def update_admin_email(admin, token) do + context = "change:#{admin.email}" + + Repo.transact(fn -> + with {:ok, query} <- AdminToken.verify_change_email_token_query(token, context), + %AdminToken{sent_to: email} <- Repo.one(query), + {:ok, admin} <- Repo.update(Admin.email_changeset(admin, %{email: email})), + {_count, _result} <- + Repo.delete_all(from(AdminToken, where: [admin_id: ^admin.id, context: ^context])) do + {:ok, admin} + else + _ -> {:error, :transaction_aborted} + end + end) + end + + @doc """ + Returns an `%Ecto.Changeset{}` for changing the admin password. + + See `BeetRoundServer.Admins.Admin.password_changeset/3` for a list of supported options. + + ## Examples + + iex> change_admin_password(admin) + %Ecto.Changeset{data: %Admin{}} + + """ + def change_admin_password(admin, attrs \\ %{}, opts \\ []) do + Admin.password_changeset(admin, attrs, opts) + end + + @doc """ + Updates the admin password. + + Returns a tuple with the updated admin, as well as a list of expired tokens. + + ## Examples + + iex> update_admin_password(admin, %{password: ...}) + {:ok, {%Admin{}, [...]}} + + iex> update_admin_password(admin, %{password: "too short"}) + {:error, %Ecto.Changeset{}} + + """ + def update_admin_password(admin, attrs) do + admin + |> Admin.password_changeset(attrs) + |> update_admin_and_delete_all_tokens() + end + + ## Session + + @doc """ + Generates a session token. + """ + def generate_admin_session_token(admin) do + {token, admin_token} = AdminToken.build_session_token(admin) + Repo.insert!(admin_token) + token + end + + @doc """ + Gets the admin with the given signed token. + + If the token is valid `{admin, token_inserted_at}` is returned, otherwise `nil` is returned. + """ + def get_admin_by_session_token(token) do + {:ok, query} = AdminToken.verify_session_token_query(token) + Repo.one(query) + end + + @doc """ + Gets the admin with the given magic link token. + """ + def get_admin_by_magic_link_token(token) do + with {:ok, query} <- AdminToken.verify_magic_link_token_query(token), + {admin, _token} <- Repo.one(query) do + admin + else + _ -> nil + end + end + + @doc """ + Logs the admin in by magic link. + + There are three cases to consider: + + 1. The admin has already confirmed their email. They are logged in + and the magic link is expired. + + 2. The admin has not confirmed their email and no password is set. + In this case, the admin gets confirmed, logged in, and all tokens - + including session ones - are expired. In theory, no other tokens + exist but we delete all of them for best security practices. + + 3. The admin has not confirmed their email but a password is set. + This cannot happen in the default implementation but may be the + source of security pitfalls. See the "Mixing magic link and password registration" section of + `mix help phx.gen.auth`. + """ + def login_admin_by_magic_link(token) do + {:ok, query} = AdminToken.verify_magic_link_token_query(token) + + case Repo.one(query) do + # Prevent session fixation attacks by disallowing magic links for unconfirmed users with password + {%Admin{confirmed_at: nil, hashed_password: hash}, _token} when not is_nil(hash) -> + raise """ + magic link log in is not allowed for unconfirmed users with a password set! + + This cannot happen with the default implementation, which indicates that you + might have adapted the code to a different use case. Please make sure to read the + "Mixing magic link and password registration" section of `mix help phx.gen.auth`. + """ + + {%Admin{confirmed_at: nil} = admin, _token} -> + admin + |> Admin.confirm_changeset() + |> update_admin_and_delete_all_tokens() + + {admin, token} -> + Repo.delete!(token) + {:ok, {admin, []}} + + nil -> + {:error, :not_found} + end + end + + @doc ~S""" + Delivers the update email instructions to the given admin. + + ## Examples + + iex> deliver_admin_update_email_instructions(admin, current_email, &url(~p"/admins/settings/confirm-email/#{&1}")) + {:ok, %{to: ..., body: ...}} + + """ + def deliver_admin_update_email_instructions( + %Admin{} = admin, + current_email, + update_email_url_fun + ) + when is_function(update_email_url_fun, 1) do + {encoded_token, admin_token} = AdminToken.build_email_token(admin, "change:#{current_email}") + + Repo.insert!(admin_token) + AdminNotifier.deliver_update_email_instructions(admin, update_email_url_fun.(encoded_token)) + end + + @doc """ + Delivers the magic link login instructions to the given admin. + """ + def deliver_login_instructions(%Admin{} = admin, magic_link_url_fun) + when is_function(magic_link_url_fun, 1) do + {encoded_token, admin_token} = AdminToken.build_email_token(admin, "login") + Repo.insert!(admin_token) + AdminNotifier.deliver_login_instructions(admin, magic_link_url_fun.(encoded_token)) + end + + @doc """ + Deletes the signed token with the given context. + """ + def delete_admin_session_token(token) do + Repo.delete_all(from(AdminToken, where: [token: ^token, context: "session"])) + :ok + end + + @doc """ + Creates a new api token for an admin. + + The token returned must be saved somewhere safe. + This token cannot be recovered from the database. + """ + def create_admin_api_token(admin) do + {encoded_token, admin_token} = AdminToken.build_email_token(admin, "api-token") + Repo.insert!(admin_token) + encoded_token + end + + @doc """ + Fetches the admin by API token. + """ + def fetch_admin_by_api_token(token) do + with {:ok, query} <- AdminToken.verify_email_token_query(token, "api-token"), + %Admin{} = admin <- Repo.one(query) do + {:ok, admin} + else + _ -> :error + end + end + + ## Token helper + + defp update_admin_and_delete_all_tokens(changeset) do + Repo.transact(fn -> + with {:ok, admin} <- Repo.update(changeset) do + tokens_to_expire = Repo.all_by(AdminToken, admin_id: admin.id) + + Repo.delete_all( + from(t in AdminToken, where: t.id in ^Enum.map(tokens_to_expire, & &1.id)) + ) + + {:ok, {admin, tokens_to_expire}} + end + end) + end +end diff --git a/lib/beet_round_server/admins/admin.ex b/lib/beet_round_server/admins/admin.ex new file mode 100644 index 0000000..dfd8f53 --- /dev/null +++ b/lib/beet_round_server/admins/admin.ex @@ -0,0 +1,134 @@ +defmodule BeetRoundServer.Admins.Admin do + use Ecto.Schema + import Ecto.Changeset + + @primary_key {:id, :binary_id, autogenerate: true} + @foreign_key_type :binary_id + schema "admins" do + field :email, :string + field :password, :string, virtual: true, redact: true + field :hashed_password, :string, redact: true + field :confirmed_at, :utc_datetime + field :authenticated_at, :utc_datetime, virtual: true + + timestamps(type: :utc_datetime) + end + + @doc """ + A admin changeset for registering or changing the email. + + It requires the email to change otherwise an error is added. + + ## Options + + * `:validate_unique` - Set to false if you don't want to validate the + uniqueness of the email, useful when displaying live validations. + Defaults to `true`. + """ + def email_changeset(admin, attrs, opts \\ []) do + admin + |> cast(attrs, [:email]) + |> validate_email(opts) + end + + defp validate_email(changeset, opts) do + changeset = + changeset + |> validate_required([:email]) + |> validate_format(:email, ~r/^[^@,;\s]+@[^@,;\s]+$/, + message: "must have the @ sign and no spaces" + ) + |> validate_length(:email, max: 160) + + if Keyword.get(opts, :validate_unique, true) do + changeset + |> unsafe_validate_unique(:email, BeetRoundServer.Repo) + |> unique_constraint(:email) + |> validate_email_changed() + else + changeset + end + end + + defp validate_email_changed(changeset) do + if get_field(changeset, :email) && get_change(changeset, :email) == nil do + add_error(changeset, :email, "did not change") + else + changeset + end + end + + @doc """ + A admin changeset for changing the password. + + It is important to validate the length of the password, as long passwords may + be very expensive to hash for certain algorithms. + + ## Options + + * `:hash_password` - Hashes the password so it can be stored securely + in the database and ensures the password field is cleared to prevent + leaks in the logs. If password hashing is not needed and clearing the + password field is not desired (like when using this changeset for + validations on a LiveView form), this option can be set to `false`. + Defaults to `true`. + """ + def password_changeset(admin, attrs, opts \\ []) do + admin + |> cast(attrs, [:password]) + |> validate_confirmation(:password, message: "does not match password") + |> validate_password(opts) + end + + defp validate_password(changeset, opts) do + changeset + |> validate_required([:password]) + |> validate_length(:password, min: 12, max: 72) + # Examples of additional password validation: + # |> validate_format(:password, ~r/[a-z]/, message: "at least one lower case character") + # |> validate_format(:password, ~r/[A-Z]/, message: "at least one upper case character") + # |> validate_format(:password, ~r/[!?@#$%^&*_0-9]/, message: "at least one digit or punctuation character") + |> maybe_hash_password(opts) + end + + defp maybe_hash_password(changeset, opts) do + hash_password? = Keyword.get(opts, :hash_password, true) + password = get_change(changeset, :password) + + if hash_password? && password && changeset.valid? do + changeset + # If using Bcrypt, then further validate it is at most 72 bytes long + |> validate_length(:password, max: 72, count: :bytes) + # Hashing could be done with `Ecto.Changeset.prepare_changes/2`, but that + # would keep the database transaction open longer and hurt performance. + |> put_change(:hashed_password, Bcrypt.hash_pwd_salt(password)) + |> delete_change(:password) + else + changeset + end + end + + @doc """ + Confirms the account by setting `confirmed_at`. + """ + def confirm_changeset(admin) do + now = DateTime.utc_now(:second) + change(admin, confirmed_at: now) + end + + @doc """ + Verifies the password. + + If there is no admin or the admin doesn't have a password, we call + `Bcrypt.no_user_verify/0` to avoid timing attacks. + """ + def valid_password?(%BeetRoundServer.Admins.Admin{hashed_password: hashed_password}, password) + when is_binary(hashed_password) and byte_size(password) > 0 do + Bcrypt.verify_pass(password, hashed_password) + end + + def valid_password?(_, _) do + Bcrypt.no_user_verify() + false + end +end diff --git a/lib/beet_round_server/admins/admin_notifier.ex b/lib/beet_round_server/admins/admin_notifier.ex new file mode 100644 index 0000000..9c168d1 --- /dev/null +++ b/lib/beet_round_server/admins/admin_notifier.ex @@ -0,0 +1,84 @@ +defmodule BeetRoundServer.Admins.AdminNotifier do + import Swoosh.Email + + alias BeetRoundServer.Mailer + alias BeetRoundServer.Admins.Admin + + # Delivers the email using the application mailer. + defp deliver(recipient, subject, body) do + email = + new() + |> to(recipient) + |> from({"BeetRoundServer", "contact@example.com"}) + |> subject(subject) + |> text_body(body) + + with {:ok, _metadata} <- Mailer.deliver(email) do + {:ok, email} + end + end + + @doc """ + Deliver instructions to update a admin email. + """ + def deliver_update_email_instructions(admin, url) do + deliver(admin.email, "Update email instructions", """ + + ============================== + + Hi #{admin.email}, + + You can change your email by visiting the URL below: + + #{url} + + If you didn't request this change, please ignore this. + + ============================== + """) + end + + @doc """ + Deliver instructions to log in with a magic link. + """ + def deliver_login_instructions(admin, url) do + case admin do + %Admin{confirmed_at: nil} -> deliver_confirmation_instructions(admin, url) + _ -> deliver_magic_link_instructions(admin, url) + end + end + + defp deliver_magic_link_instructions(admin, url) do + deliver(admin.email, "Log in instructions", """ + + ============================== + + Hi #{admin.email}, + + You can log into your account by visiting the URL below: + + #{url} + + If you didn't request this email, please ignore this. + + ============================== + """) + end + + defp deliver_confirmation_instructions(admin, url) do + deliver(admin.email, "Confirmation instructions", """ + + ============================== + + Hi #{admin.email}, + + You can confirm your account by visiting the URL below: + + #{url} + + If you didn't create an account with us, please ignore this. + + ============================== + """) + end +end diff --git a/lib/beet_round_server/admins/admin_token.ex b/lib/beet_round_server/admins/admin_token.ex new file mode 100644 index 0000000..41597f9 --- /dev/null +++ b/lib/beet_round_server/admins/admin_token.ex @@ -0,0 +1,195 @@ +defmodule BeetRoundServer.Admins.AdminToken do + use Ecto.Schema + import Ecto.Query + alias BeetRoundServer.Admins.AdminToken + + @hash_algorithm :sha256 + @rand_size 32 + + # It is very important to keep the magic link token expiry short, + # since someone with access to the email may take over the account. + @magic_link_validity_in_minutes 15 + @change_email_validity_in_days 7 + @session_validity_in_days 14 + @api_validity_in_days 30 + + @primary_key {:id, :binary_id, autogenerate: true} + @foreign_key_type :binary_id + schema "admins_tokens" do + field :token, :binary + field :context, :string + field :sent_to, :string + field :authenticated_at, :utc_datetime + belongs_to :admin, BeetRoundServer.Admins.Admin + + timestamps(type: :utc_datetime, updated_at: false) + end + + @doc """ + Generates a token that will be stored in a signed place, + such as session or cookie. As they are signed, those + tokens do not need to be hashed. + + The reason why we store session tokens in the database, even + though Phoenix already provides a session cookie, is because + Phoenix's default session cookies are not persisted, they are + simply signed and potentially encrypted. This means they are + valid indefinitely, unless you change the signing/encryption + salt. + + Therefore, storing them allows individual admin + sessions to be expired. The token system can also be extended + to store additional data, such as the device used for logging in. + You could then use this information to display all valid sessions + and devices in the UI and allow users to explicitly expire any + session they deem invalid. + """ + def build_session_token(admin) do + token = :crypto.strong_rand_bytes(@rand_size) + dt = admin.authenticated_at || DateTime.utc_now(:second) + + {token, + %AdminToken{token: token, context: "session", admin_id: admin.id, authenticated_at: dt}} + end + + @doc """ + Checks if the token is valid and returns its underlying lookup query. + + The query returns the admin found by the token, if any, along with the token's creation time. + + The token is valid if it matches the value in the database and it has + not expired (after @session_validity_in_days). + """ + def verify_session_token_query(token) do + query = + from token in by_token_and_context_query(token, "session"), + join: admin in assoc(token, :admin), + where: token.inserted_at > ago(@session_validity_in_days, "day"), + select: {%{admin | authenticated_at: token.authenticated_at}, token.inserted_at} + + {:ok, query} + end + + @doc """ + Builds a token and its hash to be delivered to the admin's email. + + The non-hashed token is sent to the admin email while the + hashed part is stored in the database. The original token cannot be reconstructed, + which means anyone with read-only access to the database cannot directly use + the token in the application to gain access. Furthermore, if the admin changes + their email in the system, the tokens sent to the previous email are no longer + valid. + + Users can easily adapt the existing code to provide other types of delivery methods, + for example, by phone numbers. + """ + def build_email_token(admin, context) do + build_hashed_token(admin, context, admin.email) + end + + defp build_hashed_token(admin, context, sent_to) do + token = :crypto.strong_rand_bytes(@rand_size) + hashed_token = :crypto.hash(@hash_algorithm, token) + + {Base.url_encode64(token, padding: false), + %AdminToken{ + token: hashed_token, + context: context, + sent_to: sent_to, + admin_id: admin.id + }} + end + + @doc """ + Checks if the token is valid and returns its underlying lookup query. + + If found, the query returns a tuple of the form `{admin, token}`. + + The given token is valid if it matches its hashed counterpart in the + database. This function also checks if the token is being used within + 15 minutes. The context of a magic link token is always "login". + """ + def verify_magic_link_token_query(token) do + case Base.url_decode64(token, padding: false) do + {:ok, decoded_token} -> + hashed_token = :crypto.hash(@hash_algorithm, decoded_token) + + query = + from token in by_token_and_context_query(hashed_token, "login"), + join: admin in assoc(token, :admin), + where: token.inserted_at > ago(^@magic_link_validity_in_minutes, "minute"), + where: token.sent_to == admin.email, + select: {admin, token} + + {:ok, query} + + :error -> + :error + end + end + + @doc """ + Checks if the token is valid and returns its underlying lookup query. + + The query returns the admin_token found by the token, if any. + + This is used to validate requests to change the admin + email. + The given token is valid if it matches its hashed counterpart in the + database and if it has not expired (after @change_email_validity_in_days). + The context must always start with "change:". + """ + def verify_change_email_token_query(token, "change:" <> _ = context) do + case Base.url_decode64(token, padding: false) do + {:ok, decoded_token} -> + hashed_token = :crypto.hash(@hash_algorithm, decoded_token) + + query = + from token in by_token_and_context_query(hashed_token, context), + where: token.inserted_at > ago(@change_email_validity_in_days, "day") + + {:ok, query} + + :error -> + :error + end + end + + @doc """ + Checks if the token is valid and returns its underlying lookup query. + + The query returns the admin found by the token, if any. + + The given token is valid if it matches its hashed counterpart in the + database and the user email has not changed. This function also checks + if the token is being used within a certain period, depending on the + context. The default contexts supported by this function are either + "confirm", for account confirmation emails, and "reset_password", + for resetting the password. For verifying requests to change the email, + see `verify_change_email_token_query/2`. + """ + def verify_email_token_query(token, context) do + case Base.url_decode64(token, padding: false) do + {:ok, decoded_token} -> + hashed_token = :crypto.hash(@hash_algorithm, decoded_token) + days = days_for_context(context) + + query = + from token in by_token_and_context_query(hashed_token, context), + join: admin in assoc(token, :admin), + where: token.inserted_at > ago(^days, "day") and token.sent_to == admin.email, + select: admin + + {:ok, query} + + :error -> + :error + end + end + + defp days_for_context("api-token"), do: @api_validity_in_days + + defp by_token_and_context_query(token, context) do + from AdminToken, where: [token: ^token, context: ^context] + end +end diff --git a/lib/beet_round_server/admins/scope.ex b/lib/beet_round_server/admins/scope.ex new file mode 100644 index 0000000..4b8b7ca --- /dev/null +++ b/lib/beet_round_server/admins/scope.ex @@ -0,0 +1,33 @@ +defmodule BeetRoundServer.Admins.Scope do + @moduledoc """ + Defines the scope of the caller to be used throughout the app. + + The `BeetRoundServer.Admins.Scope` allows public interfaces to receive + information about the caller, such as if the call is initiated from an + end-user, and if so, which user. Additionally, such a scope can carry fields + such as "super user" or other privileges for use as authorization, or to + ensure specific code paths can only be access for a given scope. + + It is useful for logging as well as for scoping pubsub subscriptions and + broadcasts when a caller subscribes to an interface or performs a particular + action. + + Feel free to extend the fields on this struct to fit the needs of + growing application requirements. + """ + + alias BeetRoundServer.Admins.Admin + + defstruct admin: nil + + @doc """ + Creates a scope for the given admin. + + Returns nil if no admin is given. + """ + def for_admin(%Admin{} = admin) do + %__MODULE__{admin: admin} + end + + def for_admin(nil), do: nil +end diff --git a/lib/beet_round_server_web/admin_auth.ex b/lib/beet_round_server_web/admin_auth.ex new file mode 100644 index 0000000..f18a433 --- /dev/null +++ b/lib/beet_round_server_web/admin_auth.ex @@ -0,0 +1,219 @@ +defmodule BeetRoundServerWeb.AdminAuth do + use BeetRoundServerWeb, :verified_routes + + import Plug.Conn + import Phoenix.Controller + + alias BeetRoundServer.Admins + alias BeetRoundServer.Admins.Scope + + # Make the remember me cookie valid for 14 days. This should match + # the session validity setting in AdminToken. + @max_cookie_age_in_days 14 + @remember_me_cookie "_beet_round_server_web_admin_remember_me" + @remember_me_options [ + sign: true, + max_age: @max_cookie_age_in_days * 24 * 60 * 60, + same_site: "Lax" + ] + + # How old the session token should be before a new one is issued. When a request is made + # with a session token older than this value, then a new session token will be created + # and the session and remember-me cookies (if set) will be updated with the new token. + # Lowering this value will result in more tokens being created by active users. Increasing + # it will result in less time before a session token expires for a user to get issued a new + # token. This can be set to a value greater than `@max_cookie_age_in_days` to disable + # the reissuing of tokens completely. + @session_reissue_age_in_days 7 + + @doc """ + Logs the admin in. + + Redirects to the session's `:admin_return_to` path + or falls back to the `signed_in_path/1`. + """ + def log_in_admin(conn, admin, params \\ %{}) do + admin_return_to = get_session(conn, :admin_return_to) + + conn + |> create_or_extend_session(admin, params) + |> redirect(to: admin_return_to || signed_in_path(conn)) + end + + @doc """ + Logs the admin out. + + It clears all session data for safety. See renew_session. + """ + def log_out_admin(conn) do + admin_token = get_session(conn, :admin_token) + admin_token && Admins.delete_admin_session_token(admin_token) + + if live_socket_id = get_session(conn, :live_socket_id) do + BeetRoundServerWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{}) + end + + conn + |> renew_session(nil) + |> delete_resp_cookie(@remember_me_cookie) + |> redirect(to: ~p"/") + end + + @doc """ + Authenticates the admin by looking into the session and remember me token. + + Will reissue the session token if it is older than the configured age. + """ + def fetch_current_scope_for_admin(conn, _opts) do + with {token, conn} <- ensure_admin_token(conn), + {admin, token_inserted_at} <- Admins.get_admin_by_session_token(token) do + conn + |> assign(:current_scope, Scope.for_admin(admin)) + |> maybe_reissue_admin_session_token(admin, token_inserted_at) + else + nil -> assign(conn, :current_scope, Scope.for_admin(nil)) + end + end + + defp ensure_admin_token(conn) do + if token = get_session(conn, :admin_token) do + {token, conn} + else + conn = fetch_cookies(conn, signed: [@remember_me_cookie]) + + if token = conn.cookies[@remember_me_cookie] do + {token, conn |> put_token_in_session(token) |> put_session(:admin_remember_me, true)} + else + nil + end + end + end + + # Reissue the session token if it is older than the configured reissue age. + defp maybe_reissue_admin_session_token(conn, admin, token_inserted_at) do + token_age = DateTime.diff(DateTime.utc_now(:second), token_inserted_at, :day) + + if token_age >= @session_reissue_age_in_days do + create_or_extend_session(conn, admin, %{}) + else + conn + end + end + + # This function is the one responsible for creating session tokens + # and storing them safely in the session and cookies. It may be called + # either when logging in, during sudo mode, or to renew a session which + # will soon expire. + # + # When the session is created, rather than extended, the renew_session + # function will clear the session to avoid fixation attacks. See the + # renew_session function to customize this behaviour. + defp create_or_extend_session(conn, admin, params) do + token = Admins.generate_admin_session_token(admin) + remember_me = get_session(conn, :admin_remember_me) + + conn + |> renew_session(admin) + |> put_token_in_session(token) + |> maybe_write_remember_me_cookie(token, params, remember_me) + end + + # Do not renew session if the admin is already logged in + # to prevent CSRF errors or data being lost in tabs that are still open + defp renew_session(conn, admin) when conn.assigns.current_scope.admin.id == admin.id do + conn + end + + # This function renews the session ID and erases the whole + # session to avoid fixation attacks. If there is any data + # in the session you may want to preserve after log in/log out, + # you must explicitly fetch the session data before clearing + # and then immediately set it after clearing, for example: + # + # defp renew_session(conn, _admin) do + # delete_csrf_token() + # preferred_locale = get_session(conn, :preferred_locale) + # + # conn + # |> configure_session(renew: true) + # |> clear_session() + # |> put_session(:preferred_locale, preferred_locale) + # end + # + defp renew_session(conn, _admin) do + delete_csrf_token() + + conn + |> configure_session(renew: true) + |> clear_session() + end + + defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}, _), + do: write_remember_me_cookie(conn, token) + + defp maybe_write_remember_me_cookie(conn, token, _params, true), + do: write_remember_me_cookie(conn, token) + + defp maybe_write_remember_me_cookie(conn, _token, _params, _), do: conn + + defp write_remember_me_cookie(conn, token) do + conn + |> put_session(:admin_remember_me, true) + |> put_resp_cookie(@remember_me_cookie, token, @remember_me_options) + end + + defp put_token_in_session(conn, token) do + put_session(conn, :admin_token, token) + end + + @doc """ + Plug for routes that require sudo mode. + """ + def require_sudo_mode(conn, _opts) do + if Admins.sudo_mode?(conn.assigns.current_scope.admin, -10) do + conn + else + conn + |> put_flash(:error, "You must re-authenticate to access this page.") + |> maybe_store_return_to() + |> redirect(to: ~p"/admins/log-in") + |> halt() + end + end + + @doc """ + Plug for routes that require the admin to not be authenticated. + """ + def redirect_if_admin_is_authenticated(conn, _opts) do + if conn.assigns.current_scope do + conn + |> redirect(to: signed_in_path(conn)) + |> halt() + else + conn + end + end + + defp signed_in_path(_conn), do: ~p"/" + + @doc """ + Plug for routes that require the admin to be authenticated. + """ + def require_authenticated_admin(conn, _opts) do + if conn.assigns.current_scope && conn.assigns.current_scope.admin do + conn + else + conn + |> put_flash(:error, "You must log in to access this page.") + |> maybe_store_return_to() + |> redirect(to: ~p"/admins/log-in") + |> halt() + end + end + + defp maybe_store_return_to(%{method: "GET"} = conn) do + put_session(conn, :admin_return_to, current_path(conn)) + end + + defp maybe_store_return_to(conn), do: conn +end diff --git a/lib/beet_round_server_web/controllers/admin_controller.ex b/lib/beet_round_server_web/controllers/admin_controller.ex new file mode 100644 index 0000000..752ae5f --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_controller.ex @@ -0,0 +1,56 @@ +defmodule BeetRoundServerWeb.AdminController do + use BeetRoundServerWeb, :controller + + alias BeetRoundServer.Admins + alias BeetRoundServer.Admins.Admin + + action_fallback BeetRoundServerWeb.FallbackController + + def create(conn, %{"admin" => admin_params}) do + with {:ok, %Admin{} = admin} <- Admins.register_admin(admin_params) do + conn + |> put_status(:created) + |> render(:show, admin: admin) + else + {:error, _changeset} -> + existingAdmin = Admins.get_admin_by_email(admin_params["email"]) + + if existingAdmin == nil do + conn + |> put_status(:bad_request) + |> render(:error, %{error: "Admin could not be created!", admin: admin_params}) + else + admin = %{ + mail: existingAdmin.email, + id: existingAdmin.id + } + + conn + |> put_status(:conflict) + |> render(:error, %{error: "Admin already exists!", admin: admin}) + end + end + end + + def show(conn, %{"id" => id}) do + admin = Admins.get_admin!(id) + render(conn, :show, admin: admin) + end + + def log_in(conn, %{"admin" => admin_params}) do + case Admins.get_admin_by_email_and_password(admin_params["email"], admin_params["password"]) do + nil -> + IO.puts("Admin couldn't be found!") + + conn + |> put_status(:forbidden) + |> render(:error, %{error: "Invalid email or password!", admin: admin_params}) + + admin -> + encoded_token = Admins.create_admin_api_token(admin) + updated_admin = Map.put(admin, :token, encoded_token) + + render(conn, :token, admin: updated_admin) + end + end +end diff --git a/lib/beet_round_server_web/controllers/admin_json.ex b/lib/beet_round_server_web/controllers/admin_json.ex new file mode 100644 index 0000000..8810f79 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_json.ex @@ -0,0 +1,47 @@ +defmodule BeetRoundServerWeb.AdminJSON do + alias BeetRoundServer.Admins.Admin + + @doc """ + Renders a list of admins. + """ + def index(%{admins: admins}) do + %{data: for(admin <- admins, do: data(admin))} + end + + @doc """ + Renders a single admin. + """ + def show(%{admin: admin}) do + %{ + data: data(admin) + } + end + + def token(%{admin: admin}) do + %{ + data: %{ + id: admin.id, + email: admin.email, + token: admin.token + } + } + end + + def mail_status(%{status: status}) do + %{data: status} + end + + def error(%{error: error, admin: admin}) do + %{ + error: error, + admin: admin + } + end + + defp data(%Admin{} = admin) do + %{ + id: admin.id, + email: admin.email + } + end +end diff --git a/lib/beet_round_server_web/controllers/admin_registration_controller.ex b/lib/beet_round_server_web/controllers/admin_registration_controller.ex new file mode 100644 index 0000000..42d2b5c --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_registration_controller.ex @@ -0,0 +1,32 @@ +defmodule BeetRoundServerWeb.AdminRegistrationController do + use BeetRoundServerWeb, :controller + + alias BeetRoundServer.Admins + alias BeetRoundServer.Admins.Admin + + def new(conn, _params) do + changeset = Admins.change_admin_email(%Admin{}) + render(conn, :new, changeset: changeset) + end + + def create(conn, %{"admin" => admin_params}) do + case Admins.register_admin(admin_params) do + {:ok, admin} -> + {:ok, _} = + Admins.deliver_login_instructions( + admin, + &url(~p"/admins/log-in/#{&1}") + ) + + conn + |> put_flash( + :info, + "An email was sent to #{admin.email}, please access it to confirm your account." + ) + |> redirect(to: ~p"/admins/log-in") + + {:error, %Ecto.Changeset{} = changeset} -> + render(conn, :new, changeset: changeset) + end + end +end diff --git a/lib/beet_round_server_web/controllers/admin_registration_html.ex b/lib/beet_round_server_web/controllers/admin_registration_html.ex new file mode 100644 index 0000000..74d07d4 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_registration_html.ex @@ -0,0 +1,5 @@ +defmodule BeetRoundServerWeb.AdminRegistrationHTML do + use BeetRoundServerWeb, :html + + embed_templates "admin_registration_html/*" +end diff --git a/lib/beet_round_server_web/controllers/admin_registration_html/new.html.heex b/lib/beet_round_server_web/controllers/admin_registration_html/new.html.heex new file mode 100644 index 0000000..3882b41 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_registration_html/new.html.heex @@ -0,0 +1,31 @@ + +
+
+ <.header> + Register for an account + <:subtitle> + Already registered? + <.link navigate={~p"/admins/log-in"} class="font-semibold text-brand hover:underline"> + Log in + + to your account now. + + +
+ + <.form :let={f} for={@changeset} action={~p"/admins/register"}> + <.input + field={f[:email]} + type="email" + label="Email" + autocomplete="email" + required + phx-mounted={JS.focus()} + /> + + <.button phx-disable-with="Creating account..." class="btn btn-primary w-full"> + Create an account + + +
+ diff --git a/lib/beet_round_server_web/controllers/admin_session_controller.ex b/lib/beet_round_server_web/controllers/admin_session_controller.ex new file mode 100644 index 0000000..ecd1efc --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_session_controller.ex @@ -0,0 +1,88 @@ +defmodule BeetRoundServerWeb.AdminSessionController do + use BeetRoundServerWeb, :controller + + alias BeetRoundServer.Admins + alias BeetRoundServerWeb.AdminAuth + + def new(conn, _params) do + email = get_in(conn.assigns, [:current_scope, Access.key(:admin), Access.key(:email)]) + form = Phoenix.Component.to_form(%{"email" => email}, as: "admin") + + render(conn, :new, form: form) + end + + # magic link login + def create(conn, %{"admin" => %{"token" => token} = admin_params} = params) do + info = + case params do + %{"_action" => "confirmed"} -> "Admin confirmed successfully." + _ -> "Welcome back!" + end + + case Admins.login_admin_by_magic_link(token) do + {:ok, {admin, _expired_tokens}} -> + conn + |> put_flash(:info, info) + |> AdminAuth.log_in_admin(admin, admin_params) + + {:error, :not_found} -> + conn + |> put_flash(:error, "The link is invalid or it has expired.") + |> render(:new, form: Phoenix.Component.to_form(%{}, as: "admin")) + end + end + + # email + password login + def create(conn, %{"admin" => %{"email" => email, "password" => password} = admin_params}) do + if admin = Admins.get_admin_by_email_and_password(email, password) do + conn + |> put_flash(:info, "Welcome back!") + |> AdminAuth.log_in_admin(admin, admin_params) + else + form = Phoenix.Component.to_form(admin_params, as: "admin") + + # In order to prevent user enumeration attacks, don't disclose whether the email is registered. + conn + |> put_flash(:error, "Invalid email or password") + |> render(:new, form: form) + end + end + + # magic link request + def create(conn, %{"admin" => %{"email" => email}}) do + if admin = Admins.get_admin_by_email(email) do + Admins.deliver_login_instructions( + admin, + &url(~p"/admins/log-in/#{&1}") + ) + end + + info = + "If your email is in our system, you will receive instructions for logging in shortly." + + conn + |> put_flash(:info, info) + |> redirect(to: ~p"/admins/log-in") + end + + def confirm(conn, %{"token" => token}) do + if admin = Admins.get_admin_by_magic_link_token(token) do + form = Phoenix.Component.to_form(%{"token" => token}, as: "admin") + + conn + |> assign(:admin, admin) + |> assign(:form, form) + |> render(:confirm) + else + conn + |> put_flash(:error, "Magic link is invalid or it has expired.") + |> redirect(to: ~p"/admins/log-in") + end + end + + def delete(conn, _params) do + conn + |> put_flash(:info, "Logged out successfully.") + |> AdminAuth.log_out_admin() + end +end diff --git a/lib/beet_round_server_web/controllers/admin_session_html.ex b/lib/beet_round_server_web/controllers/admin_session_html.ex new file mode 100644 index 0000000..855e875 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_session_html.ex @@ -0,0 +1,9 @@ +defmodule BeetRoundServerWeb.AdminSessionHTML do + use BeetRoundServerWeb, :html + + embed_templates "admin_session_html/*" + + defp local_mail_adapter? do + Application.get_env(:beet_round_server, BeetRoundServer.Mailer)[:adapter] == Swoosh.Adapters.Local + end +end diff --git a/lib/beet_round_server_web/controllers/admin_session_html/confirm.html.heex b/lib/beet_round_server_web/controllers/admin_session_html/confirm.html.heex new file mode 100644 index 0000000..95edef9 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_session_html/confirm.html.heex @@ -0,0 +1,59 @@ + +
+
+ <.header>Welcome {@admin.email} +
+ + <.form + :if={!@admin.confirmed_at} + for={@form} + id="confirmation_form" + action={~p"/admins/log-in?_action=confirmed"} + phx-mounted={JS.focus_first()} + > + + <.button + name={@form[:remember_me].name} + value="true" + phx-disable-with="Confirming..." + class="btn btn-primary w-full" + > + Confirm and stay logged in + + <.button phx-disable-with="Confirming..." class="btn btn-primary btn-soft w-full mt-2"> + Confirm and log in only this time + + + + <.form + :if={@admin.confirmed_at} + for={@form} + id="login_form" + action={~p"/admins/log-in"} + phx-mounted={JS.focus_first()} + > + + <%= if @current_scope do %> + <.button variant="primary" phx-disable-with="Logging in..." class="btn btn-primary w-full"> + Log in + + <% else %> + <.button + name={@form[:remember_me].name} + value="true" + phx-disable-with="Logging in..." + class="btn btn-primary w-full" + > + Keep me logged in on this device + + <.button phx-disable-with="Logging in..." class="btn btn-primary btn-soft w-full mt-2"> + Log me in only this time + + <% end %> + + +

+ Tip: If you prefer passwords, you can enable them in the admin settings. +

+
+ diff --git a/lib/beet_round_server_web/controllers/admin_session_html/new.html.heex b/lib/beet_round_server_web/controllers/admin_session_html/new.html.heex new file mode 100644 index 0000000..379a1d1 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_session_html/new.html.heex @@ -0,0 +1,70 @@ + +
+
+ <.header> +

Log in

+ <:subtitle> + <%= if @current_scope do %> + You need to reauthenticate to perform sensitive actions on your account. + <% else %> + Don't have an account? <.link + navigate={~p"/admins/register"} + class="font-semibold text-brand hover:underline" + phx-no-format + >Sign up for an account now. + <% end %> + + +
+ +
+ <.icon name="hero-information-circle" class="size-6 shrink-0" /> +
+

You are running the local mail adapter.

+

+ To see sent emails, visit <.link href="/dev/mailbox" class="underline">the mailbox page. +

+
+
+ + <.form :let={f} for={@form} as={:admin} id="login_form_magic" action={~p"/admins/log-in"}> + <.input + readonly={!!@current_scope} + field={f[:email]} + type="email" + label="Email" + autocomplete="email" + required + phx-mounted={JS.focus()} + /> + <.button class="btn btn-primary w-full"> + Log in with email + + + +
or
+ + <.form :let={f} for={@form} as={:admin} id="login_form_password" action={~p"/admins/log-in"}> + <.input + readonly={!!@current_scope} + field={f[:email]} + type="email" + label="Email" + autocomplete="email" + required + /> + <.input + field={f[:password]} + type="password" + label="Password" + autocomplete="current-password" + /> + <.button class="btn btn-primary w-full" name={@form[:remember_me].name} value="true"> + Log in and stay logged in + + <.button class="btn btn-primary btn-soft w-full mt-2"> + Log in only this time + + +
+ diff --git a/lib/beet_round_server_web/controllers/admin_settings_controller.ex b/lib/beet_round_server_web/controllers/admin_settings_controller.ex new file mode 100644 index 0000000..ba2d433 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_settings_controller.ex @@ -0,0 +1,77 @@ +defmodule BeetRoundServerWeb.AdminSettingsController do + use BeetRoundServerWeb, :controller + + alias BeetRoundServer.Admins + alias BeetRoundServerWeb.AdminAuth + + import BeetRoundServerWeb.AdminAuth, only: [require_sudo_mode: 2] + + plug :require_sudo_mode + plug :assign_email_and_password_changesets + + def edit(conn, _params) do + render(conn, :edit) + end + + def update(conn, %{"action" => "update_email"} = params) do + %{"admin" => admin_params} = params + admin = conn.assigns.current_scope.admin + + case Admins.change_admin_email(admin, admin_params) do + %{valid?: true} = changeset -> + Admins.deliver_admin_update_email_instructions( + Ecto.Changeset.apply_action!(changeset, :insert), + admin.email, + &url(~p"/admins/settings/confirm-email/#{&1}") + ) + + conn + |> put_flash( + :info, + "A link to confirm your email change has been sent to the new address." + ) + |> redirect(to: ~p"/admins/settings") + + changeset -> + render(conn, :edit, email_changeset: %{changeset | action: :insert}) + end + end + + def update(conn, %{"action" => "update_password"} = params) do + %{"admin" => admin_params} = params + admin = conn.assigns.current_scope.admin + + case Admins.update_admin_password(admin, admin_params) do + {:ok, {admin, _}} -> + conn + |> put_flash(:info, "Password updated successfully.") + |> put_session(:admin_return_to, ~p"/admins/settings") + |> AdminAuth.log_in_admin(admin) + + {:error, changeset} -> + render(conn, :edit, password_changeset: changeset) + end + end + + def confirm_email(conn, %{"token" => token}) do + case Admins.update_admin_email(conn.assigns.current_scope.admin, token) do + {:ok, _admin} -> + conn + |> put_flash(:info, "Email changed successfully.") + |> redirect(to: ~p"/admins/settings") + + {:error, _} -> + conn + |> put_flash(:error, "Email change link is invalid or it has expired.") + |> redirect(to: ~p"/admins/settings") + end + end + + defp assign_email_and_password_changesets(conn, _opts) do + admin = conn.assigns.current_scope.admin + + conn + |> assign(:email_changeset, Admins.change_admin_email(admin)) + |> assign(:password_changeset, Admins.change_admin_password(admin)) + end +end diff --git a/lib/beet_round_server_web/controllers/admin_settings_html.ex b/lib/beet_round_server_web/controllers/admin_settings_html.ex new file mode 100644 index 0000000..76043f4 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_settings_html.ex @@ -0,0 +1,5 @@ +defmodule BeetRoundServerWeb.AdminSettingsHTML do + use BeetRoundServerWeb, :html + + embed_templates "admin_settings_html/*" +end diff --git a/lib/beet_round_server_web/controllers/admin_settings_html/edit.html.heex b/lib/beet_round_server_web/controllers/admin_settings_html/edit.html.heex new file mode 100644 index 0000000..2386264 --- /dev/null +++ b/lib/beet_round_server_web/controllers/admin_settings_html/edit.html.heex @@ -0,0 +1,40 @@ + +
+ <.header> + Account Settings + <:subtitle>Manage your account email address and password settings + +
+ + <.form :let={f} for={@email_changeset} action={~p"/admins/settings"} id="update_email"> + + + <.input field={f[:email]} type="email" label="Email" autocomplete="email" required /> + + <.button variant="primary" phx-disable-with="Changing...">Change Email + + +
+ + <.form :let={f} for={@password_changeset} action={~p"/admins/settings"} id="update_password"> + + + <.input + field={f[:password]} + type="password" + label="New password" + autocomplete="new-password" + required + /> + <.input + field={f[:password_confirmation]} + type="password" + label="Confirm new password" + autocomplete="new-password" + required + /> + <.button variant="primary" phx-disable-with="Changing..."> + Save Password + + + diff --git a/lib/beet_round_server_web/router.ex b/lib/beet_round_server_web/router.ex index 9430531..697d00c 100644 --- a/lib/beet_round_server_web/router.ex +++ b/lib/beet_round_server_web/router.ex @@ -1,6 +1,8 @@ defmodule BeetRoundServerWeb.Router do use BeetRoundServerWeb, :router + import BeetRoundServerWeb.AdminAuth + import BeetRoundServerWeb.UserAuth pipeline :browser do @@ -10,6 +12,7 @@ defmodule BeetRoundServerWeb.Router do plug :put_root_layout, html: {BeetRoundServerWeb.Layouts, :root} plug :protect_from_forgery plug :put_secure_browser_headers + plug :fetch_current_scope_for_admin plug :fetch_current_scope_for_user end @@ -23,6 +26,12 @@ defmodule BeetRoundServerWeb.Router do get "/", PageController, :home end + scope "/api", BeetRoundServerWeb do + pipe_through :api + post "/log_in", AdminController, :log_in + post "/admin_create", AdminController, :create + end + # Other scopes may use custom stacks. scope "/api", BeetRoundServerWeb do pipe_through :api @@ -93,4 +102,30 @@ defmodule BeetRoundServerWeb.Router do get "/log_in/:token", UserSessionController, :login end + + ## Authentication routes + + scope "/", BeetRoundServerWeb do + pipe_through [:browser, :redirect_if_admin_is_authenticated] + + get "/admins/register", AdminRegistrationController, :new + post "/admins/register", AdminRegistrationController, :create + end + + scope "/", BeetRoundServerWeb do + pipe_through [:browser, :require_authenticated_admin] + + get "/admins/settings", AdminSettingsController, :edit + put "/admins/settings", AdminSettingsController, :update + get "/admins/settings/confirm-email/:token", AdminSettingsController, :confirm_email + end + + scope "/", BeetRoundServerWeb do + pipe_through [:browser] + + get "/admins/log-in", AdminSessionController, :new + get "/admins/log-in/:token", AdminSessionController, :confirm + post "/admins/log-in", AdminSessionController, :create + delete "/admins/log-out", AdminSessionController, :delete + end end diff --git a/priv/repo/migrations/20260220064646_create_admins_auth_tables.exs b/priv/repo/migrations/20260220064646_create_admins_auth_tables.exs new file mode 100644 index 0000000..2c4e7ec --- /dev/null +++ b/priv/repo/migrations/20260220064646_create_admins_auth_tables.exs @@ -0,0 +1,32 @@ +defmodule BeetRoundServer.Repo.Migrations.CreateAdminsAuthTables do + use Ecto.Migration + + def change do + execute "CREATE EXTENSION IF NOT EXISTS citext", "" + + create table(:admins, primary_key: false) do + add :id, :binary_id, primary_key: true + add :email, :citext, null: false + add :hashed_password, :string + add :confirmed_at, :utc_datetime + + timestamps(type: :utc_datetime) + end + + create unique_index(:admins, [:email]) + + create table(:admins_tokens, primary_key: false) do + add :id, :binary_id, primary_key: true + add :admin_id, references(:admins, type: :binary_id, on_delete: :delete_all), null: false + add :token, :binary, null: false + add :context, :string, null: false + add :sent_to, :string + add :authenticated_at, :utc_datetime + + timestamps(type: :utc_datetime, updated_at: false) + end + + create index(:admins_tokens, [:admin_id]) + create unique_index(:admins_tokens, [:context, :token]) + end +end diff --git a/test/beet_round_server/admins_test.exs b/test/beet_round_server/admins_test.exs new file mode 100644 index 0000000..2177a18 --- /dev/null +++ b/test/beet_round_server/admins_test.exs @@ -0,0 +1,397 @@ +defmodule BeetRoundServer.AdminsTest do + use BeetRoundServer.DataCase + + alias BeetRoundServer.Admins + + import BeetRoundServer.AdminsFixtures + alias BeetRoundServer.Admins.{Admin, AdminToken} + + describe "get_admin_by_email/1" do + test "does not return the admin if the email does not exist" do + refute Admins.get_admin_by_email("unknown@example.com") + end + + test "returns the admin if the email exists" do + %{id: id} = admin = admin_fixture() + assert %Admin{id: ^id} = Admins.get_admin_by_email(admin.email) + end + end + + describe "get_admin_by_email_and_password/2" do + test "does not return the admin if the email does not exist" do + refute Admins.get_admin_by_email_and_password("unknown@example.com", "hello world!") + end + + test "does not return the admin if the password is not valid" do + admin = admin_fixture() |> set_password() + refute Admins.get_admin_by_email_and_password(admin.email, "invalid") + end + + test "returns the admin if the email and password are valid" do + %{id: id} = admin = admin_fixture() |> set_password() + + assert %Admin{id: ^id} = + Admins.get_admin_by_email_and_password(admin.email, valid_admin_password()) + end + end + + describe "get_admin!/1" do + test "raises if id is invalid" do + assert_raise Ecto.NoResultsError, fn -> + Admins.get_admin!("11111111-1111-1111-1111-111111111111") + end + end + + test "returns the admin with the given id" do + %{id: id} = admin = admin_fixture() + assert %Admin{id: ^id} = Admins.get_admin!(admin.id) + end + end + + describe "register_admin/1" do + test "requires email to be set" do + {:error, changeset} = Admins.register_admin(%{}) + + assert %{email: ["can't be blank"]} = errors_on(changeset) + end + + test "validates email when given" do + {:error, changeset} = Admins.register_admin(%{email: "not valid"}) + + assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset) + end + + test "validates maximum values for email for security" do + too_long = String.duplicate("db", 100) + {:error, changeset} = Admins.register_admin(%{email: too_long}) + assert "should be at most 160 character(s)" in errors_on(changeset).email + end + + test "validates email uniqueness" do + %{email: email} = admin_fixture() + {:error, changeset} = Admins.register_admin(%{email: email}) + assert "has already been taken" in errors_on(changeset).email + + # Now try with the uppercased email too, to check that email case is ignored. + {:error, changeset} = Admins.register_admin(%{email: String.upcase(email)}) + assert "has already been taken" in errors_on(changeset).email + end + + test "registers admins without password" do + email = unique_admin_email() + {:ok, admin} = Admins.register_admin(valid_admin_attributes(email: email)) + assert admin.email == email + assert is_nil(admin.hashed_password) + assert is_nil(admin.confirmed_at) + assert is_nil(admin.password) + end + end + + describe "sudo_mode?/2" do + test "validates the authenticated_at time" do + now = DateTime.utc_now() + + assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.utc_now()}) + assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -19, :minute)}) + refute Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -21, :minute)}) + + # minute override + refute Admins.sudo_mode?( + %Admin{authenticated_at: DateTime.add(now, -11, :minute)}, + -10 + ) + + # not authenticated + refute Admins.sudo_mode?(%Admin{}) + end + end + + describe "change_admin_email/3" do + test "returns a admin changeset" do + assert %Ecto.Changeset{} = changeset = Admins.change_admin_email(%Admin{}) + assert changeset.required == [:email] + end + end + + describe "deliver_admin_update_email_instructions/3" do + setup do + %{admin: admin_fixture()} + end + + test "sends token through notification", %{admin: admin} do + token = + extract_admin_token(fn url -> + Admins.deliver_admin_update_email_instructions(admin, "current@example.com", url) + end) + + {:ok, token} = Base.url_decode64(token, padding: false) + assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token)) + assert admin_token.admin_id == admin.id + assert admin_token.sent_to == admin.email + assert admin_token.context == "change:current@example.com" + end + end + + describe "update_admin_email/2" do + setup do + admin = unconfirmed_admin_fixture() + email = unique_admin_email() + + token = + extract_admin_token(fn url -> + Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url) + end) + + %{admin: admin, token: token, email: email} + end + + test "updates the email with a valid token", %{admin: admin, token: token, email: email} do + assert {:ok, %{email: ^email}} = Admins.update_admin_email(admin, token) + changed_admin = Repo.get!(Admin, admin.id) + assert changed_admin.email != admin.email + assert changed_admin.email == email + refute Repo.get_by(AdminToken, admin_id: admin.id) + end + + test "does not update email with invalid token", %{admin: admin} do + assert Admins.update_admin_email(admin, "oops") == + {:error, :transaction_aborted} + + assert Repo.get!(Admin, admin.id).email == admin.email + assert Repo.get_by(AdminToken, admin_id: admin.id) + end + + test "does not update email if admin email changed", %{admin: admin, token: token} do + assert Admins.update_admin_email(%{admin | email: "current@example.com"}, token) == + {:error, :transaction_aborted} + + assert Repo.get!(Admin, admin.id).email == admin.email + assert Repo.get_by(AdminToken, admin_id: admin.id) + end + + test "does not update email if token expired", %{admin: admin, token: token} do + {1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + + assert Admins.update_admin_email(admin, token) == + {:error, :transaction_aborted} + + assert Repo.get!(Admin, admin.id).email == admin.email + assert Repo.get_by(AdminToken, admin_id: admin.id) + end + end + + describe "change_admin_password/3" do + test "returns a admin changeset" do + assert %Ecto.Changeset{} = changeset = Admins.change_admin_password(%Admin{}) + assert changeset.required == [:password] + end + + test "allows fields to be set" do + changeset = + Admins.change_admin_password( + %Admin{}, + %{ + "password" => "new valid password" + }, + hash_password: false + ) + + assert changeset.valid? + assert get_change(changeset, :password) == "new valid password" + assert is_nil(get_change(changeset, :hashed_password)) + end + end + + describe "update_admin_password/2" do + setup do + %{admin: admin_fixture()} + end + + test "validates password", %{admin: admin} do + {:error, changeset} = + Admins.update_admin_password(admin, %{ + password: "not valid", + password_confirmation: "another" + }) + + assert %{ + password: ["should be at least 12 character(s)"], + password_confirmation: ["does not match password"] + } = errors_on(changeset) + end + + test "validates maximum values for password for security", %{admin: admin} do + too_long = String.duplicate("db", 100) + + {:error, changeset} = + Admins.update_admin_password(admin, %{password: too_long}) + + assert "should be at most 72 character(s)" in errors_on(changeset).password + end + + test "updates the password", %{admin: admin} do + {:ok, {admin, expired_tokens}} = + Admins.update_admin_password(admin, %{ + password: "new valid password" + }) + + assert expired_tokens == [] + assert is_nil(admin.password) + assert Admins.get_admin_by_email_and_password(admin.email, "new valid password") + end + + test "deletes all tokens for the given admin", %{admin: admin} do + _ = Admins.generate_admin_session_token(admin) + + {:ok, {_, _}} = + Admins.update_admin_password(admin, %{ + password: "new valid password" + }) + + refute Repo.get_by(AdminToken, admin_id: admin.id) + end + end + + describe "generate_admin_session_token/1" do + setup do + %{admin: admin_fixture()} + end + + test "generates a token", %{admin: admin} do + token = Admins.generate_admin_session_token(admin) + assert admin_token = Repo.get_by(AdminToken, token: token) + assert admin_token.context == "session" + assert admin_token.authenticated_at != nil + + # Creating the same token for another admin should fail + assert_raise Ecto.ConstraintError, fn -> + Repo.insert!(%AdminToken{ + token: admin_token.token, + admin_id: admin_fixture().id, + context: "session" + }) + end + end + + test "duplicates the authenticated_at of given admin in new token", %{admin: admin} do + admin = %{admin | authenticated_at: DateTime.add(DateTime.utc_now(:second), -3600)} + token = Admins.generate_admin_session_token(admin) + assert admin_token = Repo.get_by(AdminToken, token: token) + assert admin_token.authenticated_at == admin.authenticated_at + assert DateTime.compare(admin_token.inserted_at, admin.authenticated_at) == :gt + end + end + + describe "get_admin_by_session_token/1" do + setup do + admin = admin_fixture() + token = Admins.generate_admin_session_token(admin) + %{admin: admin, token: token} + end + + test "returns admin by token", %{admin: admin, token: token} do + assert {session_admin, token_inserted_at} = Admins.get_admin_by_session_token(token) + assert session_admin.id == admin.id + assert session_admin.authenticated_at != nil + assert token_inserted_at != nil + end + + test "does not return admin for invalid token" do + refute Admins.get_admin_by_session_token("oops") + end + + test "does not return admin for expired token", %{token: token} do + dt = ~N[2020-01-01 00:00:00] + {1, nil} = Repo.update_all(AdminToken, set: [inserted_at: dt, authenticated_at: dt]) + refute Admins.get_admin_by_session_token(token) + end + end + + describe "get_admin_by_magic_link_token/1" do + setup do + admin = admin_fixture() + {encoded_token, _hashed_token} = generate_admin_magic_link_token(admin) + %{admin: admin, token: encoded_token} + end + + test "returns admin by token", %{admin: admin, token: token} do + assert session_admin = Admins.get_admin_by_magic_link_token(token) + assert session_admin.id == admin.id + end + + test "does not return admin for invalid token" do + refute Admins.get_admin_by_magic_link_token("oops") + end + + test "does not return admin for expired token", %{token: token} do + {1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + refute Admins.get_admin_by_magic_link_token(token) + end + end + + describe "login_admin_by_magic_link/1" do + test "confirms admin and expires tokens" do + admin = unconfirmed_admin_fixture() + refute admin.confirmed_at + {encoded_token, hashed_token} = generate_admin_magic_link_token(admin) + + assert {:ok, {admin, [%{token: ^hashed_token}]}} = + Admins.login_admin_by_magic_link(encoded_token) + + assert admin.confirmed_at + end + + test "returns admin and (deleted) token for confirmed admin" do + admin = admin_fixture() + assert admin.confirmed_at + {encoded_token, _hashed_token} = generate_admin_magic_link_token(admin) + assert {:ok, {^admin, []}} = Admins.login_admin_by_magic_link(encoded_token) + # one time use only + assert {:error, :not_found} = Admins.login_admin_by_magic_link(encoded_token) + end + + test "raises when unconfirmed admin has password set" do + admin = unconfirmed_admin_fixture() + {1, nil} = Repo.update_all(Admin, set: [hashed_password: "hashed"]) + {encoded_token, _hashed_token} = generate_admin_magic_link_token(admin) + + assert_raise RuntimeError, ~r/magic link log in is not allowed/, fn -> + Admins.login_admin_by_magic_link(encoded_token) + end + end + end + + describe "delete_admin_session_token/1" do + test "deletes the token" do + admin = admin_fixture() + token = Admins.generate_admin_session_token(admin) + assert Admins.delete_admin_session_token(token) == :ok + refute Admins.get_admin_by_session_token(token) + end + end + + describe "deliver_login_instructions/2" do + setup do + %{admin: unconfirmed_admin_fixture()} + end + + test "sends token through notification", %{admin: admin} do + token = + extract_admin_token(fn url -> + Admins.deliver_login_instructions(admin, url) + end) + + {:ok, token} = Base.url_decode64(token, padding: false) + assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token)) + assert admin_token.admin_id == admin.id + assert admin_token.sent_to == admin.email + assert admin_token.context == "login" + end + end + + describe "inspect/2 for the Admin module" do + test "does not include password" do + refute inspect(%Admin{password: "123456"}) =~ "password: \"123456\"" + end + end +end diff --git a/test/beet_round_server_web/admin_auth_test.exs b/test/beet_round_server_web/admin_auth_test.exs new file mode 100644 index 0000000..7037f0a --- /dev/null +++ b/test/beet_round_server_web/admin_auth_test.exs @@ -0,0 +1,293 @@ +defmodule BeetRoundServerWeb.AdminAuthTest do + use BeetRoundServerWeb.ConnCase, async: true + + alias BeetRoundServer.Admins + alias BeetRoundServer.Admins.Scope + alias BeetRoundServerWeb.AdminAuth + + import BeetRoundServer.AdminsFixtures + + @remember_me_cookie "_beet_round_server_web_admin_remember_me" + @remember_me_cookie_max_age 60 * 60 * 24 * 14 + + setup %{conn: conn} do + conn = + conn + |> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base)) + |> init_test_session(%{}) + + %{admin: %{admin_fixture() | authenticated_at: DateTime.utc_now(:second)}, conn: conn} + end + + describe "log_in_admin/3" do + test "stores the admin token in the session", %{conn: conn, admin: admin} do + conn = AdminAuth.log_in_admin(conn, admin) + assert token = get_session(conn, :admin_token) + assert redirected_to(conn) == ~p"/" + assert Admins.get_admin_by_session_token(token) + end + + test "clears everything previously stored in the session", %{conn: conn, admin: admin} do + conn = conn |> put_session(:to_be_removed, "value") |> AdminAuth.log_in_admin(admin) + refute get_session(conn, :to_be_removed) + end + + test "keeps session when re-authenticating", %{conn: conn, admin: admin} do + conn = + conn + |> assign(:current_scope, Scope.for_admin(admin)) + |> put_session(:to_be_removed, "value") + |> AdminAuth.log_in_admin(admin) + + assert get_session(conn, :to_be_removed) + end + + test "clears session when admin does not match when re-authenticating", %{ + conn: conn, + admin: admin + } do + other_admin = admin_fixture() + + conn = + conn + |> assign(:current_scope, Scope.for_admin(other_admin)) + |> put_session(:to_be_removed, "value") + |> AdminAuth.log_in_admin(admin) + + refute get_session(conn, :to_be_removed) + end + + test "redirects to the configured path", %{conn: conn, admin: admin} do + conn = conn |> put_session(:admin_return_to, "/hello") |> AdminAuth.log_in_admin(admin) + assert redirected_to(conn) == "/hello" + end + + test "writes a cookie if remember_me is configured", %{conn: conn, admin: admin} do + conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"}) + assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie] + assert get_session(conn, :admin_remember_me) == true + + assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie] + assert signed_token != get_session(conn, :admin_token) + assert max_age == @remember_me_cookie_max_age + end + + test "writes a cookie if remember_me was set in previous session", %{conn: conn, admin: admin} do + conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"}) + assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie] + assert get_session(conn, :admin_remember_me) == true + + conn = + conn + |> recycle() + |> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base)) + |> fetch_cookies() + |> init_test_session(%{admin_remember_me: true}) + + # the conn is already logged in and has the remember_me cookie set, + # now we log in again and even without explicitly setting remember_me, + # the cookie should be set again + conn = conn |> AdminAuth.log_in_admin(admin, %{}) + assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie] + assert signed_token != get_session(conn, :admin_token) + assert max_age == @remember_me_cookie_max_age + assert get_session(conn, :admin_remember_me) == true + end + end + + describe "logout_admin/1" do + test "erases session and cookies", %{conn: conn, admin: admin} do + admin_token = Admins.generate_admin_session_token(admin) + + conn = + conn + |> put_session(:admin_token, admin_token) + |> put_req_cookie(@remember_me_cookie, admin_token) + |> fetch_cookies() + |> AdminAuth.log_out_admin() + + refute get_session(conn, :admin_token) + refute conn.cookies[@remember_me_cookie] + assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie] + assert redirected_to(conn) == ~p"/" + refute Admins.get_admin_by_session_token(admin_token) + end + + test "works even if admin is already logged out", %{conn: conn} do + conn = conn |> fetch_cookies() |> AdminAuth.log_out_admin() + refute get_session(conn, :admin_token) + assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie] + assert redirected_to(conn) == ~p"/" + end + end + + describe "fetch_current_scope_for_admin/2" do + test "authenticates admin from session", %{conn: conn, admin: admin} do + admin_token = Admins.generate_admin_session_token(admin) + + conn = + conn |> put_session(:admin_token, admin_token) |> AdminAuth.fetch_current_scope_for_admin([]) + + assert conn.assigns.current_scope.admin.id == admin.id + assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at + assert get_session(conn, :admin_token) == admin_token + end + + test "authenticates admin from cookies", %{conn: conn, admin: admin} do + logged_in_conn = + conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"}) + + admin_token = logged_in_conn.cookies[@remember_me_cookie] + %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie] + + conn = + conn + |> put_req_cookie(@remember_me_cookie, signed_token) + |> AdminAuth.fetch_current_scope_for_admin([]) + + assert conn.assigns.current_scope.admin.id == admin.id + assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at + assert get_session(conn, :admin_token) == admin_token + assert get_session(conn, :admin_remember_me) + end + + test "does not authenticate if data is missing", %{conn: conn, admin: admin} do + _ = Admins.generate_admin_session_token(admin) + conn = AdminAuth.fetch_current_scope_for_admin(conn, []) + refute get_session(conn, :admin_token) + refute conn.assigns.current_scope + end + + test "reissues a new token after a few days and refreshes cookie", %{conn: conn, admin: admin} do + logged_in_conn = + conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"}) + + token = logged_in_conn.cookies[@remember_me_cookie] + %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie] + + offset_admin_token(token, -10, :day) + {admin, _} = Admins.get_admin_by_session_token(token) + + conn = + conn + |> put_session(:admin_token, token) + |> put_session(:admin_remember_me, true) + |> put_req_cookie(@remember_me_cookie, signed_token) + |> AdminAuth.fetch_current_scope_for_admin([]) + + assert conn.assigns.current_scope.admin.id == admin.id + assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at + assert new_token = get_session(conn, :admin_token) + assert new_token != token + assert %{value: new_signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie] + assert new_signed_token != signed_token + assert max_age == @remember_me_cookie_max_age + end + end + + describe "require_sudo_mode/2" do + test "allows admins that have authenticated in the last 10 minutes", %{conn: conn, admin: admin} do + conn = + conn + |> fetch_flash() + |> assign(:current_scope, Scope.for_admin(admin)) + |> AdminAuth.require_sudo_mode([]) + + refute conn.halted + refute conn.status + end + + test "redirects when authentication is too old", %{conn: conn, admin: admin} do + eleven_minutes_ago = DateTime.utc_now(:second) |> DateTime.add(-11, :minute) + admin = %{admin | authenticated_at: eleven_minutes_ago} + admin_token = Admins.generate_admin_session_token(admin) + {admin, token_inserted_at} = Admins.get_admin_by_session_token(admin_token) + assert DateTime.compare(token_inserted_at, admin.authenticated_at) == :gt + + conn = + conn + |> fetch_flash() + |> assign(:current_scope, Scope.for_admin(admin)) + |> AdminAuth.require_sudo_mode([]) + + assert redirected_to(conn) == ~p"/admins/log-in" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) == + "You must re-authenticate to access this page." + end + end + + describe "redirect_if_admin_is_authenticated/2" do + setup %{conn: conn} do + %{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])} + end + + test "redirects if admin is authenticated", %{conn: conn, admin: admin} do + conn = + conn + |> assign(:current_scope, Scope.for_admin(admin)) + |> AdminAuth.redirect_if_admin_is_authenticated([]) + + assert conn.halted + assert redirected_to(conn) == ~p"/" + end + + test "does not redirect if admin is not authenticated", %{conn: conn} do + conn = AdminAuth.redirect_if_admin_is_authenticated(conn, []) + refute conn.halted + refute conn.status + end + end + + describe "require_authenticated_admin/2" do + setup %{conn: conn} do + %{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])} + end + + test "redirects if admin is not authenticated", %{conn: conn} do + conn = conn |> fetch_flash() |> AdminAuth.require_authenticated_admin([]) + assert conn.halted + + assert redirected_to(conn) == ~p"/admins/log-in" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) == + "You must log in to access this page." + end + + test "stores the path to redirect to on GET", %{conn: conn} do + halted_conn = + %{conn | path_info: ["foo"], query_string: ""} + |> fetch_flash() + |> AdminAuth.require_authenticated_admin([]) + + assert halted_conn.halted + assert get_session(halted_conn, :admin_return_to) == "/foo" + + halted_conn = + %{conn | path_info: ["foo"], query_string: "bar=baz"} + |> fetch_flash() + |> AdminAuth.require_authenticated_admin([]) + + assert halted_conn.halted + assert get_session(halted_conn, :admin_return_to) == "/foo?bar=baz" + + halted_conn = + %{conn | path_info: ["foo"], query_string: "bar", method: "POST"} + |> fetch_flash() + |> AdminAuth.require_authenticated_admin([]) + + assert halted_conn.halted + refute get_session(halted_conn, :admin_return_to) + end + + test "does not redirect if admin is authenticated", %{conn: conn, admin: admin} do + conn = + conn + |> assign(:current_scope, Scope.for_admin(admin)) + |> AdminAuth.require_authenticated_admin([]) + + refute conn.halted + refute conn.status + end + end +end diff --git a/test/beet_round_server_web/controllers/admin_registration_controller_test.exs b/test/beet_round_server_web/controllers/admin_registration_controller_test.exs new file mode 100644 index 0000000..a41bec7 --- /dev/null +++ b/test/beet_round_server_web/controllers/admin_registration_controller_test.exs @@ -0,0 +1,50 @@ +defmodule BeetRoundServerWeb.AdminRegistrationControllerTest do + use BeetRoundServerWeb.ConnCase, async: true + + import BeetRoundServer.AdminsFixtures + + describe "GET /admins/register" do + test "renders registration page", %{conn: conn} do + conn = get(conn, ~p"/admins/register") + response = html_response(conn, 200) + assert response =~ "Register" + assert response =~ ~p"/admins/log-in" + assert response =~ ~p"/admins/register" + end + + test "redirects if already logged in", %{conn: conn} do + conn = conn |> log_in_admin(admin_fixture()) |> get(~p"/admins/register") + + assert redirected_to(conn) == ~p"/" + end + end + + describe "POST /admins/register" do + @tag :capture_log + test "creates account but does not log in", %{conn: conn} do + email = unique_admin_email() + + conn = + post(conn, ~p"/admins/register", %{ + "admin" => valid_admin_attributes(email: email) + }) + + refute get_session(conn, :admin_token) + assert redirected_to(conn) == ~p"/admins/log-in" + + assert conn.assigns.flash["info"] =~ + ~r/An email was sent to .*, please access it to confirm your account/ + end + + test "render errors for invalid data", %{conn: conn} do + conn = + post(conn, ~p"/admins/register", %{ + "admin" => %{"email" => "with spaces"} + }) + + response = html_response(conn, 200) + assert response =~ "Register" + assert response =~ "must have the @ sign and no spaces" + end + end +end diff --git a/test/beet_round_server_web/controllers/admin_session_controller_test.exs b/test/beet_round_server_web/controllers/admin_session_controller_test.exs new file mode 100644 index 0000000..4a5ba2b --- /dev/null +++ b/test/beet_round_server_web/controllers/admin_session_controller_test.exs @@ -0,0 +1,220 @@ +defmodule BeetRoundServerWeb.AdminSessionControllerTest do + use BeetRoundServerWeb.ConnCase, async: true + + import BeetRoundServer.AdminsFixtures + alias BeetRoundServer.Admins + + setup do + %{unconfirmed_admin: unconfirmed_admin_fixture(), admin: admin_fixture()} + end + + describe "GET /admins/log-in" do + test "renders login page", %{conn: conn} do + conn = get(conn, ~p"/admins/log-in") + response = html_response(conn, 200) + assert response =~ "Log in" + assert response =~ ~p"/admins/register" + assert response =~ "Log in with email" + end + + test "renders login page with email filled in (sudo mode)", %{conn: conn, admin: admin} do + html = + conn + |> log_in_admin(admin) + |> get(~p"/admins/log-in") + |> html_response(200) + + assert html =~ "You need to reauthenticate" + refute html =~ "Register" + assert html =~ "Log in with email" + + assert html =~ + ~s( + Admins.deliver_login_instructions(admin, url) + end) + + conn = get(conn, ~p"/admins/log-in/#{token}") + assert html_response(conn, 200) =~ "Confirm and stay logged in" + end + + test "renders login page for confirmed admin", %{conn: conn, admin: admin} do + token = + extract_admin_token(fn url -> + Admins.deliver_login_instructions(admin, url) + end) + + conn = get(conn, ~p"/admins/log-in/#{token}") + html = html_response(conn, 200) + refute html =~ "Confirm my account" + assert html =~ "Log in" + end + + test "raises error for invalid token", %{conn: conn} do + conn = get(conn, ~p"/admins/log-in/invalid-token") + assert redirected_to(conn) == ~p"/admins/log-in" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) == + "Magic link is invalid or it has expired." + end + end + + describe "POST /admins/log-in - email and password" do + test "logs the admin in", %{conn: conn, admin: admin} do + admin = set_password(admin) + + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{"email" => admin.email, "password" => valid_admin_password()} + }) + + assert get_session(conn, :admin_token) + assert redirected_to(conn) == ~p"/" + + # Now do a logged in request and assert on the menu + conn = get(conn, ~p"/") + response = html_response(conn, 200) + assert response =~ admin.email + assert response =~ ~p"/admins/settings" + assert response =~ ~p"/admins/log-out" + end + + test "logs the admin in with remember me", %{conn: conn, admin: admin} do + admin = set_password(admin) + + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{ + "email" => admin.email, + "password" => valid_admin_password(), + "remember_me" => "true" + } + }) + + assert conn.resp_cookies["_beet_round_server_web_admin_remember_me"] + assert redirected_to(conn) == ~p"/" + end + + test "logs the admin in with return to", %{conn: conn, admin: admin} do + admin = set_password(admin) + + conn = + conn + |> init_test_session(admin_return_to: "/foo/bar") + |> post(~p"/admins/log-in", %{ + "admin" => %{ + "email" => admin.email, + "password" => valid_admin_password() + } + }) + + assert redirected_to(conn) == "/foo/bar" + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!" + end + + test "emits error message with invalid credentials", %{conn: conn, admin: admin} do + conn = + post(conn, ~p"/admins/log-in?mode=password", %{ + "admin" => %{"email" => admin.email, "password" => "invalid_password"} + }) + + response = html_response(conn, 200) + assert response =~ "Log in" + assert response =~ "Invalid email or password" + end + end + + describe "POST /admins/log-in - magic link" do + test "sends magic link email when admin exists", %{conn: conn, admin: admin} do + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{"email" => admin.email} + }) + + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system" + assert BeetRoundServer.Repo.get_by!(Admins.AdminToken, admin_id: admin.id).context == "login" + end + + test "logs the admin in", %{conn: conn, admin: admin} do + {token, _hashed_token} = generate_admin_magic_link_token(admin) + + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{"token" => token} + }) + + assert get_session(conn, :admin_token) + assert redirected_to(conn) == ~p"/" + + # Now do a logged in request and assert on the menu + conn = get(conn, ~p"/") + response = html_response(conn, 200) + assert response =~ admin.email + assert response =~ ~p"/admins/settings" + assert response =~ ~p"/admins/log-out" + end + + test "confirms unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do + {token, _hashed_token} = generate_admin_magic_link_token(admin) + refute admin.confirmed_at + + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{"token" => token}, + "_action" => "confirmed" + }) + + assert get_session(conn, :admin_token) + assert redirected_to(conn) == ~p"/" + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Admin confirmed successfully." + + assert Admins.get_admin!(admin.id).confirmed_at + + # Now do a logged in request and assert on the menu + conn = get(conn, ~p"/") + response = html_response(conn, 200) + assert response =~ admin.email + assert response =~ ~p"/admins/settings" + assert response =~ ~p"/admins/log-out" + end + + test "emits error message when magic link is invalid", %{conn: conn} do + conn = + post(conn, ~p"/admins/log-in", %{ + "admin" => %{"token" => "invalid"} + }) + + assert html_response(conn, 200) =~ "The link is invalid or it has expired." + end + end + + describe "DELETE /admins/log-out" do + test "logs the admin out", %{conn: conn, admin: admin} do + conn = conn |> log_in_admin(admin) |> delete(~p"/admins/log-out") + assert redirected_to(conn) == ~p"/" + refute get_session(conn, :admin_token) + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully" + end + + test "succeeds even if the admin is not logged in", %{conn: conn} do + conn = delete(conn, ~p"/admins/log-out") + assert redirected_to(conn) == ~p"/" + refute get_session(conn, :admin_token) + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully" + end + end +end diff --git a/test/beet_round_server_web/controllers/admin_settings_controller_test.exs b/test/beet_round_server_web/controllers/admin_settings_controller_test.exs new file mode 100644 index 0000000..d086f16 --- /dev/null +++ b/test/beet_round_server_web/controllers/admin_settings_controller_test.exs @@ -0,0 +1,148 @@ +defmodule BeetRoundServerWeb.AdminSettingsControllerTest do + use BeetRoundServerWeb.ConnCase, async: true + + alias BeetRoundServer.Admins + import BeetRoundServer.AdminsFixtures + + setup :register_and_log_in_admin + + describe "GET /admins/settings" do + test "renders settings page", %{conn: conn} do + conn = get(conn, ~p"/admins/settings") + response = html_response(conn, 200) + assert response =~ "Settings" + end + + test "redirects if admin is not logged in" do + conn = build_conn() + conn = get(conn, ~p"/admins/settings") + assert redirected_to(conn) == ~p"/admins/log-in" + end + + @tag token_authenticated_at: DateTime.add(DateTime.utc_now(:second), -11, :minute) + test "redirects if admin is not in sudo mode", %{conn: conn} do + conn = get(conn, ~p"/admins/settings") + assert redirected_to(conn) == ~p"/admins/log-in" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) == + "You must re-authenticate to access this page." + end + end + + describe "PUT /admins/settings (change password form)" do + test "updates the admin password and resets tokens", %{conn: conn, admin: admin} do + new_password_conn = + put(conn, ~p"/admins/settings", %{ + "action" => "update_password", + "admin" => %{ + "password" => "new valid password", + "password_confirmation" => "new valid password" + } + }) + + assert redirected_to(new_password_conn) == ~p"/admins/settings" + + assert get_session(new_password_conn, :admin_token) != get_session(conn, :admin_token) + + assert Phoenix.Flash.get(new_password_conn.assigns.flash, :info) =~ + "Password updated successfully" + + assert Admins.get_admin_by_email_and_password(admin.email, "new valid password") + end + + test "does not update password on invalid data", %{conn: conn} do + old_password_conn = + put(conn, ~p"/admins/settings", %{ + "action" => "update_password", + "admin" => %{ + "password" => "too short", + "password_confirmation" => "does not match" + } + }) + + response = html_response(old_password_conn, 200) + assert response =~ "Settings" + assert response =~ "should be at least 12 character(s)" + assert response =~ "does not match password" + + assert get_session(old_password_conn, :admin_token) == get_session(conn, :admin_token) + end + end + + describe "PUT /admins/settings (change email form)" do + @tag :capture_log + test "updates the admin email", %{conn: conn, admin: admin} do + conn = + put(conn, ~p"/admins/settings", %{ + "action" => "update_email", + "admin" => %{"email" => unique_admin_email()} + }) + + assert redirected_to(conn) == ~p"/admins/settings" + + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ + "A link to confirm your email" + + assert Admins.get_admin_by_email(admin.email) + end + + test "does not update email on invalid data", %{conn: conn} do + conn = + put(conn, ~p"/admins/settings", %{ + "action" => "update_email", + "admin" => %{"email" => "with spaces"} + }) + + response = html_response(conn, 200) + assert response =~ "Settings" + assert response =~ "must have the @ sign and no spaces" + end + end + + describe "GET /admins/settings/confirm-email/:token" do + setup %{admin: admin} do + email = unique_admin_email() + + token = + extract_admin_token(fn url -> + Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url) + end) + + %{token: token, email: email} + end + + test "updates the admin email once", %{conn: conn, admin: admin, token: token, email: email} do + conn = get(conn, ~p"/admins/settings/confirm-email/#{token}") + assert redirected_to(conn) == ~p"/admins/settings" + + assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ + "Email changed successfully" + + refute Admins.get_admin_by_email(admin.email) + assert Admins.get_admin_by_email(email) + + conn = get(conn, ~p"/admins/settings/confirm-email/#{token}") + + assert redirected_to(conn) == ~p"/admins/settings" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ + "Email change link is invalid or it has expired" + end + + test "does not update email with invalid token", %{conn: conn, admin: admin} do + conn = get(conn, ~p"/admins/settings/confirm-email/oops") + assert redirected_to(conn) == ~p"/admins/settings" + + assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ + "Email change link is invalid or it has expired" + + assert Admins.get_admin_by_email(admin.email) + end + + test "redirects if admin is not logged in", %{token: token} do + conn = build_conn() + conn = get(conn, ~p"/admins/settings/confirm-email/#{token}") + assert redirected_to(conn) == ~p"/admins/log-in" + end + end +end diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex index ca8b0a5..044852a 100644 --- a/test/support/conn_case.ex +++ b/test/support/conn_case.ex @@ -76,4 +76,45 @@ defmodule BeetRoundServerWeb.ConnCase do defp maybe_set_token_authenticated_at(token, authenticated_at) do BeetRoundServer.AccountsFixtures.override_token_authenticated_at(token, authenticated_at) end + + @doc """ + Setup helper that registers and logs in admins. + + setup :register_and_log_in_admin + + It stores an updated connection and a registered admin in the + test context. + """ + def register_and_log_in_admin(%{conn: conn} = context) do + admin = BeetRoundServer.AdminsFixtures.admin_fixture() + scope = BeetRoundServer.Admins.Scope.for_admin(admin) + + opts = + context + |> Map.take([:token_authenticated_at]) + |> Enum.into([]) + + %{conn: log_in_admin(conn, admin, opts), admin: admin, scope: scope} + end + + @doc """ + Logs the given `admin` into the `conn`. + + It returns an updated `conn`. + """ + def log_in_admin(conn, admin, opts \\ []) do + token = BeetRoundServer.Admins.generate_admin_session_token(admin) + + maybe_set_token_authenticated_at(token, opts[:token_authenticated_at]) + + conn + |> Phoenix.ConnTest.init_test_session(%{}) + |> Plug.Conn.put_session(:admin_token, token) + end + + defp maybe_set_token_authenticated_at(_token, nil), do: nil + + defp maybe_set_token_authenticated_at(token, authenticated_at) do + BeetRoundServer.AdminsFixtures.override_token_authenticated_at(token, authenticated_at) + end end diff --git a/test/support/fixtures/admins_fixtures.ex b/test/support/fixtures/admins_fixtures.ex new file mode 100644 index 0000000..217425d --- /dev/null +++ b/test/support/fixtures/admins_fixtures.ex @@ -0,0 +1,89 @@ +defmodule BeetRoundServer.AdminsFixtures do + @moduledoc """ + This module defines test helpers for creating + entities via the `BeetRoundServer.Admins` context. + """ + + import Ecto.Query + + alias BeetRoundServer.Admins + alias BeetRoundServer.Admins.Scope + + def unique_admin_email, do: "admin#{System.unique_integer()}@example.com" + def valid_admin_password, do: "hello world!" + + def valid_admin_attributes(attrs \\ %{}) do + Enum.into(attrs, %{ + email: unique_admin_email() + }) + end + + def unconfirmed_admin_fixture(attrs \\ %{}) do + {:ok, admin} = + attrs + |> valid_admin_attributes() + |> Admins.register_admin() + + admin + end + + def admin_fixture(attrs \\ %{}) do + admin = unconfirmed_admin_fixture(attrs) + + token = + extract_admin_token(fn url -> + Admins.deliver_login_instructions(admin, url) + end) + + {:ok, {admin, _expired_tokens}} = + Admins.login_admin_by_magic_link(token) + + admin + end + + def admin_scope_fixture do + admin = admin_fixture() + admin_scope_fixture(admin) + end + + def admin_scope_fixture(admin) do + Scope.for_admin(admin) + end + + def set_password(admin) do + {:ok, {admin, _expired_tokens}} = + Admins.update_admin_password(admin, %{password: valid_admin_password()}) + + admin + end + + def extract_admin_token(fun) do + {:ok, captured_email} = fun.(&"[TOKEN]#{&1}[TOKEN]") + [_, token | _] = String.split(captured_email.text_body, "[TOKEN]") + token + end + + def override_token_authenticated_at(token, authenticated_at) when is_binary(token) do + BeetRoundServer.Repo.update_all( + from(t in Admins.AdminToken, + where: t.token == ^token + ), + set: [authenticated_at: authenticated_at] + ) + end + + def generate_admin_magic_link_token(admin) do + {encoded_token, admin_token} = Admins.AdminToken.build_email_token(admin, "login") + BeetRoundServer.Repo.insert!(admin_token) + {encoded_token, admin_token.token} + end + + def offset_admin_token(token, amount_to_add, unit) do + dt = DateTime.add(DateTime.utc_now(:second), amount_to_add, unit) + + BeetRoundServer.Repo.update_all( + from(ut in Admins.AdminToken, where: ut.token == ^token), + set: [inserted_at: dt, authenticated_at: dt] + ) + end +end