prevent unconfirmed users from logging in

This commit is contained in:
shibao 2022-02-16 22:17:26 -05:00
parent 025706e391
commit 8f807c2ebc
3 changed files with 23 additions and 7 deletions

View File

@ -111,7 +111,8 @@ defmodule Cannery.Accounts do
# if no registered users, make first user an admin # if no registered users, make first user an admin
role = role =
if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0, if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0,
do: "admin", else: "user" do: "admin",
else: "user"
%User{} |> User.registration_changeset(attrs |> Map.put("role", role)) |> Repo.insert() %User{} |> User.registration_changeset(attrs |> Map.put("role", role)) |> Repo.insert()
end end
@ -376,7 +377,7 @@ defmodule Cannery.Accounts do
end end
@spec confirm_user_multi(User.t()) :: Multi.t() @spec confirm_user_multi(User.t()) :: Multi.t()
defp confirm_user_multi(user) do def confirm_user_multi(user) do
Multi.new() Multi.new()
|> Multi.update(:user, User.confirm_changeset(user)) |> Multi.update(:user, User.confirm_changeset(user))
|> Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, ["confirm"])) |> Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, ["confirm"]))

View File

@ -6,7 +6,7 @@ defmodule CanneryWeb.UserAuth do
import Plug.Conn import Plug.Conn
import Phoenix.Controller import Phoenix.Controller
import CanneryWeb.Gettext import CanneryWeb.Gettext
alias Cannery.Accounts alias Cannery.{Accounts, Accounts.User}
alias CanneryWeb.HomeLive alias CanneryWeb.HomeLive
alias CanneryWeb.Router.Helpers, as: Routes alias CanneryWeb.Router.Helpers, as: Routes
@ -29,7 +29,17 @@ defmodule CanneryWeb.UserAuth do
disconnected on log out. The line can be safely removed disconnected on log out. The line can be safely removed
if you are not using LiveView. if you are not using LiveView.
""" """
def log_in_user(conn, user, params \\ %{}) do def log_in_user(conn, user, params \\ %{})
def log_in_user(conn, %User{confirmed_at: nil}, params) do
conn
|> put_flash(:error, dgettext("errors", "You must confirm your account and log in to access this page."))
|> maybe_store_return_to()
|> redirect(to: Routes.user_session_path(conn, :new))
|> halt()
end
def log_in_user(conn, user, params) do
token = Accounts.generate_user_session_token(user) token = Accounts.generate_user_session_token(user)
user_return_to = get_session(conn, :user_return_to) user_return_to = get_session(conn, :user_return_to)
@ -142,7 +152,7 @@ defmodule CanneryWeb.UserAuth do
conn conn
else else
conn conn
|> put_flash(:error, dgettext("errors", "You must log in to access this page.")) |> put_flash(:error, dgettext("errors", "You must confirm your account and log in to access this page."))
|> maybe_store_return_to() |> maybe_store_return_to()
|> redirect(to: Routes.user_session_path(conn, :new)) |> redirect(to: Routes.user_session_path(conn, :new))
|> halt() |> halt()

View File

@ -17,6 +17,7 @@ defmodule CanneryWeb.ConnCase do
use ExUnit.CaseTemplate use ExUnit.CaseTemplate
import Cannery.Fixtures import Cannery.Fixtures
alias Cannery.{Accounts, Repo}
alias Ecto.Adapters.SQL.Sandbox alias Ecto.Adapters.SQL.Sandbox
using do using do
@ -49,8 +50,12 @@ defmodule CanneryWeb.ConnCase do
test context. test context.
""" """
def register_and_log_in_user(%{conn: conn}) do def register_and_log_in_user(%{conn: conn}) do
user = user_fixture() current_user = user_fixture()
%{conn: log_in_user(conn, user), user: user}
{:ok, %{user: current_user}} =
current_user |> Accounts.confirm_user_multi() |> Repo.transaction()
%{conn: log_in_user(conn, current_user), current_user: current_user}
end end
@doc """ @doc """