AshAuthentication.Validations (ash_authentication v4.14.1)

View Source

Common validations shared by several transformers.

Summary

Functions

find_attribute(dsl_state, attribute_name)

Find and return a named attribute in the DSL state.

maybe_build_attribute(dsl_state, attribute_name, builder)

Build an attribute if not present.

oauth2_strategy_warnings(strategy, dsl_state)

Collect compile-time warnings for an OAuth2/OIDC strategy.

persisted_option(dsl_state, option)

Find and return a persisted option in the DSL state.

validate_behaviour(module, behaviour)

Ensure that the named module implements a specific behaviour.

validate_extension(dsl_state, extension)

Validates that extension is present on the resource.

validate_field_in_values(map, field, values)

Given a map validate that the provided field is one of the values provided.

validate_field_with(map, field, predicate, message \\ nil)

Given a map, validate that the provided field predicate returns true for the value.

validate_secret(strategy, option, allowed_extras \\ [])

Validate that a "secret" field is configured correctly.

validate_token_generation_enabled(dsl_state, message)

Ensure that token generation is enabled for the resource.

Functions

find_attribute(dsl_state, attribute_name)

@spec find_attribute(Spark.Dsl.t(), atom()) ::
  {:ok, Ash.Resource.Attribute.t()} | {:error, Exception.t()}

Find and return a named attribute in the DSL state.

maybe_build_attribute(dsl_state, attribute_name, builder)

@spec maybe_build_attribute(Spark.Dsl.t(), atom(), (Spark.Dsl.t() ->
                                                {:ok,
                                                 Ash.Resource.Attribute.t()})) ::
  {:ok, Spark.Dsl.t()}

Build an attribute if not present.

oauth2_strategy_warnings(strategy, dsl_state)

@spec oauth2_strategy_warnings(
  struct(),
  Spark.Dsl.t() | map()
) :: :ok | {:warn, [String.t()]}

Collect compile-time warnings for an OAuth2/OIDC strategy.

Returns {:warn, messages} (so the configuration still compiles) for the following safety issues:

  • No identity_resource is configured. Matching a local user by their email address (or any other provider-supplied claim) is not safe: per the OpenID Connect Core specification only the iss/sub claims uniquely and stably identify an end-user, and the identity resource is where those are persisted. This will become a hard requirement in a future release.

  • The provider's email_verified claim is not trusted (trust_email_verified? is false) and no confirmation add-on is configured. Accounts created via this strategy would carry an unverified email address with no way to verify ownership.

persisted_option(dsl_state, option)

@spec persisted_option(Spark.Dsl.t(), atom()) ::
  {:ok, any()} | {:error, {:unknown_persisted, atom()}}

Find and return a persisted option in the DSL state.

validate_behaviour(module, behaviour)

@spec validate_behaviour(module(), module()) :: :ok | {:error, Exception.t()}

Ensure that the named module implements a specific behaviour.

validate_extension(dsl_state, extension)

@spec validate_extension(Spark.Dsl.t(), module()) :: :ok | {:error, Exception.t()}

Validates that extension is present on the resource.

validate_field_in_values(map, field, values)

@spec validate_field_in_values(map(), any(), [any()]) :: :ok | {:error, String.t()}

Given a map validate that the provided field is one of the values provided.

validate_field_with(map, field, predicate, message \\ nil)

@spec validate_field_with(map(), field, (any() -> boolean()), message) ::
  :ok | {:error, message}
when field: any(), message: any()

Given a map, validate that the provided field predicate returns true for the value.

validate_secret(strategy, option, allowed_extras \\ [])

Validate that a "secret" field is configured correctly.

validate_token_generation_enabled(dsl_state, message)

@spec validate_token_generation_enabled(Spark.Dsl.t(), binary()) ::
  :ok | {:error, Exception.t()}

Ensure that token generation is enabled for the resource.