frenzy/lib/frenzy_web/controllers/login_controller.ex

defmodule FrenzyWeb.LoginController do
  use FrenzyWeb, :controller
  alias Frenzy.{Repo, User}
  alias FrenzyWeb.Endpoint

  if Frenzy.oidc_enabled?() do
    plug Ueberauth
  end

  def login(conn, params) do
    conn
    |> put_session(:continue_path, Map.get(params, "continue"))
    |> render("login.html", %{
      oidc_enabled?: Frenzy.oidc_enabled?()
    })
  end

  def login_post(conn, %{"username" => username, "password" => password}) do
    user = Repo.get_by(User, username: username)

    case Bcrypt.check_pass(user, password) do
      {:ok, user} ->
        put_user_and_redirect(conn, user)

      {:error, _reason} ->
        conn
        |> put_flash(:error, "Invalid username or password.")
        |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
    end
  end

  def logout(conn, _params) do
    conn
    |> put_flash(:info, "Logged out.")
    |> clear_session()
    |> redirect(to: "/")
  end

  def ueberauth_callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
    conn
    |> put_flash(:error, "Failed to authenticate.")
    |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
  end

  def ueberauth_callback(
        %{assigns: %{ueberauth_auth: %{credentials: %{other: %{user_info: %{"sub" => subject}}}}}} =
          conn,
        _params
      ) do
    case Repo.get_by(User, oidc_subject: subject) do
      nil ->
        conn = FrenzyWeb.Plug.Authenticate.call(conn, nil)

        case conn.assigns.user do
          %User{} = user ->
            changeset = User.set_oidc_subject_changeset(user, %{oidc_subject: subject})
            {:ok, _user} = Repo.update(changeset)

            conn
            |> put_flash(:info, "Successfully linked OIDC.")
            |> redirect(to: continue_path(conn))

          _ ->
            # TODO: register new user for subject
            conn
            |> put_flash(:error, "No matching OIDC subject.")
            |> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))
        end

      user ->
        put_user_and_redirect(conn, user)
    end
  end

  defp continue_path(conn) do
    get_session(conn, :continue_path) || Routes.group_path(Endpoint, :index)
  end

  defp put_user_and_redirect(conn, user) do
    user_token = Phoenix.Token.sign(Endpoint, "user token", user.id)

    conn
    |> put_session(:user_token, user_token)
    |> redirect(to: continue_path(conn))
  end
end
Add authentication for web UI 2019-03-23 23:42:38 +00:00			`defmodule FrenzyWeb.LoginController do`
			`use FrenzyWeb, :controller`
			`alias Frenzy.{Repo, User}`
			`alias FrenzyWeb.Endpoint`

Add OIDC login 2023-06-25 22:19:11 +00:00			`if Frenzy.oidc_enabled?() do`
			`plug Ueberauth`
			`end`

OAuth implementation 2019-03-28 21:11:25 +00:00			`def login(conn, params) do`
Add OIDC login 2023-06-25 22:19:11 +00:00			`conn`
			`\|> put_session(:continue_path, Map.get(params, "continue"))`
			`\|> render("login.html", %{`
			`oidc_enabled?: Frenzy.oidc_enabled?()`
OAuth implementation 2019-03-28 21:11:25 +00:00			`})`
Add authentication for web UI 2019-03-23 23:42:38 +00:00			`end`

Fix unused binding warnings 2023-12-04 02:28:24 +00:00			`def login_post(conn, %{"username" => username, "password" => password}) do`
Add authentication for web UI 2019-03-23 23:42:38 +00:00			`user = Repo.get_by(User, username: username)`

			`case Bcrypt.check_pass(user, password) do`
			`{:ok, user} ->`
Add OIDC login 2023-06-25 22:19:11 +00:00			`put_user_and_redirect(conn, user)`
Add authentication for web UI 2019-03-23 23:42:38 +00:00
			`{:error, _reason} ->`
			`conn`
Add logging out 2019-04-01 15:34:26 +00:00			`\|> put_flash(:error, "Invalid username or password.")`
Add OIDC login 2023-06-25 22:19:11 +00:00			`\|> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))`
Add authentication for web UI 2019-03-23 23:42:38 +00:00			`end`
			`end`
Add logging out 2019-04-01 15:34:26 +00:00
Fix warnings 2020-06-07 15:14:01 +00:00			`def logout(conn, _params) do`
Add logging out 2019-04-01 15:34:26 +00:00			`conn`
			`\|> put_flash(:info, "Logged out.")`
			`\|> clear_session()`
			`\|> redirect(to: "/")`
			`end`
Add OIDC login 2023-06-25 22:19:11 +00:00
			`def ueberauth_callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do`
			`conn`
			`\|> put_flash(:error, "Failed to authenticate.")`
			`\|> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))`
			`end`

			`def ueberauth_callback(`
			`%{assigns: %{ueberauth_auth: %{credentials: %{other: %{user_info: %{"sub" => subject}}}}}} =`
			`conn,`
			`_params`
			`) do`
			`case Repo.get_by(User, oidc_subject: subject) do`
			`nil ->`
			`conn = FrenzyWeb.Plug.Authenticate.call(conn, nil)`

			`case conn.assigns.user do`
			`%User{} = user ->`
			`changeset = User.set_oidc_subject_changeset(user, %{oidc_subject: subject})`
Fix unused binding warnings 2023-12-04 02:28:24 +00:00			`{:ok, _user} = Repo.update(changeset)`
Add OIDC login 2023-06-25 22:19:11 +00:00
			`conn`
			`\|> put_flash(:info, "Successfully linked OIDC.")`
			`\|> redirect(to: continue_path(conn))`

			`_ ->`
			`# TODO: register new user for subject`
			`conn`
			`\|> put_flash(:error, "No matching OIDC subject.")`
			`\|> redirect(to: Routes.login_path(Endpoint, :login, continue: continue_path(conn)))`
			`end`

			`user ->`
			`put_user_and_redirect(conn, user)`
			`end`
			`end`

			`defp continue_path(conn) do`
			`get_session(conn, :continue_path) \|\| Routes.group_path(Endpoint, :index)`
			`end`

			`defp put_user_and_redirect(conn, user) do`
			`user_token = Phoenix.Token.sign(Endpoint, "user token", user.id)`

			`conn`
			`\|> put_session(:user_token, user_token)`
			`\|> redirect(to: continue_path(conn))`
			`end`
Add authentication for web UI 2019-03-23 23:42:38 +00:00			`end`