upgrade to phoenix 1.7
This commit is contained in:
@ -3,12 +3,11 @@ defmodule CanneryWeb.UserAuth do
|
||||
Functions for user session and authentication
|
||||
"""
|
||||
|
||||
use CanneryWeb, :verified_routes
|
||||
import Plug.Conn
|
||||
import Phoenix.Controller
|
||||
import CanneryWeb.Gettext
|
||||
alias Cannery.{Accounts, Accounts.User}
|
||||
alias CanneryWeb.HomeLive
|
||||
alias CanneryWeb.Router.Helpers, as: Routes
|
||||
|
||||
# Make the remember me cookie valid for 60 days.
|
||||
# If you want bump or reduce this value, also change
|
||||
@ -39,7 +38,7 @@ defmodule CanneryWeb.UserAuth do
|
||||
dgettext("errors", "You must confirm your account and log in to access this page.")
|
||||
)
|
||||
|> maybe_store_return_to()
|
||||
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||
|> redirect(to: ~p"/users/log_in")
|
||||
|> halt()
|
||||
end
|
||||
|
||||
@ -49,8 +48,7 @@ defmodule CanneryWeb.UserAuth do
|
||||
|
||||
conn
|
||||
|> renew_session()
|
||||
|> put_session(:user_token, token)
|
||||
|> put_session(:live_socket_id, "users_sessions:#{Base.url_encode64(token)}")
|
||||
|> put_token_in_session(token)
|
||||
|> maybe_write_remember_me_cookie(token, params)
|
||||
|> redirect(to: user_return_to || signed_in_path(conn))
|
||||
end
|
||||
@ -96,7 +94,7 @@ defmodule CanneryWeb.UserAuth do
|
||||
"""
|
||||
def log_out_user(conn) do
|
||||
user_token = get_session(conn, :user_token)
|
||||
user_token && Accounts.delete_session_token(user_token)
|
||||
user_token && Accounts.delete_user_session_token(user_token)
|
||||
|
||||
if live_socket_id = get_session(conn, :live_socket_id) do
|
||||
CanneryWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
|
||||
@ -105,7 +103,7 @@ defmodule CanneryWeb.UserAuth do
|
||||
conn
|
||||
|> renew_session()
|
||||
|> delete_resp_cookie(@remember_me_cookie)
|
||||
|> redirect(to: "/")
|
||||
|> redirect(to: ~p"/")
|
||||
end
|
||||
|
||||
@doc """
|
||||
@ -119,19 +117,110 @@ defmodule CanneryWeb.UserAuth do
|
||||
end
|
||||
|
||||
defp ensure_user_token(conn) do
|
||||
if user_token = get_session(conn, :user_token) do
|
||||
{user_token, conn}
|
||||
if token = get_session(conn, :user_token) do
|
||||
{token, conn}
|
||||
else
|
||||
conn = fetch_cookies(conn, signed: [@remember_me_cookie])
|
||||
|
||||
if user_token = conn.cookies[@remember_me_cookie] do
|
||||
{user_token, put_session(conn, :user_token, user_token)}
|
||||
if token = conn.cookies[@remember_me_cookie] do
|
||||
{token, put_token_in_session(conn, token)}
|
||||
else
|
||||
{nil, conn}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
Handles mounting and authenticating the current_user in LiveViews.
|
||||
|
||||
## `on_mount` arguments
|
||||
|
||||
* `:mount_current_user` - Assigns current_user
|
||||
to socket assigns based on user_token, or nil if
|
||||
there's no user_token or no matching user.
|
||||
|
||||
* `:ensure_authenticated` - Authenticates the user from the session,
|
||||
and assigns the current_user to socket assigns based
|
||||
on user_token.
|
||||
Redirects to login page if there's no logged user.
|
||||
|
||||
* `:redirect_if_user_is_authenticated` - Authenticates the user from the session.
|
||||
Redirects to signed_in_path if there's a logged user.
|
||||
|
||||
## Examples
|
||||
|
||||
Use the `on_mount` lifecycle macro in LiveViews to mount or authenticate
|
||||
the current_user:
|
||||
|
||||
defmodule CanneryWeb.PageLive do
|
||||
use CanneryWeb, :live_view
|
||||
|
||||
on_mount {CanneryWeb.UserAuth, :mount_current_user}
|
||||
...
|
||||
end
|
||||
|
||||
Or use the `live_session` of your router to invoke the on_mount callback:
|
||||
|
||||
live_session :authenticated, on_mount: [{CanneryWeb.UserAuth, :ensure_authenticated}] do
|
||||
live "/profile", ProfileLive, :index
|
||||
end
|
||||
"""
|
||||
def on_mount(:mount_current_user, _params, session, socket) do
|
||||
{:cont, mount_current_user(session, socket)}
|
||||
end
|
||||
|
||||
def on_mount(:ensure_authenticated, _params, session, socket) do
|
||||
socket = mount_current_user(session, socket)
|
||||
|
||||
if socket.assigns.current_user do
|
||||
{:cont, socket}
|
||||
else
|
||||
error_flash = dgettext("errors", "You must log in to access this page.")
|
||||
|
||||
socket =
|
||||
socket
|
||||
|> Phoenix.LiveView.put_flash(:error, error_flash)
|
||||
|> Phoenix.LiveView.redirect(to: ~p"/users/log_in")
|
||||
|
||||
{:halt, socket}
|
||||
end
|
||||
end
|
||||
|
||||
def on_mount(:ensure_admin, _params, session, socket) do
|
||||
socket = mount_current_user(session, socket)
|
||||
|
||||
if socket.assigns.current_user && socket.assigns.current_user.role == :admin do
|
||||
{:cont, socket}
|
||||
else
|
||||
error_flash = dgettext("errors", "You must log in as an administrator to access this page.")
|
||||
|
||||
socket =
|
||||
socket
|
||||
|> Phoenix.LiveView.put_flash(:error, error_flash)
|
||||
|> Phoenix.LiveView.redirect(to: ~p"/users/log_in")
|
||||
|
||||
{:halt, socket}
|
||||
end
|
||||
end
|
||||
|
||||
def on_mount(:redirect_if_user_is_authenticated, _params, session, socket) do
|
||||
socket = mount_current_user(session, socket)
|
||||
|
||||
if socket.assigns.current_user do
|
||||
{:halt, Phoenix.LiveView.redirect(socket, to: signed_in_path(socket))}
|
||||
else
|
||||
{:cont, socket}
|
||||
end
|
||||
end
|
||||
|
||||
defp mount_current_user(session, socket) do
|
||||
Phoenix.Component.assign_new(socket, :current_user, fn ->
|
||||
if user_token = session["user_token"] do
|
||||
Accounts.get_user_by_session_token(user_token)
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
@doc """
|
||||
Used for routes that require the user to not be authenticated.
|
||||
"""
|
||||
@ -161,7 +250,7 @@ defmodule CanneryWeb.UserAuth do
|
||||
dgettext("errors", "You must confirm your account and log in to access this page.")
|
||||
)
|
||||
|> maybe_store_return_to()
|
||||
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||
|> redirect(to: ~p"/users/log_in")
|
||||
|> halt()
|
||||
end
|
||||
end
|
||||
@ -176,16 +265,34 @@ defmodule CanneryWeb.UserAuth do
|
||||
conn
|
||||
|> put_flash(:error, dgettext("errors", "You are not authorized to view this page."))
|
||||
|> maybe_store_return_to()
|
||||
|> redirect(to: Routes.live_path(conn, HomeLive))
|
||||
|> redirect(to: ~p"/")
|
||||
|> halt()
|
||||
end
|
||||
end
|
||||
|
||||
def put_user_locale(%{assigns: %{current_user: %{locale: locale}}} = conn, _opts) do
|
||||
default = Application.fetch_env!(:gettext, :default_locale)
|
||||
Gettext.put_locale(locale || default)
|
||||
conn |> put_session(:locale, locale || default)
|
||||
end
|
||||
|
||||
def put_user_locale(conn, _opts) do
|
||||
default = Application.fetch_env!(:gettext, :default_locale)
|
||||
Gettext.put_locale(default)
|
||||
conn |> put_session(:locale, default)
|
||||
end
|
||||
|
||||
defp put_token_in_session(conn, token) do
|
||||
conn
|
||||
|> put_session(:user_token, token)
|
||||
|> put_session(:live_socket_id, "users_sessions:#{Base.url_encode64(token)}")
|
||||
end
|
||||
|
||||
defp maybe_store_return_to(%{method: "GET"} = conn) do
|
||||
put_session(conn, :user_return_to, current_path(conn))
|
||||
end
|
||||
|
||||
defp maybe_store_return_to(conn), do: conn
|
||||
|
||||
defp signed_in_path(_conn), do: "/"
|
||||
defp signed_in_path(_conn), do: ~p"/"
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user