Merge pull request #239 from pow-auth/fix-verified-routes-handling

Fix verified routes handling
pow-auth · Mar 28, 2023 · e534f2d · e534f2d
2 parents c637e6b + ce6b08a
commit e534f2d
Show file tree

Hide file tree

Showing 14 changed files with 121 additions and 90 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@
 
 * [`PowAssent.Phoenix.AuthorizationController`] Now logs error for when user can't be created
 
+### Bug fixes
+
+* [`PowAssent.Phoenix.AuthorizationController`] Fixed bug where registration path couldn't be found due to no route helpers
+
 ## v0.4.16 (2023-03-21)
 
 Now uses Phoenix 1.7 components templating and requires Pow 1.0.29.

diff --git a/README.md b/README.md
@@ -85,12 +85,11 @@ WEB_PATH/router.ex
 Run migrations with `mix setup`. The following routes will be available in your app:
 
 ```elixir
-pow_assent_post_authorization_path  POST    /auth/:provider/callback     PowAssent.Phoenix.AuthorizationController :callback
-pow_assent_authorization_path       GET     /auth/:provider/new          PowAssent.Phoenix.AuthorizationController :new
-pow_assent_authorization_path       DELETE  /auth/:provider              PowAssent.Phoenix.AuthorizationController :delete
-pow_assent_authorization_path       GET     /auth/:provider/callback     PowAssent.Phoenix.AuthorizationController :callback
-pow_assent_registration_path        GET     /auth/:provider/add-user-id  PowAssent.Phoenix.RegistrationController  :add_user_id
-pow_assent_registration_path        POST    /auth/:provider/create       PowAssent.Phoenix.RegistrationController  :create
+GET     /auth/:provider/new                    PowAssent.Phoenix.AuthorizationController :new
+DELETE  /auth/:provider                        PowAssent.Phoenix.AuthorizationController :delete
+GET     /auth/:provider/callback               PowAssent.Phoenix.AuthorizationController :callback
+GET     /auth/:provider/add-user-id            PowAssent.Phoenix.RegistrationController :add_user_id
+POST    /auth/:provider/create                 PowAssent.Phoenix.RegistrationController :create
 ```
 
 ### Modified Pow templates
@@ -362,7 +361,7 @@ You can enable the reauthorization plug in your `WEB_PATH/router.ex` by adding i
 
 ```elixir
 defmodule MyAppWeb.Router do
-  use Phoenix.Router
+  use MyAppWeb, :router
   # ...
 
   pipeline :browser do
@@ -383,7 +382,7 @@ You can also enable `PowPersistentSession` by using the `PowAssent.Plug.put_crea
 
 ```elixir
 defmodule MyAppWeb.Router do
-  use Phoenix.Router
+  use MyAppWeb, :router
   # ...
 
   pipeline :browser do

diff --git a/guides/api.md b/guides/api.md
@@ -127,15 +127,15 @@ defmodule MyAppWeb.API.V1.AuthorizationControllerTest do
 
   describe "new/2" do
     test "with valid config", %{conn: conn} do
-      conn = get conn, Routes.api_v1_authorization_path(conn, :new, :test_provider)
+      conn = get(conn, ~p"/api/v1/auth/test_provider/new")
 
       assert json = json_response(conn, 200)
       assert json["data"]["url"] == "https://provider.example.com/oauth/authorize"
       assert json["data"]["session_params"] == %{"a" => 1}
     end
 
     test "with error", %{conn: conn} do
-      conn = get conn, Routes.api_v1_authorization_path(conn, :new, :invalid_test_provider)
+      conn = get(conn, ~p"/api/v1/auth/invalid_test_provider/new")
 
       assert json = json_response(conn, 500)
       assert json["error"]["message"] == "An unexpected error occurred"
@@ -148,15 +148,15 @@ defmodule MyAppWeb.API.V1.AuthorizationControllerTest do
     @invalid_params %{"code" => "invalid", "session_params" => %{"a" => 2}}
 
     test "with valid params", %{conn: conn} do
-      conn = post conn, Routes.api_v1_authorization_path(conn, :callback, :test_provider, @valid_params)
+      conn = post(conn, ~p"/api/v1/auth/test_provider/callback?#{@valid_params}")
 
       assert json = json_response(conn, 200)
       assert json["data"]["access_token"]
       assert json["data"]["renewal_token"]
     end
 
     test "with invalid params", %{conn: conn} do
-      conn = post conn, Routes.api_v1_authorization_path(conn, :callback, :test_provider, @invalid_params)
+      conn = post(conn, ~p"/api/v1/auth/test_provider/callback?#{@invalid_params}")
 
       assert json = json_response(conn, 500)
       assert json["error"]["message"] == "An unexpected error occurred"

diff --git a/guides/dynamic_strategy_configuration.md b/guides/dynamic_strategy_configuration.md
@@ -121,10 +121,10 @@ defmodule MyAppWeb.Router do
 end
 ```
 
-Now you can generate the authorization url with the `google_drive=true` query to enable `drive.file` permission:
+Now you can use the authorization url with the `google_drive=true` query to enable `drive.file` permission:
 
 ```elixir
-Routes.pow_assent_authorization_path(conn, :new, :google, google_drive: true)
+~p"/auth/google/new?#{[google_drive: true]}"
 ```
 
 You can add any number of additional optional scopes to the plug.
@@ -143,14 +143,14 @@ defmodule MyAppWeb.PowAssentGoogleIncrementalAuthPlugTest do
   @plug_opts []
 
   test "call/2 without additional scopes", %{conn: conn} do
-    conn = run_plug(Routes.pow_assent_authorization_path(conn, :new, @provider))
+    conn = run_plug(~p"/auth/#{@provider}/new")
 
     assert fetch_provider_scope(conn) ==
       "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
   end
 
   test "call/2 with google_drive=true query", %{conn: conn} do
-    conn = run_plug(Routes.pow_assent_authorization_path(conn, :new, @provider, google_drive: true))
+    conn = run_plug(~p"/auth/#{@provider}/new?#{[google_drive: true]}")
 
     opts = PowAssentGoogleIncrementalAuthPlug.init(@plug_opts)
     conn = PowAssentGoogleIncrementalAuthPlug.call(conn, opts)

diff --git a/lib/pow_assent/phoenix/controllers/authorization_controller.ex b/lib/pow_assent/phoenix/controllers/authorization_controller.ex
@@ -190,11 +190,20 @@ defmodule PowAssent.Phoenix.AuthorizationController do
   defp set_registration_option(%{private: %{pow_assent_registration: _any}} = conn, _opts), do: conn
   defp set_registration_option(conn, _opts), do: Conn.put_private(conn, :pow_assent_registration, registration_path?(conn))
 
+  # TODO: Force verified routes when Phoenix 1.7 is required
+  if Code.ensure_loaded?(Phoenix.VerifiedRoutes) do
+  defp registration_path?(conn) do
+    Enum.any?(conn.private.phoenix_router.__routes__(), fn route ->
+      route.plug == RegistrationController and route.plug_opts == :create
+    end)
+  end
+  else
   defp registration_path?(conn) do
     [conn.private.phoenix_router, Helpers]
     |> Module.concat()
     |> function_exported?(:pow_assent_registration_path, 3)
   end
+  end
 
   defp load_user_by_invitation_token(%{private: %{pow_assent_session: %{invitation_token: token}}} = conn, _opts) do
     conn = Plug.delete_session(conn, :invitation_token)

diff --git a/lib/pow_assent/phoenix/controllers/reauthorization_plug_handler.ex b/lib/pow_assent/phoenix/controllers/reauthorization_plug_handler.ex
@@ -61,8 +61,7 @@ defmodule PowAssent.Phoenix.ReauthorizationPlugHandler do
   @doc """
   Checks if the reauthorization should be cleared.
 
-  Returns true when the request path matches
-  `Routes.pow_session_path(conn, :delete)`.
+  Returns true when the request path matches delete session route.
   """
   @spec clear_reauthorization?(Conn.t(), Config.t()) :: boolean()
   def clear_reauthorization?(conn, config) do