forked from shibao/cannery
prevent unconfirmed users from logging in
This commit is contained in:
parent
025706e391
commit
8f807c2ebc
@ -111,7 +111,8 @@ defmodule Cannery.Accounts do
|
|||||||
# if no registered users, make first user an admin
|
# if no registered users, make first user an admin
|
||||||
role =
|
role =
|
||||||
if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0,
|
if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0,
|
||||||
do: "admin", else: "user"
|
do: "admin",
|
||||||
|
else: "user"
|
||||||
|
|
||||||
%User{} |> User.registration_changeset(attrs |> Map.put("role", role)) |> Repo.insert()
|
%User{} |> User.registration_changeset(attrs |> Map.put("role", role)) |> Repo.insert()
|
||||||
end
|
end
|
||||||
@ -376,7 +377,7 @@ defmodule Cannery.Accounts do
|
|||||||
end
|
end
|
||||||
|
|
||||||
@spec confirm_user_multi(User.t()) :: Multi.t()
|
@spec confirm_user_multi(User.t()) :: Multi.t()
|
||||||
defp confirm_user_multi(user) do
|
def confirm_user_multi(user) do
|
||||||
Multi.new()
|
Multi.new()
|
||||||
|> Multi.update(:user, User.confirm_changeset(user))
|
|> Multi.update(:user, User.confirm_changeset(user))
|
||||||
|> Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, ["confirm"]))
|
|> Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, ["confirm"]))
|
||||||
|
@ -6,7 +6,7 @@ defmodule CanneryWeb.UserAuth do
|
|||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
import Phoenix.Controller
|
import Phoenix.Controller
|
||||||
import CanneryWeb.Gettext
|
import CanneryWeb.Gettext
|
||||||
alias Cannery.Accounts
|
alias Cannery.{Accounts, Accounts.User}
|
||||||
alias CanneryWeb.HomeLive
|
alias CanneryWeb.HomeLive
|
||||||
alias CanneryWeb.Router.Helpers, as: Routes
|
alias CanneryWeb.Router.Helpers, as: Routes
|
||||||
|
|
||||||
@ -29,7 +29,17 @@ defmodule CanneryWeb.UserAuth do
|
|||||||
disconnected on log out. The line can be safely removed
|
disconnected on log out. The line can be safely removed
|
||||||
if you are not using LiveView.
|
if you are not using LiveView.
|
||||||
"""
|
"""
|
||||||
def log_in_user(conn, user, params \\ %{}) do
|
def log_in_user(conn, user, params \\ %{})
|
||||||
|
|
||||||
|
def log_in_user(conn, %User{confirmed_at: nil}, params) do
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, dgettext("errors", "You must confirm your account and log in to access this page."))
|
||||||
|
|> maybe_store_return_to()
|
||||||
|
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
|
||||||
|
def log_in_user(conn, user, params) do
|
||||||
token = Accounts.generate_user_session_token(user)
|
token = Accounts.generate_user_session_token(user)
|
||||||
user_return_to = get_session(conn, :user_return_to)
|
user_return_to = get_session(conn, :user_return_to)
|
||||||
|
|
||||||
@ -142,7 +152,7 @@ defmodule CanneryWeb.UserAuth do
|
|||||||
conn
|
conn
|
||||||
else
|
else
|
||||||
conn
|
conn
|
||||||
|> put_flash(:error, dgettext("errors", "You must log in to access this page."))
|
|> put_flash(:error, dgettext("errors", "You must confirm your account and log in to access this page."))
|
||||||
|> maybe_store_return_to()
|
|> maybe_store_return_to()
|
||||||
|> redirect(to: Routes.user_session_path(conn, :new))
|
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||||
|> halt()
|
|> halt()
|
||||||
|
@ -17,6 +17,7 @@ defmodule CanneryWeb.ConnCase do
|
|||||||
|
|
||||||
use ExUnit.CaseTemplate
|
use ExUnit.CaseTemplate
|
||||||
import Cannery.Fixtures
|
import Cannery.Fixtures
|
||||||
|
alias Cannery.{Accounts, Repo}
|
||||||
alias Ecto.Adapters.SQL.Sandbox
|
alias Ecto.Adapters.SQL.Sandbox
|
||||||
|
|
||||||
using do
|
using do
|
||||||
@ -49,8 +50,12 @@ defmodule CanneryWeb.ConnCase do
|
|||||||
test context.
|
test context.
|
||||||
"""
|
"""
|
||||||
def register_and_log_in_user(%{conn: conn}) do
|
def register_and_log_in_user(%{conn: conn}) do
|
||||||
user = user_fixture()
|
current_user = user_fixture()
|
||||||
%{conn: log_in_user(conn, user), user: user}
|
|
||||||
|
{:ok, %{user: current_user}} =
|
||||||
|
current_user |> Accounts.confirm_user_multi() |> Repo.transaction()
|
||||||
|
|
||||||
|
%{conn: log_in_user(conn, current_user), current_user: current_user}
|
||||||
end
|
end
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
|
Loading…
Reference in New Issue
Block a user