Guardian Authorization & Dializer

mushu8 · November 5, 2020, 3:02pm

Hi,

I followed some tutorials and read Hex documentation on Guardian authorization but i get a warning on a basic implementation :

The @spec for the function does not match the success typing of the function.

Function:
CTAPI.Guardian.available_permissions/0

Success typing:
@spec available_permissions() :: %{:default => [:read_users | :write_users, ...]}

Here is my implementation :

defmodule CTAPI.Guardian do
  @moduledoc """
  Integration with Guardian
  """
  use Guardian, otp_app: :ct_api

  use Guardian.Permissions, encoding: Guardian.Permissions.BitwiseEncoding # <- warning on this line

  def subject_for_token(%{id: id}, _claims) do
    {:ok, to_string(id)}
  end

  def subject_for_token(_, _) do
    {:error, :no_resource_id}
  end

  def resource_from_claims(%{"sub" => sub}) do
    {:ok, CTAPI.Account.get_user!(sub)}
  end

  def resource_from_claims(_claims) do
    {:error, :no_claims_sub}
  end

  def build_claims(claims, _resource, opts) do
    claims =
      claims
      |> encode_permissions_into_claims!(Keyword.get(opts, :permissions))

    {:ok, claims}
  end
end

Erlang/OTP 23 [erts-11.0.2] [source] [64-bit] [smp:6:6] [ds:6:6:10] [async-threads:1] [hipe] [dtrace]
Elixir 1.10.3 (compiled with Erlang/OTP 22)

Can someone at least tell me if i have to fork and fix Gardian for this version of elixir or if i can fix my code please ?

Best regards,

al2o3cr · November 5, 2020, 6:30pm

There’s prior discussion of this on the Guardian issue tracker:

The issue appears to be that the generated available_permissions function declares a return type of Guardian.Permission.t() but the code that sets @available_permissions returns a map with a different shape:

github.com

ueberauth/guardian/blob/ef1b52e831eaaa5589cd54da32aa8ec4e0c57d80/lib/guardian/permissions.ex#L370-L375


def available_from_normalized(perms) do
  for {k, v} <- perms, into: %{} do
    list = v |> Map.keys() |> Enum.map(&String.to_atom/1)
    {String.to_atom(k), list}
  end
end

Changing the spec on available_permissions to Guardian.Permission.input_permissions would likely fix the error.

The comments on the issue up top that mention "running Dialyzer on master" are a red herring - this code will only cause Dialyzer errors when it’s used in a module, and Dialyzer doesn’t check exs files like tests…

mushu8 · November 5, 2020, 11:05pm

Thank you for your answer.
I was trying to remove an annoying warning and i’ve finally decided to implement authorization without help of Guardian.