analytics/lib/plausible_web/controllers/auth_controller.ex
2020-01-22 16:13:27 +02:00

211 lines
7.9 KiB
Elixir

defmodule PlausibleWeb.AuthController do
use PlausibleWeb, :controller
use Plausible.Repo
alias Plausible.Auth
require Logger
plug PlausibleWeb.RequireLoggedOutPlug when action in [:register_form, :register, :login_form, :login]
plug PlausibleWeb.RequireAccountPlug when action in [:user_settings, :save_settings, :delete_me, :password_form, :set_password]
def register_form(conn, _params) do
changeset = Plausible.Auth.User.changeset(%Plausible.Auth.User{})
render(conn, "register_form.html", changeset: changeset, layout: {PlausibleWeb.LayoutView, "focus.html"})
end
def register(conn, %{"user" => params}) do
user = Plausible.Auth.User.changeset(%Plausible.Auth.User{}, params)
case Ecto.Changeset.apply_action(user, :insert) do
{:ok, user} ->
token = Auth.Token.sign_activation(user.name, user.email)
url = PlausibleWeb.Endpoint.clean_url() <> "/claim-activation?token=#{token}"
Logger.info(url)
email_template = PlausibleWeb.Email.activation_email(user, url)
Plausible.Mailer.deliver_now(email_template)
conn |> render("register_success.html", email: user.email, layout: {PlausibleWeb.LayoutView, "focus.html"})
{:error, changeset} ->
render(conn, "register_form.html", changeset: changeset, layout: {PlausibleWeb.LayoutView, "focus.html"})
end
end
def claim_activation_link(conn, %{"token" => token}) do
case Auth.Token.verify_activation(token) do
{:ok, %{name: name, email: email}} ->
case Auth.create_user(name, email) do
{:ok, user} ->
conn
|> put_session(:current_user_id, user.id)
|> redirect(to: "/password")
{:error, changeset} ->
send_resp(conn, 400, inspect(changeset.errors))
end
{:error, :expired} ->
render_error(conn, 401, "Your token has expired. Please request another activation link.")
{:error, _} ->
render_error(conn, 400, "Your token is invalid. Please request another activation link.")
end
end
def password_reset_request_form(conn, _) do
render(conn, "password_reset_request_form.html", layout: {PlausibleWeb.LayoutView, "focus.html"})
end
def password_reset_request(conn, %{"email" => ""}) do
render(conn, "password_reset_request_form.html", error: "Please enter an email address", layout: {PlausibleWeb.LayoutView, "focus.html"})
end
def password_reset_request(conn, %{"email" => email}) do
user = Repo.get_by(Plausible.Auth.User, email: email)
if user do
token = Auth.Token.sign_password_reset(email)
url = PlausibleWeb.Endpoint.clean_url() <> "/password/reset?token=#{token}"
Logger.debug("PASSWORD RESET LINK: " <> url)
email_template = PlausibleWeb.Email.password_reset_email(email, url)
Plausible.Mailer.deliver_now(email_template)
render(conn, "password_reset_request_success.html", email: email, layout: {PlausibleWeb.LayoutView, "focus.html"})
else
render(conn, "password_reset_request_success.html", email: email, layout: {PlausibleWeb.LayoutView, "focus.html"})
end
end
def password_reset_form(conn, %{"token" => token}) do
case Auth.Token.verify_password_reset(token) do
{:ok, _} ->
render(conn, "password_reset_form.html", token: token, layout: {PlausibleWeb.LayoutView, "focus.html"})
{:error, :expired} ->
render_error(conn, 401, "Your token has expired. Please request another password reset link.")
{:error, _} ->
render_error(conn, 401, "Your token is invalid. Please request another password reset link.")
end
end
def password_reset(conn, %{"token" => token, "password" => pw}) do
case Auth.Token.verify_password_reset(token) do
{:ok, %{email: email}} ->
user = Repo.get_by(Auth.User, email: email)
changeset = Auth.User.set_password(user, pw)
case Repo.update(changeset) do
{:ok, _updated} ->
conn
|> put_flash(:login_title, "Password updated successfully")
|> put_flash(:login_instructions, "Please log in with your new credentials")
|> put_session(:current_user_id, nil)
|> redirect(to: "/login")
{:error, changeset} ->
render(conn, "password_reset_form.html", changeset: changeset, token: token, layout: {PlausibleWeb.LayoutView, "focus.html"})
end
{:error, :expired} ->
render_error(conn, 401, "Your token has expired. Please request another password reset link.")
{:error, _} ->
render_error(conn, 401, "Your token is invalid. Please request another password reset link.")
end
end
def login(conn, %{"email" => email, "password" => password}) do
alias Plausible.Auth.Password
user = Repo.one(
from u in Plausible.Auth.User,
where: u.email == ^email
)
if user do
if Password.match?(password, user.password_hash || "") do
login_dest = get_session(conn, :login_dest) || "/"
conn
|> put_session(:current_user_id, user.id)
|> put_session(:login_dest, nil)
|> redirect(to: login_dest)
else
conn |> render("login_form.html", error: "Wrong email or password. Please try again.", layout: {PlausibleWeb.LayoutView, "focus.html"})
end
else
Password.dummy_calculation()
conn |> render("login_form.html", error: "Wrong email or password. Please try again.", layout: {PlausibleWeb.LayoutView, "focus.html"})
end
end
def login_form(conn, _params) do
render(conn, "login_form.html", layout: {PlausibleWeb.LayoutView, "focus.html"})
end
def password_form(conn, _params) do
render(conn, "password_form.html", layout: {PlausibleWeb.LayoutView, "focus.html"}, skip_plausible_tracking: true)
end
def set_password(conn, %{"password" => pw}) do
changeset = Auth.User.set_password(conn.assigns[:current_user], pw)
case Repo.update(changeset) do
{:ok, _user} ->
redirect(conn, to: "/sites/new")
{:error, changeset} ->
render(conn, "password_form.html", changeset: changeset, layout: {PlausibleWeb.LayoutView, "focus.html"})
end
end
def user_settings(conn, _params) do
changeset = Auth.User.changeset(conn.assigns[:current_user])
subscription = Plausible.Billing.active_subscription_for(conn.assigns[:current_user].id)
render(conn, "user_settings.html", changeset: changeset, subscription: subscription)
end
def save_settings(conn, %{"user" => user_params}) do
changes = Auth.User.changeset(conn.assigns[:current_user], user_params)
case Repo.update(changes) do
{:ok, _user} ->
conn
|> put_flash(:success, "Account settings saved succesfully")
|> redirect(to: "/settings")
{:error, changeset} ->
render(conn, "user_settings.html", changeset: changeset)
end
end
def delete_me(conn, _params) do
user = conn.assigns[:current_user] |> Repo.preload(:sites)
for site_membership <- user.site_memberships do
Repo.delete!(site_membership)
end
for site <- user.sites do
Repo.delete!(site)
end
Repo.delete!(user)
conn
|> configure_session(drop: true)
|> redirect(to: "/")
end
def logout(conn, _params) do
conn
|> configure_session(drop: true)
|> redirect(to: "/")
end
def google_auth_callback(conn, %{"code" => code, "state" => site_id}) do
res = Plausible.Google.Api.fetch_access_token(code)
id_token = res["id_token"]
[_, body, _] = String.split(id_token, ".")
id = body |> Base.decode64!(padding: false) |> Jason.decode!
Plausible.Site.GoogleAuth.changeset(%Plausible.Site.GoogleAuth{}, %{
email: id["email"],
refresh_token: res["refresh_token"],
access_token: res["access_token"],
expires: NaiveDateTime.utc_now() |> NaiveDateTime.add(res["expires_in"]),
user_id: conn.assigns[:current_user].id,
site_id: site_id
}) |> Repo.insert!
site = Repo.get(Plausible.Site, site_id)
redirect(conn, to: "/#{site.domain}/settings#google-auth")
end
end