How to add multi-tenancy to users with an ash_authentication based app?

Hey everyone. I was trying to add multi tenancy (attribute-based) to my existing application that’s running ash_authentication.

To do this I needed to tie users to a new organizations resource upon account creation.

I wanted to hook into the existing register_with_password action since that’s already being used by some of my tests + the generated UI, but I wasn’t having much success in finding a way into the lifecycle of that action.

I tried overwriting the action in my resource by creating my own register_with_password field. But I quit getting errors upon compiling when I had just this bit of code:

    create :register_with_password do
      argument :password, :string, allow_nil?: false, sensitive?: true
      argument :password_confirmation, :string, allow_nil?: false, sensitive?: true
      change AshAuthentication.GenerateTokenChange
      change AshAuthentication.Strategy.Password.HashPasswordChange
      validate AshAuthentication.Strategy.Password.PasswordConfirmationValidation
    end

From here looking at the HashPasswordChange documentation it looks like it should handle the hashing of the password, but if I try to use this new action, I get an error telling me that I’m missing the :hashed_password field in my changeset.

Was curious if anyone else had tried to do this and could point me in the right direction, or maybe I’m approaching the problem from the wrong angle?

1 Like

Try adding accept [:email]

Sorry, worth mentioning I’m still on 2.21, not on 3.0 yet. So accept should have email covered by default correct? Regardless I tried and didn’t see any difference there.

This is the whole resource for posterities sake. I don’t think I’ve changed anything from the tutorial other than the multi-tenancy bit. The other attempt I made at implementing the internals with the :sign_in_with_password works no problem for what it’s worth.

defmodule Smol.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication]

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
  end

  authentication do
    api Smol.Accounts

    strategies do
      password :password do
        identity_field :email
        sign_in_tokens_enabled? true
      end
    end

    tokens do
      enabled? true
      token_resource Smol.Accounts.Token

      signing_secret Smol.Accounts.Secrets
    end
  end

  code_interface do
    define_for Smol.Accounts

    define :create, action: :create
    define :read, action: :read
    define :update, action: :update
    define :delete, action: :destroy
  end

  actions do
    defaults [:create, :update, :destroy]

    create :register_with_password do
      argument :password, :string, allow_nil?: false, sensitive?: true
      argument :password_confirmation, :string, allow_nil?: false, sensitive?: true
      validate AshAuthentication.Strategy.Password.PasswordConfirmationValidation
      change AshAuthentication.Strategy.Password.HashPasswordChange
      change AshAuthentication.GenerateTokenChange
    end

    read :sign_in_with_password do
      argument :email, :ci_string, allow_nil?: false
      argument :password, :string, allow_nil?: false, sensitive?: true
      prepare AshAuthentication.Strategy.Password.SignInPreparation
    end

    read :read do
      prepare build(load: [:team])
    end
  end

  postgres do
    table "users"
    repo Smol.Repo
  end

  identities do
    identity :unique_email, [:email]
  end
 # commented out while trying to implement :register_with_password action
  # multitenancy do
  #   strategy :attribute
  #   attribute :team_id
  # end

  relationships do
    belongs_to :team, Smol.Teams.Team
  end
end

Try adding allow_nil_input [:hashed_password]? I believe in 3.0 that should not be necessary, but perhaps it is in 2.0, I don’t recall for sure :slight_smile:

1 Like

That did the trick! thank you so much :pray:

1 Like