From 4107d37106cc2548655b312cbfb0595fdcddcd2b Mon Sep 17 00:00:00 2001
From: bluepython508 <bluepython508@users.noreply.github.io>
Date: Fri, 10 Nov 2023 21:24:32 +0000
Subject: [PATCH] Allow disabling registration, add Interactive module with
 tools

---
 lib/sso_bsn/accounts.ex    |  1 +
 lib/sso_bsn/interactive.ex | 47 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 lib/sso_bsn/interactive.ex

diff --git a/lib/sso_bsn/accounts.ex b/lib/sso_bsn/accounts.ex
index bc1af64..e67bd82 100644
--- a/lib/sso_bsn/accounts.ex
+++ b/lib/sso_bsn/accounts.ex
@@ -60,6 +60,7 @@ defmodule SsoBsn.Accounts do
 
   """
   def register_user(attrs) do
+    if not Application.get_env(:sso_bsn, :enable_registration, false), do: raise "Cannot register a user: disabled"
     %User{}
     |> User.registration_changeset(attrs)
     |> Repo.insert()
diff --git a/lib/sso_bsn/interactive.ex b/lib/sso_bsn/interactive.ex
new file mode 100644
index 0000000..c775280
--- /dev/null
+++ b/lib/sso_bsn/interactive.ex
@@ -0,0 +1,47 @@
+defmodule SsoBsn.Interactive do
+  def allow_registrations(allow \\ true),
+    do: Application.put_env(:sso_bsn, :enable_registration, allow)
+
+  def migrate(),
+    do:
+      Ecto.Migrator.run(SsoBsn.Repo, Application.app_dir(:sso_bsn, "priv/repo/migrations"), :up,
+        all: true
+      )
+
+  def add_oauth_client(name, redirects, opts \\ []) do
+    id = SecureRandom.uuid()
+    secret = SecureRandom.hex(64)
+
+    Boruta.Ecto.Admin.create_client(
+      %{
+        # OAuth client_id
+        id: id,
+        # OAuth client_secret
+        secret: secret,
+        # Display name
+        name: name,
+        # OAuth client redirect_uris
+        redirect_uris: redirects,
+        # PKCE enabled
+        pkce: false,
+        # do not require client_secret for refreshing tokens
+        public_refresh_token: true,
+        # do not require client_secret for revoking tokens
+        public_revoke: false,
+        # see OAuth 2.0 confidentiality (requires client secret for some flows)
+        confidential: false,
+        # activable client authentication methods
+        token_endpoint_auth_methods: [
+          "client_secret_basic",
+          "client_secret_post",
+          "client_secret_jwt",
+          "private_key_jwt"
+        ]
+      }
+      |> Map.merge(opts |> Enum.into(%{}))
+    )
+    |> dbg()
+
+    {id, secret}
+  end
+end