forked from shibao/cannery
improve invites, record usage
This commit is contained in:
63
lib/cannery/accounts/invite.ex
Normal file
63
lib/cannery/accounts/invite.ex
Normal file
@ -0,0 +1,63 @@
|
||||
defmodule Cannery.Accounts.Invite do
|
||||
@moduledoc """
|
||||
An invite, created by an admin to allow someone to join their instance. An
|
||||
invite can be enabled or disabled, and can have an optional number of uses if
|
||||
`:uses_left` is defined.
|
||||
"""
|
||||
|
||||
use Ecto.Schema
|
||||
import Ecto.Changeset
|
||||
alias Cannery.Accounts.User
|
||||
alias Ecto.{Association, Changeset, UUID}
|
||||
|
||||
@primary_key {:id, :binary_id, autogenerate: true}
|
||||
@foreign_key_type :binary_id
|
||||
schema "invites" do
|
||||
field :name, :string
|
||||
field :token, :string
|
||||
field :uses_left, :integer, default: nil
|
||||
field :disabled_at, :naive_datetime
|
||||
|
||||
belongs_to :created_by, User
|
||||
|
||||
has_many :users, User
|
||||
|
||||
timestamps()
|
||||
end
|
||||
|
||||
@type t :: %__MODULE__{
|
||||
id: id(),
|
||||
name: String.t(),
|
||||
token: token(),
|
||||
uses_left: integer() | nil,
|
||||
disabled_at: NaiveDateTime.t(),
|
||||
created_by: User.t() | nil | Association.NotLoaded.t(),
|
||||
created_by_id: User.id() | nil,
|
||||
users: [User.t()] | Association.NotLoaded.t(),
|
||||
inserted_at: NaiveDateTime.t(),
|
||||
updated_at: NaiveDateTime.t()
|
||||
}
|
||||
@type new_invite :: %__MODULE__{}
|
||||
@type id :: UUID.t()
|
||||
@type changeset :: Changeset.t(t() | new_invite())
|
||||
@type token :: String.t()
|
||||
|
||||
@doc false
|
||||
@spec create_changeset(User.t(), token(), attrs :: map()) :: changeset()
|
||||
def create_changeset(%User{id: user_id}, token, attrs) do
|
||||
%__MODULE__{}
|
||||
|> change(token: token, created_by_id: user_id)
|
||||
|> cast(attrs, [:name, :uses_left, :disabled_at])
|
||||
|> validate_required([:name, :token, :created_by_id])
|
||||
|> validate_number(:uses_left, greater_than_or_equal_to: 0)
|
||||
end
|
||||
|
||||
@doc false
|
||||
@spec update_changeset(t() | new_invite(), attrs :: map()) :: changeset()
|
||||
def update_changeset(invite, attrs) do
|
||||
invite
|
||||
|> cast(attrs, [:name, :uses_left, :disabled_at])
|
||||
|> validate_required([:name])
|
||||
|> validate_number(:uses_left, greater_than_or_equal_to: 0)
|
||||
end
|
||||
end
|
||||
196
lib/cannery/accounts/invites.ex
Normal file
196
lib/cannery/accounts/invites.ex
Normal file
@ -0,0 +1,196 @@
|
||||
defmodule Cannery.Accounts.Invites do
|
||||
@moduledoc """
|
||||
The Invites context.
|
||||
"""
|
||||
|
||||
import Ecto.Query, warn: false
|
||||
alias Ecto.Multi
|
||||
alias Cannery.Accounts.{Invite, User}
|
||||
alias Cannery.Repo
|
||||
|
||||
@invite_token_length 20
|
||||
|
||||
@doc """
|
||||
Returns the list of invites.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> list_invites(%User{id: 123, role: :admin})
|
||||
[%Invite{}, ...]
|
||||
|
||||
"""
|
||||
@spec list_invites(User.t()) :: [Invite.t()]
|
||||
def list_invites(%User{role: :admin}) do
|
||||
Repo.all(from i in Invite, order_by: i.name)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Gets a single invite for a user
|
||||
|
||||
Raises `Ecto.NoResultsError` if the Invite does not exist.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> get_invite!(123, %User{id: 123, role: :admin})
|
||||
%Invite{}
|
||||
|
||||
> get_invite!(456, %User{id: 123, role: :admin})
|
||||
** (Ecto.NoResultsError)
|
||||
|
||||
"""
|
||||
@spec get_invite!(Invite.id(), User.t()) :: Invite.t()
|
||||
def get_invite!(id, %User{role: :admin}) do
|
||||
Repo.get!(Invite, id)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Returns if an invite token is still valid
|
||||
|
||||
## Examples
|
||||
|
||||
iex> valid_invite_token?("valid_token")
|
||||
%Invite{}
|
||||
|
||||
iex> valid_invite_token?("invalid_token")
|
||||
nil
|
||||
"""
|
||||
@spec valid_invite_token?(Invite.token() | nil) :: boolean()
|
||||
def valid_invite_token?(token) when token in [nil, ""], do: false
|
||||
|
||||
def valid_invite_token?(token) do
|
||||
Repo.exists?(
|
||||
from i in Invite,
|
||||
where: i.token == ^token,
|
||||
where: i.disabled_at |> is_nil()
|
||||
)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Uses invite by decrementing uses_left, or marks invite invalid if it's been
|
||||
completely used.
|
||||
"""
|
||||
@spec use_invite(Invite.token()) :: {:ok, Invite.t()} | {:error, :invalid_token}
|
||||
def use_invite(invite_token) do
|
||||
Multi.new()
|
||||
|> Multi.run(:invite, fn _changes_so_far, _repo ->
|
||||
invite_token |> get_invite_by_token()
|
||||
end)
|
||||
|> Multi.update(:decrement_invite, fn %{invite: invite} ->
|
||||
decrement_invite_changeset(invite)
|
||||
end)
|
||||
|> Repo.transaction()
|
||||
|> case do
|
||||
{:ok, %{decrement_invite: invite}} -> {:ok, invite}
|
||||
{:error, :invite, :invalid_token, _changes_so_far} -> {:error, :invalid_token}
|
||||
end
|
||||
end
|
||||
|
||||
@spec get_invite_by_token(Invite.token()) :: {:ok, Invite.t()} | {:error, :invalid_token}
|
||||
defp get_invite_by_token(token) do
|
||||
Repo.one(
|
||||
from i in Invite,
|
||||
where: i.token == ^token,
|
||||
where: i.disabled_at |> is_nil()
|
||||
)
|
||||
|> case do
|
||||
nil -> {:error, :invalid_token}
|
||||
invite -> {:ok, invite}
|
||||
end
|
||||
end
|
||||
|
||||
@spec get_use_count(Invite.t(), User.t()) :: non_neg_integer()
|
||||
def get_use_count(%Invite{id: invite_id}, %User{role: :admin}) do
|
||||
Repo.one(
|
||||
from u in User,
|
||||
where: u.invite_id == ^invite_id,
|
||||
select: count(u.id)
|
||||
)
|
||||
end
|
||||
|
||||
@spec decrement_invite_changeset(Invite.t()) :: Invite.changeset()
|
||||
defp decrement_invite_changeset(%Invite{uses_left: nil} = invite) do
|
||||
invite |> Invite.update_changeset(%{})
|
||||
end
|
||||
|
||||
defp decrement_invite_changeset(%Invite{uses_left: 1} = invite) do
|
||||
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
|
||||
invite |> Invite.update_changeset(%{uses_left: 0, disabled_at: now})
|
||||
end
|
||||
|
||||
defp decrement_invite_changeset(%Invite{uses_left: uses_left} = invite) do
|
||||
invite |> Invite.update_changeset(%{uses_left: uses_left - 1})
|
||||
end
|
||||
|
||||
@doc """
|
||||
Creates a invite.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> create_invite(%User{id: 123, role: :admin}, %{field: value})
|
||||
{:ok, %Invite{}}
|
||||
|
||||
iex> create_invite(%User{id: 123, role: :admin}, %{field: bad_value})
|
||||
{:error, %Changeset{}}
|
||||
|
||||
"""
|
||||
@spec create_invite(User.t(), attrs :: map()) ::
|
||||
{:ok, Invite.t()} | {:error, Invite.changeset()}
|
||||
def create_invite(%User{role: :admin} = user, attrs) do
|
||||
token =
|
||||
:crypto.strong_rand_bytes(@invite_token_length)
|
||||
|> Base.url_encode64()
|
||||
|> binary_part(0, @invite_token_length)
|
||||
|
||||
Invite.create_changeset(user, token, attrs) |> Repo.insert()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Updates a invite.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> update_invite(invite, %{field: new_value}, %User{id: 123, role: :admin})
|
||||
{:ok, %Invite{}}
|
||||
|
||||
iex> update_invite(invite, %{field: bad_value}, %User{id: 123, role: :admin})
|
||||
{:error, %Changeset{}}
|
||||
|
||||
"""
|
||||
@spec update_invite(Invite.t(), attrs :: map(), User.t()) ::
|
||||
{:ok, Invite.t()} | {:error, Invite.changeset()}
|
||||
def update_invite(invite, attrs, %User{role: :admin}) do
|
||||
invite |> Invite.update_changeset(attrs) |> Repo.update()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Deletes a invite.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> delete_invite(invite, %User{id: 123, role: :admin})
|
||||
{:ok, %Invite{}}
|
||||
|
||||
iex> delete_invite(invite, %User{id: 123, role: :admin})
|
||||
{:error, %Changeset{}}
|
||||
|
||||
"""
|
||||
@spec delete_invite(Invite.t(), User.t()) ::
|
||||
{:ok, Invite.t()} | {:error, Invite.changeset()}
|
||||
def delete_invite(invite, %User{role: :admin}) do
|
||||
invite |> Repo.delete()
|
||||
end
|
||||
|
||||
@doc """
|
||||
Deletes a invite.
|
||||
|
||||
## Examples
|
||||
|
||||
iex> delete_invite(invite, %User{id: 123, role: :admin})
|
||||
%Invite{}
|
||||
|
||||
"""
|
||||
@spec delete_invite!(Invite.t(), User.t()) :: Invite.t()
|
||||
def delete_invite!(invite, %User{role: :admin}) do
|
||||
invite |> Repo.delete!()
|
||||
end
|
||||
end
|
||||
@ -1,13 +1,13 @@
|
||||
defmodule Cannery.Accounts.User do
|
||||
@moduledoc """
|
||||
A cannery user
|
||||
A Cannery user
|
||||
"""
|
||||
|
||||
use Ecto.Schema
|
||||
import Ecto.Changeset
|
||||
import CanneryWeb.Gettext
|
||||
alias Ecto.{Changeset, UUID}
|
||||
alias Cannery.{Accounts.User, Invites.Invite}
|
||||
alias Ecto.{Association, Changeset, UUID}
|
||||
alias Cannery.Accounts.{Invite, User}
|
||||
|
||||
@derive {Jason.Encoder,
|
||||
only: [
|
||||
@ -15,7 +15,9 @@ defmodule Cannery.Accounts.User do
|
||||
:email,
|
||||
:confirmed_at,
|
||||
:role,
|
||||
:locale
|
||||
:locale,
|
||||
:inserted_at,
|
||||
:updated_at
|
||||
]}
|
||||
@derive {Inspect, except: [:password]}
|
||||
@primary_key {:id, :binary_id, autogenerate: true}
|
||||
@ -28,7 +30,9 @@ defmodule Cannery.Accounts.User do
|
||||
field :role, Ecto.Enum, values: [:admin, :user], default: :user
|
||||
field :locale, :string
|
||||
|
||||
has_many :invites, Invite, on_delete: :delete_all
|
||||
has_many :created_invites, Invite, foreign_key: :created_by_id
|
||||
|
||||
belongs_to :invite, Invite
|
||||
|
||||
timestamps()
|
||||
end
|
||||
@ -41,7 +45,9 @@ defmodule Cannery.Accounts.User do
|
||||
confirmed_at: NaiveDateTime.t(),
|
||||
role: role(),
|
||||
locale: String.t() | nil,
|
||||
invites: [Invite.t()],
|
||||
created_invites: [Invite.t()] | Association.NotLoaded.t(),
|
||||
invite: Invite.t() | nil | Association.NotLoaded.t(),
|
||||
invite_id: Invite.id() | nil,
|
||||
inserted_at: NaiveDateTime.t(),
|
||||
updated_at: NaiveDateTime.t()
|
||||
}
|
||||
@ -67,11 +73,12 @@ defmodule Cannery.Accounts.User do
|
||||
validations on a LiveView form), this option can be set to `false`.
|
||||
Defaults to `true`.
|
||||
"""
|
||||
@spec registration_changeset(attrs :: map()) :: changeset()
|
||||
@spec registration_changeset(attrs :: map(), opts :: keyword()) :: changeset()
|
||||
def registration_changeset(attrs, opts \\ []) do
|
||||
@spec registration_changeset(attrs :: map(), Invite.t() | nil) :: changeset()
|
||||
@spec registration_changeset(attrs :: map(), Invite.t() | nil, opts :: keyword()) :: changeset()
|
||||
def registration_changeset(attrs, invite, opts \\ []) do
|
||||
%User{}
|
||||
|> cast(attrs, [:email, :password, :locale])
|
||||
|> put_change(:invite_id, if(invite, do: invite.id))
|
||||
|> validate_email()
|
||||
|> validate_password(opts)
|
||||
end
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
defmodule Cannery.Accounts.UserToken do
|
||||
@moduledoc """
|
||||
Schema for serialized user session and authentication tokens
|
||||
Schema for a user's session token
|
||||
"""
|
||||
|
||||
use Ecto.Schema
|
||||
import Ecto.Query
|
||||
alias Ecto.{Query, UUID}
|
||||
alias Cannery.{Accounts.User, Accounts.UserToken}
|
||||
alias Cannery.Accounts.User
|
||||
alias Ecto.{Association, UUID}
|
||||
|
||||
@hash_algorithm :sha256
|
||||
@rand_size 32
|
||||
@ -30,27 +30,27 @@ defmodule Cannery.Accounts.UserToken do
|
||||
timestamps(updated_at: false)
|
||||
end
|
||||
|
||||
@type t :: %UserToken{
|
||||
@type t :: %__MODULE__{
|
||||
id: id(),
|
||||
token: String.t(),
|
||||
token: token(),
|
||||
context: String.t(),
|
||||
sent_to: String.t(),
|
||||
user: User.t(),
|
||||
user_id: User.id(),
|
||||
user: User.t() | Association.NotLoaded.t(),
|
||||
user_id: User.id() | nil,
|
||||
inserted_at: NaiveDateTime.t()
|
||||
}
|
||||
@type new_token :: %UserToken{}
|
||||
@type new_user_token :: %__MODULE__{}
|
||||
@type id :: UUID.t()
|
||||
@type token :: binary()
|
||||
|
||||
@doc """
|
||||
Generates a token that will be stored in a signed place,
|
||||
such as session or cookie. As they are signed, those
|
||||
tokens do not need to be hashed.
|
||||
"""
|
||||
@spec build_session_token(User.t()) :: {token :: String.t(), new_token()}
|
||||
def build_session_token(%{id: user_id}) do
|
||||
def build_session_token(user) do
|
||||
token = :crypto.strong_rand_bytes(@rand_size)
|
||||
{token, %UserToken{token: token, context: "session", user_id: user_id}}
|
||||
{token, %__MODULE__{token: token, context: "session", user_id: user.id}}
|
||||
end
|
||||
|
||||
@doc """
|
||||
@ -58,7 +58,6 @@ defmodule Cannery.Accounts.UserToken do
|
||||
|
||||
The query returns the user found by the token.
|
||||
"""
|
||||
@spec verify_session_token_query(token :: String.t()) :: {:ok, Query.t()}
|
||||
def verify_session_token_query(token) do
|
||||
query =
|
||||
from token in token_and_context_query(token, "session"),
|
||||
@ -77,19 +76,16 @@ defmodule Cannery.Accounts.UserToken do
|
||||
The token is valid for a week as long as users don't change
|
||||
their email.
|
||||
"""
|
||||
@spec build_email_token(User.t(), context :: String.t()) :: {token :: String.t(), new_token()}
|
||||
def build_email_token(user, context) do
|
||||
build_hashed_token(user, context, user.email)
|
||||
end
|
||||
|
||||
@spec build_hashed_token(User.t(), String.t(), String.t()) ::
|
||||
{String.t(), new_token()}
|
||||
defp build_hashed_token(user, context, sent_to) do
|
||||
token = :crypto.strong_rand_bytes(@rand_size)
|
||||
hashed_token = :crypto.hash(@hash_algorithm, token)
|
||||
|
||||
{Base.url_encode64(token, padding: false),
|
||||
%UserToken{
|
||||
%__MODULE__{
|
||||
token: hashed_token,
|
||||
context: context,
|
||||
sent_to: sent_to,
|
||||
@ -102,8 +98,6 @@ defmodule Cannery.Accounts.UserToken do
|
||||
|
||||
The query returns the user found by the token.
|
||||
"""
|
||||
@spec verify_email_token_query(token :: String.t(), context :: String.t()) ::
|
||||
{:ok, Query.t()} | :error
|
||||
def verify_email_token_query(token, context) do
|
||||
case Base.url_decode64(token, padding: false) do
|
||||
{:ok, decoded_token} ->
|
||||
@ -123,7 +117,6 @@ defmodule Cannery.Accounts.UserToken do
|
||||
end
|
||||
end
|
||||
|
||||
@spec days_for_context(context :: <<_::56>>) :: non_neg_integer()
|
||||
defp days_for_context("confirm"), do: @confirm_validity_in_days
|
||||
defp days_for_context("reset_password"), do: @reset_password_validity_in_days
|
||||
|
||||
@ -132,8 +125,6 @@ defmodule Cannery.Accounts.UserToken do
|
||||
|
||||
The query returns the user token record.
|
||||
"""
|
||||
@spec verify_change_email_token_query(token :: String.t(), context :: String.t()) ::
|
||||
{:ok, Query.t()} | :error
|
||||
def verify_change_email_token_query(token, context) do
|
||||
case Base.url_decode64(token, padding: false) do
|
||||
{:ok, decoded_token} ->
|
||||
@ -153,21 +144,18 @@ defmodule Cannery.Accounts.UserToken do
|
||||
@doc """
|
||||
Returns the given token with the given context.
|
||||
"""
|
||||
@spec token_and_context_query(token :: String.t(), context :: String.t()) :: Query.t()
|
||||
def token_and_context_query(token, context) do
|
||||
from UserToken, where: [token: ^token, context: ^context]
|
||||
from __MODULE__, where: [token: ^token, context: ^context]
|
||||
end
|
||||
|
||||
@doc """
|
||||
Gets all tokens for the given user for the given contexts.
|
||||
"""
|
||||
@spec user_and_contexts_query(User.t(), contexts :: :all | nonempty_maybe_improper_list()) ::
|
||||
Query.t()
|
||||
def user_and_contexts_query(%{id: user_id}, :all) do
|
||||
from t in UserToken, where: t.user_id == ^user_id
|
||||
def user_and_contexts_query(user, :all) do
|
||||
from t in __MODULE__, where: t.user_id == ^user.id
|
||||
end
|
||||
|
||||
def user_and_contexts_query(%{id: user_id}, [_ | _] = contexts) do
|
||||
from t in UserToken, where: t.user_id == ^user_id and t.context in ^contexts
|
||||
def user_and_contexts_query(user, [_ | _] = contexts) do
|
||||
from t in __MODULE__, where: t.user_id == ^user.id and t.context in ^contexts
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user