diff --git a/big_tests/tests/domain_helper.erl b/big_tests/tests/domain_helper.erl index a18e76d1fc..ee60dc0330 100644 --- a/big_tests/tests/domain_helper.erl +++ b/big_tests/tests/domain_helper.erl @@ -4,6 +4,8 @@ delete_configured_domains/0, insert_domain/3, delete_domain/2, + set_domain_password/3, + delete_domain_password/2, make_metrics_prefix/1, host_types/0, host_types/1, @@ -66,6 +68,12 @@ insert_persistent_domain(Node, Domain, HostType) -> delete_persistent_domain(Node, Domain, HostType) -> ok = rpc(Node, mongoose_domain_api, delete_domain, [Domain, HostType]). +set_domain_password(Node, Domain, Password) -> + ok = rpc(Node, mongoose_domain_api, set_domain_password, [Domain, Password]). + +delete_domain_password(Node, Domain) -> + ok = rpc(Node, mongoose_domain_api, delete_domain_password, [Domain]). + for_each_configured_domain(F) -> [for_each_configured_domain(F, Opts) || {_, Opts} <- ct:get_config(hosts)], ok. diff --git a/big_tests/tests/graphql_SUITE.erl b/big_tests/tests/graphql_SUITE.erl index 2424b6f117..cc6e148155 100644 --- a/big_tests/tests/graphql_SUITE.erl +++ b/big_tests/tests/graphql_SUITE.erl @@ -7,28 +7,33 @@ -compile([export_all, nowarn_export_all]). -import(distributed_helper, [mim/0, require_rpc_nodes/1, rpc/4]). --import(graphql_helper, [execute/3]). +-import(graphql_helper, [execute/3, execute_auth/2, execute_domain_auth/2, execute_user/3]). --define(assertAdminAuth(Auth, Data), assert_auth(atom_to_binary(Auth), Data)). +-define(assertAdminAuth(Domain, Type, Auth, Data), + assert_auth(#{<<"domain">> => Domain, + <<"authStatus">> => atom_to_binary(Auth), + <<"authType">> => maybe_atom_to_bin(Type)}, Data)). -define(assertUserAuth(Username, Auth, Data), assert_auth(#{<<"username">> => Username, <<"authStatus">> => atom_to_binary(Auth)}, Data)). - suite() -> require_rpc_nodes([mim]) ++ escalus:suite(). all() -> [{group, cowboy_handler}, {group, admin_handler}, + {group, domain_admin_handler}, {group, user_handler}]. groups() -> [{cowboy_handler, [parallel], cowboy_handler()}, {user_handler, [parallel], user_handler()}, + {domain_admin_handler, [parallel], domain_admin_handler()}, {admin_handler, [parallel], admin_handler()}]. cowboy_handler() -> [can_connect_to_admin, + can_connect_to_domain_admin, can_connect_to_user]. user_handler() -> @@ -37,6 +42,9 @@ user_handler() -> admin_handler() -> [admin_checks_auth, auth_admin_checks_auth | common_tests()]. +domain_admin_handler() -> + [domain_admin_checks_auth, + auth_domain_admin_checks_auth | common_tests()]. common_tests() -> [can_load_graphiql]. @@ -52,14 +60,18 @@ end_per_suite(Config) -> init_per_group(admin_handler, Config) -> graphql_helper:init_admin_handler(Config); +init_per_group(domain_admin_handler, Config) -> + graphql_helper:init_domain_admin_handler(Config); init_per_group(user_handler, Config) -> Config1 = escalus:create_users(Config, escalus:get_users([alice])), [{schema_endpoint, user} | Config1]; -init_per_group(_, Config) -> +init_per_group(cowboy_handler, Config) -> Config. end_per_group(user_handler, Config) -> escalus:delete_users(Config, escalus:get_users([alice])); +end_per_group(domain_admin_handler, Config) -> + graphql_helper:end_domain_admin_handler(Config); end_per_group(_, _Config) -> ok. @@ -72,6 +84,9 @@ end_per_testcase(CaseName, Config) -> can_connect_to_admin(_Config) -> ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(admin, #{}, undefined)). +can_connect_to_domain_admin(_Config) -> + ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(domain_admin, #{}, undefined)). + can_connect_to_user(_Config) -> ?assertMatch({{<<"400">>, <<"Bad Request">>}, _}, execute(user, #{}, undefined)). @@ -83,36 +98,37 @@ can_load_graphiql(Config) -> user_checks_auth(Config) -> Ep = ?config(schema_endpoint, Config), - Body = #{query => "{ checkAuth { username authStatus } }"}, - StatusData = execute(Ep, Body, undefined), + StatusData = execute(Ep, user_check_auth_body(), undefined), ?assertUserAuth(null, 'UNAUTHORIZED', StatusData). auth_user_checks_auth(Config) -> escalus:fresh_story( Config, [{alice, 1}], fun(Alice) -> - Password = user_password(alice), - AliceJID = escalus_client:short_jid(Alice), - Ep = ?config(schema_endpoint, Config), - Body = #{query => "{ checkAuth { username authStatus } }"}, - StatusData = execute(Ep, Body, {AliceJID, Password}), + AliceJID = escalus_utils:jid_to_lower(escalus_client:short_jid(Alice)), + StatusData = execute_user(user_check_auth_body(), Alice, Config), ?assertUserAuth(AliceJID, 'AUTHORIZED', StatusData) end). admin_checks_auth(Config) -> Ep = ?config(schema_endpoint, Config), - Body = #{query => "{ checkAuth }"}, - StatusData = execute(Ep, Body, undefined), - ?assertAdminAuth('UNAUTHORIZED', StatusData). + StatusData = execute(Ep, admin_check_auth_body(), undefined), + ?assertAdminAuth(null, null, 'UNAUTHORIZED', StatusData). auth_admin_checks_auth(Config) -> + StatusData = execute_auth(admin_check_auth_body(), Config), + ?assertAdminAuth(null, 'ADMIN', 'AUTHORIZED', StatusData). + +domain_admin_checks_auth(Config) -> Ep = ?config(schema_endpoint, Config), - Opts = ?config(listener_opts, Config), - User = proplists:get_value(username, Opts), - Password = proplists:get_value(password, Opts), - Body = #{query => "{ checkAuth }"}, - StatusData = execute(Ep, Body, {User, Password}), - ?assertAdminAuth('AUTHORIZED', StatusData). + Res = execute(Ep, admin_check_auth_body(), undefined), + ?assertAdminAuth(null, null, 'UNAUTHORIZED', Res). + +auth_domain_admin_checks_auth(Config) -> + {Username, _} = ?config(domain_admin, Config), + Domain = escalus_utils:get_server(Username), + Res = execute_domain_auth(admin_check_auth_body(), Config), + ?assertAdminAuth(Domain, 'DOMAIN_ADMIN', 'AUTHORIZED', Res). %% Helpers @@ -120,10 +136,6 @@ assert_auth(Auth, {Status, Data}) -> ?assertEqual({<<"200">>, <<"OK">>}, Status), ?assertMatch(#{<<"data">> := #{<<"checkAuth">> := Auth}}, Data). -user_password(User) -> - [{User, Props}] = escalus:get_users([User]), - proplists:get_value(password, Props). - get_graphiql_website(EpName) -> Request = #{port => graphql_helper:get_listener_port(EpName), @@ -133,3 +145,12 @@ get_graphiql_website(EpName) -> return_maps => true, path => "/graphql"}, rest_helper:make_request(Request). + +maybe_atom_to_bin(null) -> null; +maybe_atom_to_bin(X) -> atom_to_binary(X). + +admin_check_auth_body() -> + #{query => "{ checkAuth { domain authType authStatus } }"}. + +user_check_auth_body() -> + #{query => "{ checkAuth { username authStatus } }"}. diff --git a/big_tests/tests/graphql_helper.erl b/big_tests/tests/graphql_helper.erl index a94ba7abec..671d7d9bd8 100644 --- a/big_tests/tests/graphql_helper.erl +++ b/big_tests/tests/graphql_helper.erl @@ -2,8 +2,9 @@ -import(distributed_helper, [mim/0, rpc/4]). --export([execute/3, execute_auth/2, execute_user/3, get_listener_port/1, get_listener_config/1]). --export([init_admin_handler/1]). +-export([execute/3, execute_auth/2, execute_domain_auth/2, execute_user/3]). +-export([init_admin_handler/1, init_domain_admin_handler/1, end_domain_admin_handler/1]). +-export([get_listener_port/1, get_listener_config/1]). -export([get_ok_value/2, get_err_msg/1, get_err_msg/2, make_creds/1, user_to_bin/1, user_to_jid/1, user_to_full_bin/1]). @@ -30,6 +31,11 @@ execute_auth(Body, Config) -> Password = proplists:get_value(password, Opts), execute(Ep, Body, {User, Password}). +execute_domain_auth(Body, Config) -> + Ep = ?config(schema_endpoint, Config), + Creds = ?config(domain_admin, Config), + execute(Ep, Body, Creds). + execute_user(Body, User, Config) -> Ep = ?config(schema_endpoint, Config), Creds = make_creds(User), @@ -57,6 +63,18 @@ init_admin_handler(Config) -> ct:fail(<<"Admin credentials are not defined in config">>) end. +init_domain_admin_handler(Config) -> + Domain = domain_helper:domain(), + Password = base16:encode(crypto:strong_rand_bytes(8)), + Creds = {<<"admin@", Domain/binary>>, Password}, + ok = domain_helper:set_domain_password(mim(), Domain, Password), + [{domain_admin, Creds}, {schema_endpoint, domain_admin} | Config]. + +end_domain_admin_handler(Config) -> + {JID, _} = ?config(domain_admin, Config), + Domain = escalus_utils:get_server(JID), + domain_helper:delete_domain_password(mim(), Domain). + get_listener_opts(EpName) -> #{handlers := Handlers} = get_listener_config(EpName), [Opts2] = lists:filtermap( diff --git a/priv/graphql/schemas/admin/admin_auth_status.gql b/priv/graphql/schemas/admin/admin_auth_status.gql new file mode 100644 index 0000000000..62bafb42df --- /dev/null +++ b/priv/graphql/schemas/admin/admin_auth_status.gql @@ -0,0 +1,18 @@ +"Inforamtion about user request authorization" +type AdminAuthInfo{ + "Authorized for a domain" + domain: String + "Authorization status" + authStatus: AuthStatus! + "Authorization as a " + authType: AuthType +} + +enum AuthType{ + "" + DOMAIN_ADMIN + "" + ADMIN + "" + UNAUTHORIZED +} diff --git a/priv/graphql/schemas/admin/admin_schema.gql b/priv/graphql/schemas/admin/admin_schema.gql index f40ad07b65..b75e216288 100644 --- a/priv/graphql/schemas/admin/admin_schema.gql +++ b/priv/graphql/schemas/admin/admin_schema.gql @@ -9,7 +9,7 @@ Only an authenticated admin can execute these queries. """ type AdminQuery{ "Check authorization status" - checkAuth: AuthStatus + checkAuth: AdminAuthInfo "Domain management" domains: DomainAdminQuery "Account management" diff --git a/rel/fed1.vars-toml.config b/rel/fed1.vars-toml.config index 4ca3315dcb..e45c9c447c 100644 --- a/rel/fed1.vars-toml.config +++ b/rel/fed1.vars-toml.config @@ -51,7 +51,7 @@ port = {{ http_api_endpoint_port }}"}. {http_api_client_endpoint, "port = {{ http_api_client_endpoint_port }}"}. {http_graphql_api_admin_endpoint, "ip_address = \"127.0.0.1\" - port = {{http_qraphql_api_admin_endpoint_port}}"}. + port = {{http_graphql_api_admin_endpoint_port}}"}. {http_graphql_api_domain_admin_endpoint, "ip_address = \"0.0.0.0\" port = {{http_qraphql_api_domain_admin_endpoint_port}}"}. {http_graphql_api_user_endpoint, "ip_address = \"0.0.0.0\" diff --git a/rel/mim2.vars-toml.config b/rel/mim2.vars-toml.config index 388089f292..52700a33e6 100644 --- a/rel/mim2.vars-toml.config +++ b/rel/mim2.vars-toml.config @@ -25,7 +25,7 @@ {http_graphql_api_admin_endpoint, "ip_address = \"127.0.0.1\" port = {{http_qraphql_api_admin_endpoint_port}}"}. {http_graphql_api_domain_admin_endpoint, "ip_address = \"0.0.0.0\" - port = {{http_qraphql_api_domain_admin_endpoint_port}}"}. + port = {{http_graphql_api_domain_admin_endpoint_port}}"}. {http_graphql_api_user_endpoint, "ip_address = \"0.0.0.0\" port = {{http_graphql_api_user_endpoint_port}}"}. {http_api_old_endpoint, "ip_address = \"127.0.0.1\" diff --git a/rel/mim3.vars-toml.config b/rel/mim3.vars-toml.config index fa839f1d78..1db182103b 100644 --- a/rel/mim3.vars-toml.config +++ b/rel/mim3.vars-toml.config @@ -42,7 +42,7 @@ {http_graphql_api_admin_endpoint, "ip_address = \"127.0.0.1\" port = {{http_qraphql_api_admin_endpoint_port}}"}. {http_graphql_api_domain_admin_endpoint, "ip_address = \"0.0.0.0\" - port = {{http_qraphql_api_domain_admin_endpoint_port}}"}. + port = {{http_graphql_api_domain_admin_endpoint_port}}"}. {http_graphql_api_user_endpoint, "ip_address = \"0.0.0.0\" port = {{http_graphql_api_user_endpoint_port}}"}. {http_api_old_endpoint, "ip_address = \"127.0.0.1\" diff --git a/rel/reg1.vars-toml.config b/rel/reg1.vars-toml.config index 6226602ca0..74e1093ee4 100644 --- a/rel/reg1.vars-toml.config +++ b/rel/reg1.vars-toml.config @@ -42,7 +42,7 @@ {http_graphql_api_admin_endpoint, "ip_address = \"127.0.0.1\" port = {{http_qraphql_api_admin_endpoint_port}}"}. {http_graphql_api_domain_admin_endpoint, "ip_address = \"0.0.0.0\" - port = {{http_qraphql_api_domain_admin_endpoint_port}}"}. + port = {{http_graphql_api_domain_admin_endpoint_port}}"}. {http_graphql_api_user_endpoint, "ip_address = \"0.0.0.0\" port = {{http_graphql_api_user_endpoint_port}}"}. {http_api_old_endpoint, "ip_address = \"127.0.0.1\" diff --git a/rel/vars-toml.config.in b/rel/vars-toml.config.in index a11ce0b66a..46964aea25 100644 --- a/rel/vars-toml.config.in +++ b/rel/vars-toml.config.in @@ -44,7 +44,7 @@ {http_graphql_api_admin_endpoint, "ip_address = \"127.0.0.1\" port = {{http_graphql_api_admin_endpoint_port}}"}. {http_graphql_api_domain_admin_endpoint, "ip_address = \"0.0.0.0\" - port = {{http_qraphql_api_domain_admin_endpoint_port}}"}. + port = {{http_graphql_api_domain_admin_endpoint_port}}"}. {http_graphql_api_user_endpoint, "ip_address = \"0.0.0.0\" port = {{http_graphql_api_user_endpoint_port}}"}. {http_api_endpoint, "ip_address = \"127.0.0.1\" diff --git a/src/domain/mongoose_domain_api.erl b/src/domain/mongoose_domain_api.erl index 1b5476e671..9fc62c2ba7 100644 --- a/src/domain/mongoose_domain_api.erl +++ b/src/domain/mongoose_domain_api.erl @@ -15,6 +15,11 @@ get_all_static/0, get_domains_by_host_type/1]). +%% domain admin API +-export([check_domain_password/2, + set_domain_password/2, + delete_domain_password/1]). + %% subdomain API -export([register_subdomain/3, unregister_subdomain/2, @@ -72,6 +77,7 @@ delete_domain(Domain, HostType) -> Res = check_db(mongoose_domain_sql:delete_domain(Domain, HostType)), case Res of ok -> + delete_domain_password(Domain), mongoose_hooks:remove_domain(HostType, Domain); _ -> ok @@ -180,6 +186,33 @@ check_domain(Domain, HostType) -> ok end. +-type password() :: binary(). + +-spec check_domain_password(domain(), password()) -> ok | {error, wrong_password | not_found}. +check_domain_password(Domain, Password) -> + case mongoose_domain_sql:select_domain_admin(Domain) of + {ok, {Domain, Password}} -> + ok; + {ok, _} -> + {error, wrong_password}; + {error, not_found} -> + {error, not_found} + end. + +-spec set_domain_password(domain(), password()) -> ok | {error, not_found}. +set_domain_password(Domain, Password) -> + HostType = get_host_type(Domain), + case HostType of + {ok, _} -> + mongoose_domain_sql:set_domain_admin(Domain, Password); + {error, not_found} -> + {error, not_found} + end. + +-spec delete_domain_password(domain()) -> ok. +delete_domain_password(Domain) -> + mongoose_domain_sql:delete_domain_admin(Domain). + -spec register_subdomain(host_type(), subdomain_pattern(), mongoose_packet_handler:t()) -> ok | {error, already_registered | subdomain_already_exists}. diff --git a/src/domain/mongoose_domain_sql.erl b/src/domain/mongoose_domain_sql.erl index fe928fd23f..b4594d9537 100644 --- a/src/domain/mongoose_domain_sql.erl +++ b/src/domain/mongoose_domain_sql.erl @@ -87,15 +87,15 @@ start(#{db_pool := Pool}) -> %% Admins prepare(domain_insert_admin, domain_admin, [domain, password], <<"INSERT INTO domain_admin (domain, password) VALUES (?, ?)">>), - prepare(domain_update_admin_password, domain_admin, [password, domain], + prepare(domain_update_admin, domain_admin, [password, domain], <<"UPDATE domain_admin" - "SET password = ? " - "WHERE domain = ?">>), + " SET password = ? " + " WHERE domain = ?">>), prepare(domain_delete_admin, domain_admin, [domain], <<"DELETE FROM domain_admin WHERE domain = ?">>), - prepare(domain_admin_select, domain_admin, [domain], + prepare(domain_select_admin, domain_admin, [domain], <<"SELECT domain, password" - "FROM domain_admin WHERE domain = ?">>), + " FROM domain_admin WHERE domain = ?">>), ok. prepare_test_queries(Pool) -> @@ -166,7 +166,7 @@ enable_domain(Domain) -> select_domain_admin(Domain) -> Pool = get_db_pool(), - case execute_successfully(Pool, domain_admin_select, [Domain]) of + case execute_successfully(Pool, domain_select_admin, [Domain]) of {selected, []} -> {error, not_found}; {selected, [Row]} -> @@ -197,14 +197,13 @@ delete_domain_admin(Domain) -> end). insert_domain_admin(Pool, Domain, Password) -> - execute_successfully(Pool, insert_domain_admin, [Domain, Password]). + execute_successfully(Pool, domain_insert_admin, [Domain, Password]). update_domain_admin(Pool, Domain, Password) -> - execute_successfully(Pool, update_domain_admin_password, [Domain, Password]). + execute_successfully(Pool, domain_update_admin, [Domain, Password]). delete_domain_admin(Pool, Domain) -> - execute_successfully(Pool, delete_domain_admin, [Domain]). - + execute_successfully(Pool, domain_delete_admin, [Domain]). %% Returns smallest id first select_from(FromId, Limit) -> diff --git a/src/graphql/admin/mongoose_graphql_admin_auth_info.erl b/src/graphql/admin/mongoose_graphql_admin_auth_info.erl new file mode 100644 index 0000000000..b05fa7728d --- /dev/null +++ b/src/graphql/admin/mongoose_graphql_admin_auth_info.erl @@ -0,0 +1,27 @@ +-module(mongoose_graphql_admin_auth_info). +-behaviour(mongoose_graphql). + +-export([execute/4]). + +-ignore_xref([execute/4]). + +-include_lib("jid/include/jid.hrl"). + +execute(#{authorized := Authorized}, admin, <<"authStatus">>, _Args) -> + case Authorized of + true -> + {ok, 'AUTHORIZED'}; + false -> + {ok, 'UNAUTHORIZED'} + end; +execute(Ctx, admin, <<"domain">>, _Args) -> + case maps:get(user, Ctx, null) of + null -> {ok, null}; + #jid{lserver = Domain} -> {ok, Domain} + end; +execute(Ctx, admin, <<"authType">>, _Args) -> + case maps:get(authorized_as, Ctx, null) of + null -> {ok, null}; + domain_admin -> {ok, domain_admin}; + admin -> {ok, admin} + end. diff --git a/src/graphql/admin/mongoose_graphql_admin_query.erl b/src/graphql/admin/mongoose_graphql_admin_query.erl index 77c61a5d43..b80db073c7 100644 --- a/src/graphql/admin/mongoose_graphql_admin_query.erl +++ b/src/graphql/admin/mongoose_graphql_admin_query.erl @@ -21,10 +21,5 @@ execute(_Ctx, _Obj, <<"stanza">>, _Args) -> {ok, #{}}; execute(_Ctx, _Obj, <<"roster">>, _Args) -> {ok, roster}; -execute(#{authorized := Authorized}, _Obj, <<"checkAuth">>, _Args) -> - case Authorized of - true -> - {ok, 'AUTHORIZED'}; - false -> - {ok, 'UNAUTHORIZED'} - end. +execute(_Ctx, _Obj, <<"checkAuth">>, _Args) -> + {ok, admin}. diff --git a/src/graphql/admin/mongoose_graphql_domain_admin_mutation.erl b/src/graphql/admin/mongoose_graphql_domain_admin_mutation.erl index 780f38f337..4a172a3eba 100644 --- a/src/graphql/admin/mongoose_graphql_domain_admin_mutation.erl +++ b/src/graphql/admin/mongoose_graphql_domain_admin_mutation.erl @@ -36,17 +36,18 @@ execute(_Ctx, admin, <<"disableDomain">>, #{<<"domain">> := Domain}) -> {error, Error} -> error_handler(Error, Domain, <<"">>) end; -execute(_Ctx, admin, <<"setDomainAdmin">>, #{<<"domain">> := Domain, <<"password">> := Password}) -> - case mongoose_domain_sql:select_domain_admin(Domain, Password) of +execute(_Ctx, admin, <<"setDomainPassword">>, + #{<<"domain">> := Domain, <<"password">> := Password}) -> + case mongoose_domain_api:set_domain_password(Domain, Password) of ok -> - {ok, <<"Domain password updated successfully">>}; + {ok, <<"Domain password set successfully">>}; {error, Error} -> error_handler(Error, Domain, <<"">>) end; -execute(_Ctx, admin, <<"deleteDomainAdmin">>, #{<<"domain">> := Domain}) -> - case mongoose_domain_sql:select_domain_admin(Domain) of +execute(_Ctx, admin, <<"deleteDomainPassword">>, #{<<"domain">> := Domain}) -> + case mongoose_domain_api:delete_domain_password(Domain) of ok -> - {ok, <<"Domain admin disabled successfully">>}; + {ok, <<"Domain admin deleted successfully">>}; {error, Error} -> error_handler(Error, Domain, <<"">>) end. diff --git a/src/graphql/mongoose_graphql.erl b/src/graphql/mongoose_graphql.erl index 5db8a2aead..1d482e5d64 100644 --- a/src/graphql/mongoose_graphql.erl +++ b/src/graphql/mongoose_graphql.erl @@ -128,6 +128,7 @@ graphql_parse(Doc) -> admin_mapping_rules() -> #{objects => #{ 'AdminQuery' => mongoose_graphql_admin_query, + 'AdminAuthInfo' => mongoose_graphql_admin_auth_info, 'DomainAdminQuery' => mongoose_graphql_domain_admin_query, 'AdminMutation' => mongoose_graphql_admin_mutation, 'DomainAdminMutation' => mongoose_graphql_domain_admin_mutation, diff --git a/src/graphql/mongoose_graphql_cowboy_handler.erl b/src/graphql/mongoose_graphql_cowboy_handler.erl index 9a088cb3d7..7fa3509137 100644 --- a/src/graphql/mongoose_graphql_cowboy_handler.erl +++ b/src/graphql/mongoose_graphql_cowboy_handler.erl @@ -126,10 +126,22 @@ auth_admin(_, State) -> {ok, State#{authorized => true, schema_ctx => #{authorized_as => admin}}}. -auth_domain_admin({basic, Username, _Password}, State) -> - {ok, State#{authorized => true, - schema_ctx => #{authorized_as => domain_admin, - admin => jid:from_binary(Username)}}}. +auth_domain_admin({basic, Username, Password}, State) -> + case jid:to_lus(jid:from_binary(Username)) of + {<<"admin">>, Domain} -> + case mongoose_domain_api:check_domain_password(Domain, Password) of + ok -> + {ok, State#{authorized => true, + schema_ctx => #{authorized_as => domain_admin, + user => jid:from_binary(Username)}}}; + {error, _} -> + error + end; + _ -> + error + end; +auth_domain_admin(_, State) -> + {ok, State#{authorized => false}}. run_request(#{document := undefined}, Req, State) -> reply_error(make_error(decode, no_query_supplied), Req, State); diff --git a/src/graphql/mongoose_graphql_enum.erl b/src/graphql/mongoose_graphql_enum.erl index 930bb971aa..389d028fbf 100644 --- a/src/graphql/mongoose_graphql_enum.erl +++ b/src/graphql/mongoose_graphql_enum.erl @@ -10,6 +10,8 @@ input(<<"PresenceType">>, Type) -> {ok, list_to_binary(string:to_lower(binary_to_list(Type)))}; input(<<"AuthStatus">>, <<"AUTHORIZED">>) -> {ok, 'AUTHORIZED'}; input(<<"AuthStatus">>, <<"UNAUTHORIZED">>) -> {ok, 'UNAUTHORIZED'}; +input(<<"AuthType">>, <<"ADMIN">>) -> {ok, admin}; +input(<<"AuthType">>, <<"DOMAIN_ADMIN">>) -> {ok, domain_admin}; input(<<"Affiliation">>, <<"OWNER">>) -> {ok, owner}; input(<<"Affiliation">>, <<"MEMBER">>) -> {ok, member}; input(<<"Affiliation">>, <<"NONE">>) -> {ok, none}; @@ -34,6 +36,8 @@ output(<<"PresenceType">>, Type) -> {ok, list_to_binary(string:to_upper(binary_to_list(Type)))}; output(<<"AuthStatus">>, Status) -> {ok, atom_to_binary(Status, utf8)}; +output(<<"AuthType">>, Type) -> + {ok, list_to_binary(string:to_upper(atom_to_list(Type)))}; output(<<"Affiliation">>, Aff) -> {ok, list_to_binary(string:to_upper(atom_to_list(Aff)))}; output(<<"BlockingAction">>, Action) ->