Skip to content

Instantly share code, notes, and snippets.

@Devalo
Created May 24, 2016 20:09
Show Gist options
  • Save Devalo/80da003f0626a73cd4ce0cd28e7fdfa5 to your computer and use it in GitHub Desktop.
Save Devalo/80da003f0626a73cd4ce0cd28e7fdfa5 to your computer and use it in GitHub Desktop.
Auth. When registering a new user, it checks if password and email is correct, and invoke login/2 which assigns :current_user and pipes through Guardian.Plug.sign_in. It raises error when using @current_user in views, saying assign @current_user not available in eex template.
defmodule Cvapp.Auth do
import Comeonin.Bcrypt, only: [checkpw: 2, dummy_checkpw: 0]
import Plug.Conn
def login(conn, user) do
conn
|> assign(:current_user, user)
|> Guardian.Plug.sign_in(user)
end
def login_by_email_and_pass(conn, email, given_pass, opts) do
repo = Keyword.fetch!(opts, :repo)
user = repo.get_by(Cvapp.User, email: email)
cond do
user && checkpw(given_pass, user.password_hash) ->
{:ok, login(conn, user)}
user ->
{:error, :unauthorized, conn}
true ->
dummy_checkpw()
{:error, :not_found, conn}
end
end
end
defmodule Cvapp.Router do
use Cvapp.Web, :router
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
end
pipeline :browser_auth do
plug Guardian.Plug.VerifySession
plug Guardian.Plug.LoadResource
end
pipeline :api do
plug :accepts, ["json"]
end
scope "/", Cvapp do
pipe_through [:browser, :browser_auth] # Use the default browser stack
get "/", PageController, :index
resources "/users", UserController, only: [:index, :new, :show, :create]
resources "/sessions", SessionController, only: [:new, :create, :delete]
end
# Other scopes may use custom stacks.
# scope "/api", Cvapp do
# pipe_through :api
# end
end
defmodule Cvapp.SessionController do
use Cvapp.Web, :controller
def new(conn, _) do
render conn, "new.html"
end
def create(conn, %{"session" => %{"email" => user, "password" => pass}}) do
case Cvapp.Auth.login_by_email_and_pass(conn, user, pass, repo: Repo) do
{:ok, conn} ->
conn
|> put_flash(:info, "Innlogget")
|> redirect(to: page_path(conn, :index))
{:error, _reason, conn} ->
conn
|> put_flash(:error, "Feil brukernavn/passord")
|> render("new.html")
end
end
def delete(conn, _) do
conn
|> Guardian.Plug.sign_out
|> put_flash(:info, "Logget ut")
|> redirect(to: "/")
end
end
defmodule Cvapp.UserController do
use Cvapp.Web, :controller
alias Cvapp.User
def index(conn, _params) do
users = Repo.all(User)
render conn, "index.html", users: users
end
def new(conn, _params) do
changeset = User.changeset(%User{})
render conn, "new.html", changeset: changeset
end
def create(conn, %{"user" => user_params}) do
changeset = User.registration_changeset(%User{}, user_params)
case Repo.insert(changeset) do
{:ok, user} ->
conn
|> Cvapp.Auth.login(user)
|> put_flash(:info, "Kontoen ble opprettet")
|> redirect(to: user_path(conn, :index))
{:error, changeset} ->
conn
|> render("new.html", changeset: changeset)
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment