chore(auth): generate code for auth-authz
Signed-off-by: SphericalKat <amolele@gmail.com>
This commit is contained in:
parent
babcfd62a3
commit
721bb05cc1
@ -1,5 +1,8 @@
|
|||||||
use Mix.Config
|
use Mix.Config
|
||||||
|
|
||||||
|
# Only in tests, remove the complexity from the password hashing algorithm
|
||||||
|
config :bcrypt_elixir, :log_rounds, 1
|
||||||
|
|
||||||
# Configure your database
|
# Configure your database
|
||||||
#
|
#
|
||||||
# The MIX_TEST_PARTITION environment variable can be used
|
# The MIX_TEST_PARTITION environment variable can be used
|
||||||
|
349
lib/ketbin/accounts.ex
Normal file
349
lib/ketbin/accounts.ex
Normal file
@ -0,0 +1,349 @@
|
|||||||
|
defmodule Ketbin.Accounts do
|
||||||
|
@moduledoc """
|
||||||
|
The Accounts context.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import Ecto.Query, warn: false
|
||||||
|
alias Ketbin.Repo
|
||||||
|
alias Ketbin.Accounts.{User, UserToken, UserNotifier}
|
||||||
|
|
||||||
|
## Database getters
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets a user by email.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> get_user_by_email("foo@example.com")
|
||||||
|
%User{}
|
||||||
|
|
||||||
|
iex> get_user_by_email("unknown@example.com")
|
||||||
|
nil
|
||||||
|
|
||||||
|
"""
|
||||||
|
def get_user_by_email(email) when is_binary(email) do
|
||||||
|
Repo.get_by(User, email: email)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets a user by email and password.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> get_user_by_email_and_password("foo@example.com", "correct_password")
|
||||||
|
%User{}
|
||||||
|
|
||||||
|
iex> get_user_by_email_and_password("foo@example.com", "invalid_password")
|
||||||
|
nil
|
||||||
|
|
||||||
|
"""
|
||||||
|
def get_user_by_email_and_password(email, password)
|
||||||
|
when is_binary(email) and is_binary(password) do
|
||||||
|
user = Repo.get_by(User, email: email)
|
||||||
|
if User.valid_password?(user, password), do: user
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets a single user.
|
||||||
|
|
||||||
|
Raises `Ecto.NoResultsError` if the User does not exist.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> get_user!(123)
|
||||||
|
%User{}
|
||||||
|
|
||||||
|
iex> get_user!(456)
|
||||||
|
** (Ecto.NoResultsError)
|
||||||
|
|
||||||
|
"""
|
||||||
|
def get_user!(id), do: Repo.get!(User, id)
|
||||||
|
|
||||||
|
## User registration
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Registers a user.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> register_user(%{field: value})
|
||||||
|
{:ok, %User{}}
|
||||||
|
|
||||||
|
iex> register_user(%{field: bad_value})
|
||||||
|
{:error, %Ecto.Changeset{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def register_user(attrs) do
|
||||||
|
%User{}
|
||||||
|
|> User.registration_changeset(attrs)
|
||||||
|
|> Repo.insert()
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Returns an `%Ecto.Changeset{}` for tracking user changes.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> change_user_registration(user)
|
||||||
|
%Ecto.Changeset{data: %User{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def change_user_registration(%User{} = user, attrs \\ %{}) do
|
||||||
|
User.registration_changeset(user, attrs, hash_password: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
## Settings
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Returns an `%Ecto.Changeset{}` for changing the user email.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> change_user_email(user)
|
||||||
|
%Ecto.Changeset{data: %User{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def change_user_email(user, attrs \\ %{}) do
|
||||||
|
User.email_changeset(user, attrs)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Emulates that the email will change without actually changing
|
||||||
|
it in the database.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> apply_user_email(user, "valid password", %{email: ...})
|
||||||
|
{:ok, %User{}}
|
||||||
|
|
||||||
|
iex> apply_user_email(user, "invalid password", %{email: ...})
|
||||||
|
{:error, %Ecto.Changeset{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def apply_user_email(user, password, attrs) do
|
||||||
|
user
|
||||||
|
|> User.email_changeset(attrs)
|
||||||
|
|> User.validate_current_password(password)
|
||||||
|
|> Ecto.Changeset.apply_action(:update)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Updates the user email using the given token.
|
||||||
|
|
||||||
|
If the token matches, the user email is updated and the token is deleted.
|
||||||
|
The confirmed_at date is also updated to the current time.
|
||||||
|
"""
|
||||||
|
def update_user_email(user, token) do
|
||||||
|
context = "change:#{user.email}"
|
||||||
|
|
||||||
|
with {:ok, query} <- UserToken.verify_change_email_token_query(token, context),
|
||||||
|
%UserToken{sent_to: email} <- Repo.one(query),
|
||||||
|
{:ok, _} <- Repo.transaction(user_email_multi(user, email, context)) do
|
||||||
|
:ok
|
||||||
|
else
|
||||||
|
_ -> :error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp user_email_multi(user, email, context) do
|
||||||
|
changeset = user |> User.email_changeset(%{email: email}) |> User.confirm_changeset()
|
||||||
|
|
||||||
|
Ecto.Multi.new()
|
||||||
|
|> Ecto.Multi.update(:user, changeset)
|
||||||
|
|> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, [context]))
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Delivers the update email instructions to the given user.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> deliver_update_email_instructions(user, current_email, &Routes.user_update_email_url(conn, :edit, &1))
|
||||||
|
{:ok, %{to: ..., body: ...}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def deliver_update_email_instructions(%User{} = user, current_email, update_email_url_fun)
|
||||||
|
when is_function(update_email_url_fun, 1) do
|
||||||
|
{encoded_token, user_token} = UserToken.build_email_token(user, "change:#{current_email}")
|
||||||
|
|
||||||
|
Repo.insert!(user_token)
|
||||||
|
UserNotifier.deliver_update_email_instructions(user, update_email_url_fun.(encoded_token))
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Returns an `%Ecto.Changeset{}` for changing the user password.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> change_user_password(user)
|
||||||
|
%Ecto.Changeset{data: %User{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def change_user_password(user, attrs \\ %{}) do
|
||||||
|
User.password_changeset(user, attrs, hash_password: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Updates the user password.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> update_user_password(user, "valid password", %{password: ...})
|
||||||
|
{:ok, %User{}}
|
||||||
|
|
||||||
|
iex> update_user_password(user, "invalid password", %{password: ...})
|
||||||
|
{:error, %Ecto.Changeset{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def update_user_password(user, password, attrs) do
|
||||||
|
changeset =
|
||||||
|
user
|
||||||
|
|> User.password_changeset(attrs)
|
||||||
|
|> User.validate_current_password(password)
|
||||||
|
|
||||||
|
Ecto.Multi.new()
|
||||||
|
|> Ecto.Multi.update(:user, changeset)
|
||||||
|
|> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, :all))
|
||||||
|
|> Repo.transaction()
|
||||||
|
|> case do
|
||||||
|
{:ok, %{user: user}} -> {:ok, user}
|
||||||
|
{:error, :user, changeset, _} -> {:error, changeset}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
## Session
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Generates a session token.
|
||||||
|
"""
|
||||||
|
def generate_user_session_token(user) do
|
||||||
|
{token, user_token} = UserToken.build_session_token(user)
|
||||||
|
Repo.insert!(user_token)
|
||||||
|
token
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets the user with the given signed token.
|
||||||
|
"""
|
||||||
|
def get_user_by_session_token(token) do
|
||||||
|
{:ok, query} = UserToken.verify_session_token_query(token)
|
||||||
|
Repo.one(query)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Deletes the signed token with the given context.
|
||||||
|
"""
|
||||||
|
def delete_session_token(token) do
|
||||||
|
Repo.delete_all(UserToken.token_and_context_query(token, "session"))
|
||||||
|
:ok
|
||||||
|
end
|
||||||
|
|
||||||
|
## Confirmation
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Delivers the confirmation email instructions to the given user.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> deliver_user_confirmation_instructions(user, &Routes.user_confirmation_url(conn, :confirm, &1))
|
||||||
|
{:ok, %{to: ..., body: ...}}
|
||||||
|
|
||||||
|
iex> deliver_user_confirmation_instructions(confirmed_user, &Routes.user_confirmation_url(conn, :confirm, &1))
|
||||||
|
{:error, :already_confirmed}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def deliver_user_confirmation_instructions(%User{} = user, confirmation_url_fun)
|
||||||
|
when is_function(confirmation_url_fun, 1) do
|
||||||
|
if user.confirmed_at do
|
||||||
|
{:error, :already_confirmed}
|
||||||
|
else
|
||||||
|
{encoded_token, user_token} = UserToken.build_email_token(user, "confirm")
|
||||||
|
Repo.insert!(user_token)
|
||||||
|
UserNotifier.deliver_confirmation_instructions(user, confirmation_url_fun.(encoded_token))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Confirms a user by the given token.
|
||||||
|
|
||||||
|
If the token matches, the user account is marked as confirmed
|
||||||
|
and the token is deleted.
|
||||||
|
"""
|
||||||
|
def confirm_user(token) do
|
||||||
|
with {:ok, query} <- UserToken.verify_email_token_query(token, "confirm"),
|
||||||
|
%User{} = user <- Repo.one(query),
|
||||||
|
{:ok, %{user: user}} <- Repo.transaction(confirm_user_multi(user)) do
|
||||||
|
{:ok, user}
|
||||||
|
else
|
||||||
|
_ -> :error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp confirm_user_multi(user) do
|
||||||
|
Ecto.Multi.new()
|
||||||
|
|> Ecto.Multi.update(:user, User.confirm_changeset(user))
|
||||||
|
|> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, ["confirm"]))
|
||||||
|
end
|
||||||
|
|
||||||
|
## Reset password
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Delivers the reset password email to the given user.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> deliver_user_reset_password_instructions(user, &Routes.user_reset_password_url(conn, :edit, &1))
|
||||||
|
{:ok, %{to: ..., body: ...}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def deliver_user_reset_password_instructions(%User{} = user, reset_password_url_fun)
|
||||||
|
when is_function(reset_password_url_fun, 1) do
|
||||||
|
{encoded_token, user_token} = UserToken.build_email_token(user, "reset_password")
|
||||||
|
Repo.insert!(user_token)
|
||||||
|
UserNotifier.deliver_reset_password_instructions(user, reset_password_url_fun.(encoded_token))
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets the user by reset password token.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> get_user_by_reset_password_token("validtoken")
|
||||||
|
%User{}
|
||||||
|
|
||||||
|
iex> get_user_by_reset_password_token("invalidtoken")
|
||||||
|
nil
|
||||||
|
|
||||||
|
"""
|
||||||
|
def get_user_by_reset_password_token(token) do
|
||||||
|
with {:ok, query} <- UserToken.verify_email_token_query(token, "reset_password"),
|
||||||
|
%User{} = user <- Repo.one(query) do
|
||||||
|
user
|
||||||
|
else
|
||||||
|
_ -> nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Resets the user password.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
iex> reset_user_password(user, %{password: "new long password", password_confirmation: "new long password"})
|
||||||
|
{:ok, %User{}}
|
||||||
|
|
||||||
|
iex> reset_user_password(user, %{password: "valid", password_confirmation: "not the same"})
|
||||||
|
{:error, %Ecto.Changeset{}}
|
||||||
|
|
||||||
|
"""
|
||||||
|
def reset_user_password(user, attrs) do
|
||||||
|
Ecto.Multi.new()
|
||||||
|
|> Ecto.Multi.update(:user, User.password_changeset(user, attrs))
|
||||||
|
|> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, :all))
|
||||||
|
|> Repo.transaction()
|
||||||
|
|> case do
|
||||||
|
{:ok, %{user: user}} -> {:ok, user}
|
||||||
|
{:error, :user, changeset, _} -> {:error, changeset}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
139
lib/ketbin/accounts/user.ex
Normal file
139
lib/ketbin/accounts/user.ex
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
defmodule Ketbin.Accounts.User do
|
||||||
|
use Ecto.Schema
|
||||||
|
import Ecto.Changeset
|
||||||
|
|
||||||
|
@derive {Inspect, except: [:password]}
|
||||||
|
schema "users" do
|
||||||
|
field :email, :string
|
||||||
|
field :password, :string, virtual: true
|
||||||
|
field :hashed_password, :string
|
||||||
|
field :confirmed_at, :naive_datetime
|
||||||
|
|
||||||
|
timestamps()
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
A user changeset for registration.
|
||||||
|
|
||||||
|
It is important to validate the length of both email and password.
|
||||||
|
Otherwise databases may truncate the email without warnings, which
|
||||||
|
could lead to unpredictable or insecure behaviour. Long passwords may
|
||||||
|
also be very expensive to hash for certain algorithms.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
* `:hash_password` - Hashes the password so it can be stored securely
|
||||||
|
in the database and ensures the password field is cleared to prevent
|
||||||
|
leaks in the logs. If password hashing is not needed and clearing the
|
||||||
|
password field is not desired (like when using this changeset for
|
||||||
|
validations on a LiveView form), this option can be set to `false`.
|
||||||
|
Defaults to `true`.
|
||||||
|
"""
|
||||||
|
def registration_changeset(user, attrs, opts \\ []) do
|
||||||
|
user
|
||||||
|
|> cast(attrs, [:email, :password])
|
||||||
|
|> validate_email()
|
||||||
|
|> validate_password(opts)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp validate_email(changeset) do
|
||||||
|
changeset
|
||||||
|
|> validate_required([:email])
|
||||||
|
|> validate_format(:email, ~r/^[^\s]+@[^\s]+$/, message: "must have the @ sign and no spaces")
|
||||||
|
|> validate_length(:email, max: 160)
|
||||||
|
|> unsafe_validate_unique(:email, Ketbin.Repo)
|
||||||
|
|> unique_constraint(:email)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp validate_password(changeset, opts) do
|
||||||
|
changeset
|
||||||
|
|> validate_required([:password])
|
||||||
|
|> validate_length(:password, min: 12, max: 80)
|
||||||
|
# |> validate_format(:password, ~r/[a-z]/, message: "at least one lower case character")
|
||||||
|
# |> validate_format(:password, ~r/[A-Z]/, message: "at least one upper case character")
|
||||||
|
# |> validate_format(:password, ~r/[!?@#$%^&*_0-9]/, message: "at least one digit or punctuation character")
|
||||||
|
|> maybe_hash_password(opts)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_hash_password(changeset, opts) do
|
||||||
|
hash_password? = Keyword.get(opts, :hash_password, true)
|
||||||
|
password = get_change(changeset, :password)
|
||||||
|
|
||||||
|
if hash_password? && password && changeset.valid? do
|
||||||
|
changeset
|
||||||
|
|> put_change(:hashed_password, Bcrypt.hash_pwd_salt(password))
|
||||||
|
|> delete_change(:password)
|
||||||
|
else
|
||||||
|
changeset
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
A user changeset for changing the email.
|
||||||
|
|
||||||
|
It requires the email to change otherwise an error is added.
|
||||||
|
"""
|
||||||
|
def email_changeset(user, attrs) do
|
||||||
|
user
|
||||||
|
|> cast(attrs, [:email])
|
||||||
|
|> validate_email()
|
||||||
|
|> case do
|
||||||
|
%{changes: %{email: _}} = changeset -> changeset
|
||||||
|
%{} = changeset -> add_error(changeset, :email, "did not change")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
A user changeset for changing the password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
* `:hash_password` - Hashes the password so it can be stored securely
|
||||||
|
in the database and ensures the password field is cleared to prevent
|
||||||
|
leaks in the logs. If password hashing is not needed and clearing the
|
||||||
|
password field is not desired (like when using this changeset for
|
||||||
|
validations on a LiveView form), this option can be set to `false`.
|
||||||
|
Defaults to `true`.
|
||||||
|
"""
|
||||||
|
def password_changeset(user, attrs, opts \\ []) do
|
||||||
|
user
|
||||||
|
|> cast(attrs, [:password])
|
||||||
|
|> validate_confirmation(:password, message: "does not match password")
|
||||||
|
|> validate_password(opts)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Confirms the account by setting `confirmed_at`.
|
||||||
|
"""
|
||||||
|
def confirm_changeset(user) do
|
||||||
|
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
|
||||||
|
change(user, confirmed_at: now)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Verifies the password.
|
||||||
|
|
||||||
|
If there is no user or the user doesn't have a password, we call
|
||||||
|
`Bcrypt.no_user_verify/0` to avoid timing attacks.
|
||||||
|
"""
|
||||||
|
def valid_password?(%Ketbin.Accounts.User{hashed_password: hashed_password}, password)
|
||||||
|
when is_binary(hashed_password) and byte_size(password) > 0 do
|
||||||
|
Bcrypt.verify_pass(password, hashed_password)
|
||||||
|
end
|
||||||
|
|
||||||
|
def valid_password?(_, _) do
|
||||||
|
Bcrypt.no_user_verify()
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Validates the current password otherwise adds an error to the changeset.
|
||||||
|
"""
|
||||||
|
def validate_current_password(changeset, password) do
|
||||||
|
if valid_password?(changeset.data, password) do
|
||||||
|
changeset
|
||||||
|
else
|
||||||
|
add_error(changeset, :current_password, "is not valid")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
73
lib/ketbin/accounts/user_notifier.ex
Normal file
73
lib/ketbin/accounts/user_notifier.ex
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
defmodule Ketbin.Accounts.UserNotifier do
|
||||||
|
# For simplicity, this module simply logs messages to the terminal.
|
||||||
|
# You should replace it by a proper email or notification tool, such as:
|
||||||
|
#
|
||||||
|
# * Swoosh - https://hexdocs.pm/swoosh
|
||||||
|
# * Bamboo - https://hexdocs.pm/bamboo
|
||||||
|
#
|
||||||
|
defp deliver(to, body) do
|
||||||
|
require Logger
|
||||||
|
Logger.debug(body)
|
||||||
|
{:ok, %{to: to, body: body}}
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Deliver instructions to confirm account.
|
||||||
|
"""
|
||||||
|
def deliver_confirmation_instructions(user, url) do
|
||||||
|
deliver(user.email, """
|
||||||
|
|
||||||
|
==============================
|
||||||
|
|
||||||
|
Hi #{user.email},
|
||||||
|
|
||||||
|
You can confirm your account by visiting the URL below:
|
||||||
|
|
||||||
|
#{url}
|
||||||
|
|
||||||
|
If you didn't create an account with us, please ignore this.
|
||||||
|
|
||||||
|
==============================
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Deliver instructions to reset a user password.
|
||||||
|
"""
|
||||||
|
def deliver_reset_password_instructions(user, url) do
|
||||||
|
deliver(user.email, """
|
||||||
|
|
||||||
|
==============================
|
||||||
|
|
||||||
|
Hi #{user.email},
|
||||||
|
|
||||||
|
You can reset your password by visiting the URL below:
|
||||||
|
|
||||||
|
#{url}
|
||||||
|
|
||||||
|
If you didn't request this change, please ignore this.
|
||||||
|
|
||||||
|
==============================
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Deliver instructions to update a user email.
|
||||||
|
"""
|
||||||
|
def deliver_update_email_instructions(user, url) do
|
||||||
|
deliver(user.email, """
|
||||||
|
|
||||||
|
==============================
|
||||||
|
|
||||||
|
Hi #{user.email},
|
||||||
|
|
||||||
|
You can change your email by visiting the URL below:
|
||||||
|
|
||||||
|
#{url}
|
||||||
|
|
||||||
|
If you didn't request this change, please ignore this.
|
||||||
|
|
||||||
|
==============================
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
end
|
139
lib/ketbin/accounts/user_token.ex
Normal file
139
lib/ketbin/accounts/user_token.ex
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
defmodule Ketbin.Accounts.UserToken do
|
||||||
|
use Ecto.Schema
|
||||||
|
import Ecto.Query
|
||||||
|
|
||||||
|
@hash_algorithm :sha256
|
||||||
|
@rand_size 32
|
||||||
|
|
||||||
|
# It is very important to keep the reset password token expiry short,
|
||||||
|
# since someone with access to the email may take over the account.
|
||||||
|
@reset_password_validity_in_days 1
|
||||||
|
@confirm_validity_in_days 7
|
||||||
|
@change_email_validity_in_days 7
|
||||||
|
@session_validity_in_days 60
|
||||||
|
|
||||||
|
schema "users_tokens" do
|
||||||
|
field :token, :binary
|
||||||
|
field :context, :string
|
||||||
|
field :sent_to, :string
|
||||||
|
belongs_to :user, Ketbin.Accounts.User
|
||||||
|
|
||||||
|
timestamps(updated_at: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Generates a token that will be stored in a signed place,
|
||||||
|
such as session or cookie. As they are signed, those
|
||||||
|
tokens do not need to be hashed.
|
||||||
|
"""
|
||||||
|
def build_session_token(user) do
|
||||||
|
token = :crypto.strong_rand_bytes(@rand_size)
|
||||||
|
{token, %Ketbin.Accounts.UserToken{token: token, context: "session", user_id: user.id}}
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Checks if the token is valid and returns its underlying lookup query.
|
||||||
|
|
||||||
|
The query returns the user found by the token.
|
||||||
|
"""
|
||||||
|
def verify_session_token_query(token) do
|
||||||
|
query =
|
||||||
|
from token in token_and_context_query(token, "session"),
|
||||||
|
join: user in assoc(token, :user),
|
||||||
|
where: token.inserted_at > ago(@session_validity_in_days, "day"),
|
||||||
|
select: user
|
||||||
|
|
||||||
|
{:ok, query}
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Builds a token with a hashed counter part.
|
||||||
|
|
||||||
|
The non-hashed token is sent to the user email while the
|
||||||
|
hashed part is stored in the database, to avoid reconstruction.
|
||||||
|
The token is valid for a week as long as users don't change
|
||||||
|
their email.
|
||||||
|
"""
|
||||||
|
def build_email_token(user, context) do
|
||||||
|
build_hashed_token(user, context, user.email)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp build_hashed_token(user, context, sent_to) do
|
||||||
|
token = :crypto.strong_rand_bytes(@rand_size)
|
||||||
|
hashed_token = :crypto.hash(@hash_algorithm, token)
|
||||||
|
|
||||||
|
{Base.url_encode64(token, padding: false),
|
||||||
|
%Ketbin.Accounts.UserToken{
|
||||||
|
token: hashed_token,
|
||||||
|
context: context,
|
||||||
|
sent_to: sent_to,
|
||||||
|
user_id: user.id
|
||||||
|
}}
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Checks if the token is valid and returns its underlying lookup query.
|
||||||
|
|
||||||
|
The query returns the user found by the token.
|
||||||
|
"""
|
||||||
|
def verify_email_token_query(token, context) do
|
||||||
|
case Base.url_decode64(token, padding: false) do
|
||||||
|
{:ok, decoded_token} ->
|
||||||
|
hashed_token = :crypto.hash(@hash_algorithm, decoded_token)
|
||||||
|
days = days_for_context(context)
|
||||||
|
|
||||||
|
query =
|
||||||
|
from token in token_and_context_query(hashed_token, context),
|
||||||
|
join: user in assoc(token, :user),
|
||||||
|
where: token.inserted_at > ago(^days, "day") and token.sent_to == user.email,
|
||||||
|
select: user
|
||||||
|
|
||||||
|
{:ok, query}
|
||||||
|
|
||||||
|
:error ->
|
||||||
|
:error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp days_for_context("confirm"), do: @confirm_validity_in_days
|
||||||
|
defp days_for_context("reset_password"), do: @reset_password_validity_in_days
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Checks if the token is valid and returns its underlying lookup query.
|
||||||
|
|
||||||
|
The query returns the user token record.
|
||||||
|
"""
|
||||||
|
def verify_change_email_token_query(token, context) do
|
||||||
|
case Base.url_decode64(token, padding: false) do
|
||||||
|
{:ok, decoded_token} ->
|
||||||
|
hashed_token = :crypto.hash(@hash_algorithm, decoded_token)
|
||||||
|
|
||||||
|
query =
|
||||||
|
from token in token_and_context_query(hashed_token, context),
|
||||||
|
where: token.inserted_at > ago(@change_email_validity_in_days, "day")
|
||||||
|
|
||||||
|
{:ok, query}
|
||||||
|
|
||||||
|
:error ->
|
||||||
|
:error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Returns the given token with the given context.
|
||||||
|
"""
|
||||||
|
def token_and_context_query(token, context) do
|
||||||
|
from Ketbin.Accounts.UserToken, where: [token: ^token, context: ^context]
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Gets all tokens for the given user for the given contexts.
|
||||||
|
"""
|
||||||
|
def user_and_contexts_query(user, :all) do
|
||||||
|
from t in Ketbin.Accounts.UserToken, where: t.user_id == ^user.id
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_and_contexts_query(user, [_ | _] = contexts) do
|
||||||
|
from t in Ketbin.Accounts.UserToken, where: t.user_id == ^user.id and t.context in ^contexts
|
||||||
|
end
|
||||||
|
end
|
149
lib/ketbin_web/controllers/user_auth.ex
Normal file
149
lib/ketbin_web/controllers/user_auth.ex
Normal file
@ -0,0 +1,149 @@
|
|||||||
|
defmodule KetbinWeb.UserAuth do
|
||||||
|
import Plug.Conn
|
||||||
|
import Phoenix.Controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias KetbinWeb.Router.Helpers, as: Routes
|
||||||
|
|
||||||
|
# Make the remember me cookie valid for 60 days.
|
||||||
|
# If you want bump or reduce this value, also change
|
||||||
|
# the token expiry itself in UserToken.
|
||||||
|
@max_age 60 * 60 * 24 * 60
|
||||||
|
@remember_me_cookie "_ketbin_web_user_remember_me"
|
||||||
|
@remember_me_options [sign: true, max_age: @max_age, same_site: "Lax"]
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Logs the user in.
|
||||||
|
|
||||||
|
It renews the session ID and clears the whole session
|
||||||
|
to avoid fixation attacks. See the renew_session
|
||||||
|
function to customize this behaviour.
|
||||||
|
|
||||||
|
It also sets a `:live_socket_id` key in the session,
|
||||||
|
so LiveView sessions are identified and automatically
|
||||||
|
disconnected on log out. The line can be safely removed
|
||||||
|
if you are not using LiveView.
|
||||||
|
"""
|
||||||
|
def log_in_user(conn, user, params \\ %{}) do
|
||||||
|
token = Accounts.generate_user_session_token(user)
|
||||||
|
user_return_to = get_session(conn, :user_return_to)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> renew_session()
|
||||||
|
|> put_session(:user_token, token)
|
||||||
|
|> put_session(:live_socket_id, "users_sessions:#{Base.url_encode64(token)}")
|
||||||
|
|> maybe_write_remember_me_cookie(token, params)
|
||||||
|
|> redirect(to: user_return_to || signed_in_path(conn))
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_write_remember_me_cookie(conn, token, %{"remember_me" => "true"}) do
|
||||||
|
put_resp_cookie(conn, @remember_me_cookie, token, @remember_me_options)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_write_remember_me_cookie(conn, _token, _params) do
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
|
||||||
|
# This function renews the session ID and erases the whole
|
||||||
|
# session to avoid fixation attacks. If there is any data
|
||||||
|
# in the session you may want to preserve after log in/log out,
|
||||||
|
# you must explicitly fetch the session data before clearing
|
||||||
|
# and then immediately set it after clearing, for example:
|
||||||
|
#
|
||||||
|
# defp renew_session(conn) do
|
||||||
|
# preferred_locale = get_session(conn, :preferred_locale)
|
||||||
|
#
|
||||||
|
# conn
|
||||||
|
# |> configure_session(renew: true)
|
||||||
|
# |> clear_session()
|
||||||
|
# |> put_session(:preferred_locale, preferred_locale)
|
||||||
|
# end
|
||||||
|
#
|
||||||
|
defp renew_session(conn) do
|
||||||
|
conn
|
||||||
|
|> configure_session(renew: true)
|
||||||
|
|> clear_session()
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Logs the user out.
|
||||||
|
|
||||||
|
It clears all session data for safety. See renew_session.
|
||||||
|
"""
|
||||||
|
def log_out_user(conn) do
|
||||||
|
user_token = get_session(conn, :user_token)
|
||||||
|
user_token && Accounts.delete_session_token(user_token)
|
||||||
|
|
||||||
|
if live_socket_id = get_session(conn, :live_socket_id) do
|
||||||
|
KetbinWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
|
||||||
|
end
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> renew_session()
|
||||||
|
|> delete_resp_cookie(@remember_me_cookie)
|
||||||
|
|> redirect(to: "/")
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Authenticates the user by looking into the session
|
||||||
|
and remember me token.
|
||||||
|
"""
|
||||||
|
def fetch_current_user(conn, _opts) do
|
||||||
|
{user_token, conn} = ensure_user_token(conn)
|
||||||
|
user = user_token && Accounts.get_user_by_session_token(user_token)
|
||||||
|
assign(conn, :current_user, user)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp ensure_user_token(conn) do
|
||||||
|
if user_token = get_session(conn, :user_token) do
|
||||||
|
{user_token, conn}
|
||||||
|
else
|
||||||
|
conn = fetch_cookies(conn, signed: [@remember_me_cookie])
|
||||||
|
|
||||||
|
if user_token = conn.cookies[@remember_me_cookie] do
|
||||||
|
{user_token, put_session(conn, :user_token, user_token)}
|
||||||
|
else
|
||||||
|
{nil, conn}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Used for routes that require the user to not be authenticated.
|
||||||
|
"""
|
||||||
|
def redirect_if_user_is_authenticated(conn, _opts) do
|
||||||
|
if conn.assigns[:current_user] do
|
||||||
|
conn
|
||||||
|
|> redirect(to: signed_in_path(conn))
|
||||||
|
|> halt()
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Used for routes that require the user to be authenticated.
|
||||||
|
|
||||||
|
If you want to enforce the user email is confirmed before
|
||||||
|
they use the application at all, here would be a good place.
|
||||||
|
"""
|
||||||
|
def require_authenticated_user(conn, _opts) do
|
||||||
|
if conn.assigns[:current_user] do
|
||||||
|
conn
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, "You must log in to access this page.")
|
||||||
|
|> maybe_store_return_to()
|
||||||
|
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_store_return_to(%{method: "GET"} = conn) do
|
||||||
|
put_session(conn, :user_return_to, current_path(conn))
|
||||||
|
end
|
||||||
|
|
||||||
|
defp maybe_store_return_to(conn), do: conn
|
||||||
|
|
||||||
|
defp signed_in_path(_conn), do: "/"
|
||||||
|
end
|
53
lib/ketbin_web/controllers/user_confirmation_controller.ex
Normal file
53
lib/ketbin_web/controllers/user_confirmation_controller.ex
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
defmodule KetbinWeb.UserConfirmationController do
|
||||||
|
use KetbinWeb, :controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
|
||||||
|
def new(conn, _params) do
|
||||||
|
render(conn, "new.html")
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(conn, %{"user" => %{"email" => email}}) do
|
||||||
|
if user = Accounts.get_user_by_email(email) do
|
||||||
|
Accounts.deliver_user_confirmation_instructions(
|
||||||
|
user,
|
||||||
|
&Routes.user_confirmation_url(conn, :confirm, &1)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Regardless of the outcome, show an impartial success/error message.
|
||||||
|
conn
|
||||||
|
|> put_flash(
|
||||||
|
:info,
|
||||||
|
"If your email is in our system and it has not been confirmed yet, " <>
|
||||||
|
"you will receive an email with instructions shortly."
|
||||||
|
)
|
||||||
|
|> redirect(to: "/")
|
||||||
|
end
|
||||||
|
|
||||||
|
# Do not log in the user after confirmation to avoid a
|
||||||
|
# leaked token giving the user access to the account.
|
||||||
|
def confirm(conn, %{"token" => token}) do
|
||||||
|
case Accounts.confirm_user(token) do
|
||||||
|
{:ok, _} ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "User confirmed successfully.")
|
||||||
|
|> redirect(to: "/")
|
||||||
|
|
||||||
|
:error ->
|
||||||
|
# If there is a current user and the account was already confirmed,
|
||||||
|
# then odds are that the confirmation link was already visited, either
|
||||||
|
# by some automation or by the user themselves, so we redirect without
|
||||||
|
# a warning message.
|
||||||
|
case conn.assigns do
|
||||||
|
%{current_user: %{confirmed_at: confirmed_at}} when not is_nil(confirmed_at) ->
|
||||||
|
redirect(conn, to: "/")
|
||||||
|
|
||||||
|
%{} ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, "User confirmation link is invalid or it has expired.")
|
||||||
|
|> redirect(to: "/")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
30
lib/ketbin_web/controllers/user_registration_controller.ex
Normal file
30
lib/ketbin_web/controllers/user_registration_controller.ex
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
defmodule KetbinWeb.UserRegistrationController do
|
||||||
|
use KetbinWeb, :controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias Ketbin.Accounts.User
|
||||||
|
alias KetbinWeb.UserAuth
|
||||||
|
|
||||||
|
def new(conn, _params) do
|
||||||
|
changeset = Accounts.change_user_registration(%User{})
|
||||||
|
render(conn, "new.html", changeset: changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(conn, %{"user" => user_params}) do
|
||||||
|
case Accounts.register_user(user_params) do
|
||||||
|
{:ok, user} ->
|
||||||
|
{:ok, _} =
|
||||||
|
Accounts.deliver_user_confirmation_instructions(
|
||||||
|
user,
|
||||||
|
&Routes.user_confirmation_url(conn, :confirm, &1)
|
||||||
|
)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "User created successfully.")
|
||||||
|
|> UserAuth.log_in_user(user)
|
||||||
|
|
||||||
|
{:error, %Ecto.Changeset{} = changeset} ->
|
||||||
|
render(conn, "new.html", changeset: changeset)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
59
lib/ketbin_web/controllers/user_reset_password_controller.ex
Normal file
59
lib/ketbin_web/controllers/user_reset_password_controller.ex
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
defmodule KetbinWeb.UserResetPasswordController do
|
||||||
|
use KetbinWeb, :controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
|
||||||
|
plug :get_user_by_reset_password_token when action in [:edit, :update]
|
||||||
|
|
||||||
|
def new(conn, _params) do
|
||||||
|
render(conn, "new.html")
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(conn, %{"user" => %{"email" => email}}) do
|
||||||
|
if user = Accounts.get_user_by_email(email) do
|
||||||
|
Accounts.deliver_user_reset_password_instructions(
|
||||||
|
user,
|
||||||
|
&Routes.user_reset_password_url(conn, :edit, &1)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Regardless of the outcome, show an impartial success/error message.
|
||||||
|
conn
|
||||||
|
|> put_flash(
|
||||||
|
:info,
|
||||||
|
"If your email is in our system, you will receive instructions to reset your password shortly."
|
||||||
|
)
|
||||||
|
|> redirect(to: "/")
|
||||||
|
end
|
||||||
|
|
||||||
|
def edit(conn, _params) do
|
||||||
|
render(conn, "edit.html", changeset: Accounts.change_user_password(conn.assigns.user))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Do not log in the user after reset password to avoid a
|
||||||
|
# leaked token giving the user access to the account.
|
||||||
|
def update(conn, %{"user" => user_params}) do
|
||||||
|
case Accounts.reset_user_password(conn.assigns.user, user_params) do
|
||||||
|
{:ok, _} ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "Password reset successfully.")
|
||||||
|
|> redirect(to: Routes.user_session_path(conn, :new))
|
||||||
|
|
||||||
|
{:error, changeset} ->
|
||||||
|
render(conn, "edit.html", changeset: changeset)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp get_user_by_reset_password_token(conn, _opts) do
|
||||||
|
%{"token" => token} = conn.params
|
||||||
|
|
||||||
|
if user = Accounts.get_user_by_reset_password_token(token) do
|
||||||
|
conn |> assign(:user, user) |> assign(:token, token)
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, "Reset password link is invalid or it has expired.")
|
||||||
|
|> redirect(to: "/")
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
26
lib/ketbin_web/controllers/user_session_controller.ex
Normal file
26
lib/ketbin_web/controllers/user_session_controller.ex
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
defmodule KetbinWeb.UserSessionController do
|
||||||
|
use KetbinWeb, :controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias KetbinWeb.UserAuth
|
||||||
|
|
||||||
|
def new(conn, _params) do
|
||||||
|
render(conn, "new.html", error_message: nil)
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(conn, %{"user" => user_params}) do
|
||||||
|
%{"email" => email, "password" => password} = user_params
|
||||||
|
|
||||||
|
if user = Accounts.get_user_by_email_and_password(email, password) do
|
||||||
|
UserAuth.log_in_user(conn, user, user_params)
|
||||||
|
else
|
||||||
|
render(conn, "new.html", error_message: "Invalid email or password")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def delete(conn, _params) do
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "Logged out successfully.")
|
||||||
|
|> UserAuth.log_out_user()
|
||||||
|
end
|
||||||
|
end
|
74
lib/ketbin_web/controllers/user_settings_controller.ex
Normal file
74
lib/ketbin_web/controllers/user_settings_controller.ex
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
defmodule KetbinWeb.UserSettingsController do
|
||||||
|
use KetbinWeb, :controller
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias KetbinWeb.UserAuth
|
||||||
|
|
||||||
|
plug :assign_email_and_password_changesets
|
||||||
|
|
||||||
|
def edit(conn, _params) do
|
||||||
|
render(conn, "edit.html")
|
||||||
|
end
|
||||||
|
|
||||||
|
def update(conn, %{"action" => "update_email"} = params) do
|
||||||
|
%{"current_password" => password, "user" => user_params} = params
|
||||||
|
user = conn.assigns.current_user
|
||||||
|
|
||||||
|
case Accounts.apply_user_email(user, password, user_params) do
|
||||||
|
{:ok, applied_user} ->
|
||||||
|
Accounts.deliver_update_email_instructions(
|
||||||
|
applied_user,
|
||||||
|
user.email,
|
||||||
|
&Routes.user_settings_url(conn, :confirm_email, &1)
|
||||||
|
)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_flash(
|
||||||
|
:info,
|
||||||
|
"A link to confirm your email change has been sent to the new address."
|
||||||
|
)
|
||||||
|
|> redirect(to: Routes.user_settings_path(conn, :edit))
|
||||||
|
|
||||||
|
{:error, changeset} ->
|
||||||
|
render(conn, "edit.html", email_changeset: changeset)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def update(conn, %{"action" => "update_password"} = params) do
|
||||||
|
%{"current_password" => password, "user" => user_params} = params
|
||||||
|
user = conn.assigns.current_user
|
||||||
|
|
||||||
|
case Accounts.update_user_password(user, password, user_params) do
|
||||||
|
{:ok, user} ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "Password updated successfully.")
|
||||||
|
|> put_session(:user_return_to, Routes.user_settings_path(conn, :edit))
|
||||||
|
|> UserAuth.log_in_user(user)
|
||||||
|
|
||||||
|
{:error, changeset} ->
|
||||||
|
render(conn, "edit.html", password_changeset: changeset)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def confirm_email(conn, %{"token" => token}) do
|
||||||
|
case Accounts.update_user_email(conn.assigns.current_user, token) do
|
||||||
|
:ok ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:info, "Email changed successfully.")
|
||||||
|
|> redirect(to: Routes.user_settings_path(conn, :edit))
|
||||||
|
|
||||||
|
:error ->
|
||||||
|
conn
|
||||||
|
|> put_flash(:error, "Email change link is invalid or it has expired.")
|
||||||
|
|> redirect(to: Routes.user_settings_path(conn, :edit))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp assign_email_and_password_changesets(conn, _opts) do
|
||||||
|
user = conn.assigns.current_user
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> assign(:email_changeset, Accounts.change_user_email(user))
|
||||||
|
|> assign(:password_changeset, Accounts.change_user_password(user))
|
||||||
|
end
|
||||||
|
end
|
@ -1,12 +1,15 @@
|
|||||||
defmodule KetbinWeb.Router do
|
defmodule KetbinWeb.Router do
|
||||||
use KetbinWeb, :router
|
use KetbinWeb, :router
|
||||||
|
|
||||||
|
import KetbinWeb.UserAuth
|
||||||
|
|
||||||
pipeline :browser do
|
pipeline :browser do
|
||||||
plug :accepts, ["html"]
|
plug :accepts, ["html"]
|
||||||
plug :fetch_session
|
plug :fetch_session
|
||||||
plug :fetch_flash
|
plug :fetch_flash
|
||||||
plug :protect_from_forgery
|
plug :protect_from_forgery
|
||||||
plug :put_secure_browser_headers
|
plug :put_secure_browser_headers
|
||||||
|
plug :fetch_current_user
|
||||||
end
|
end
|
||||||
|
|
||||||
pipeline :api do
|
pipeline :api do
|
||||||
@ -39,4 +42,36 @@ defmodule KetbinWeb.Router do
|
|||||||
live_dashboard "/dashboard", metrics: KetbinWeb.Telemetry
|
live_dashboard "/dashboard", metrics: KetbinWeb.Telemetry
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
## Authentication routes
|
||||||
|
|
||||||
|
scope "/", KetbinWeb do
|
||||||
|
pipe_through [:browser, :redirect_if_user_is_authenticated]
|
||||||
|
|
||||||
|
get "/users/register", UserRegistrationController, :new
|
||||||
|
post "/users/register", UserRegistrationController, :create
|
||||||
|
get "/users/log_in", UserSessionController, :new
|
||||||
|
post "/users/log_in", UserSessionController, :create
|
||||||
|
get "/users/reset_password", UserResetPasswordController, :new
|
||||||
|
post "/users/reset_password", UserResetPasswordController, :create
|
||||||
|
get "/users/reset_password/:token", UserResetPasswordController, :edit
|
||||||
|
put "/users/reset_password/:token", UserResetPasswordController, :update
|
||||||
|
end
|
||||||
|
|
||||||
|
scope "/", KetbinWeb do
|
||||||
|
pipe_through [:browser, :require_authenticated_user]
|
||||||
|
|
||||||
|
get "/users/settings", UserSettingsController, :edit
|
||||||
|
put "/users/settings", UserSettingsController, :update
|
||||||
|
get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email
|
||||||
|
end
|
||||||
|
|
||||||
|
scope "/", KetbinWeb do
|
||||||
|
pipe_through [:browser]
|
||||||
|
|
||||||
|
delete "/users/log_out", UserSessionController, :delete
|
||||||
|
get "/users/confirm", UserConfirmationController, :new
|
||||||
|
post "/users/confirm", UserConfirmationController, :create
|
||||||
|
get "/users/confirm/:token", UserConfirmationController, :confirm
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
10
lib/ketbin_web/templates/layout/_user_menu.html.eex
Normal file
10
lib/ketbin_web/templates/layout/_user_menu.html.eex
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
<ul>
|
||||||
|
<%= if @current_user do %>
|
||||||
|
<li><%= @current_user.email %></li>
|
||||||
|
<li><%= link "Settings", to: Routes.user_settings_path(@conn, :edit) %></li>
|
||||||
|
<li><%= link "Log out", to: Routes.user_session_path(@conn, :delete), method: :delete %></li>
|
||||||
|
<% else %>
|
||||||
|
<li><%= link "Register", to: Routes.user_registration_path(@conn, :new) %></li>
|
||||||
|
<li><%= link "Log in", to: Routes.user_session_path(@conn, :new) %></li>
|
||||||
|
<% end %>
|
||||||
|
</ul>
|
@ -18,6 +18,7 @@
|
|||||||
<li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
|
<li><%= link "LiveDashboard", to: Routes.live_dashboard_path(@conn, :home) %></li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</ul>
|
</ul>
|
||||||
|
<%= render "_user_menu.html", assigns %>
|
||||||
</nav>
|
</nav>
|
||||||
<a href="https://phoenixframework.org/" class="phx-logo">
|
<a href="https://phoenixframework.org/" class="phx-logo">
|
||||||
<img src="<%= Routes.static_path(@conn, "/images/phoenix.png") %>" alt="Phoenix Framework Logo"/>
|
<img src="<%= Routes.static_path(@conn, "/images/phoenix.png") %>" alt="Phoenix Framework Logo"/>
|
||||||
|
15
lib/ketbin_web/templates/user_confirmation/new.html.eex
Normal file
15
lib/ketbin_web/templates/user_confirmation/new.html.eex
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
<h1>Resend confirmation instructions</h1>
|
||||||
|
|
||||||
|
<%= form_for :user, Routes.user_confirmation_path(@conn, :create), fn f -> %>
|
||||||
|
<%= label f, :email %>
|
||||||
|
<%= email_input f, :email, required: true %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Resend confirmation instructions" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
|
||||||
|
<%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
|
||||||
|
</p>
|
26
lib/ketbin_web/templates/user_registration/new.html.eex
Normal file
26
lib/ketbin_web/templates/user_registration/new.html.eex
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<h1>Register</h1>
|
||||||
|
|
||||||
|
<%= form_for @changeset, Routes.user_registration_path(@conn, :create), fn f -> %>
|
||||||
|
<%= if @changeset.action do %>
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
<p>Oops, something went wrong! Please check the errors below.</p>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= label f, :email %>
|
||||||
|
<%= email_input f, :email, required: true %>
|
||||||
|
<%= error_tag f, :email %>
|
||||||
|
|
||||||
|
<%= label f, :password %>
|
||||||
|
<%= password_input f, :password, required: true %>
|
||||||
|
<%= error_tag f, :password %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Register" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<%= link "Log in", to: Routes.user_session_path(@conn, :new) %> |
|
||||||
|
<%= link "Forgot your password?", to: Routes.user_reset_password_path(@conn, :new) %>
|
||||||
|
</p>
|
26
lib/ketbin_web/templates/user_reset_password/edit.html.eex
Normal file
26
lib/ketbin_web/templates/user_reset_password/edit.html.eex
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<h1>Reset password</h1>
|
||||||
|
|
||||||
|
<%= form_for @changeset, Routes.user_reset_password_path(@conn, :update, @token), fn f -> %>
|
||||||
|
<%= if @changeset.action do %>
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
<p>Oops, something went wrong! Please check the errors below.</p>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= label f, :password, "New password" %>
|
||||||
|
<%= password_input f, :password, required: true %>
|
||||||
|
<%= error_tag f, :password %>
|
||||||
|
|
||||||
|
<%= label f, :password_confirmation, "Confirm new password" %>
|
||||||
|
<%= password_input f, :password_confirmation, required: true %>
|
||||||
|
<%= error_tag f, :password_confirmation %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Reset password" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
|
||||||
|
<%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
|
||||||
|
</p>
|
15
lib/ketbin_web/templates/user_reset_password/new.html.eex
Normal file
15
lib/ketbin_web/templates/user_reset_password/new.html.eex
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
<h1>Forgot your password?</h1>
|
||||||
|
|
||||||
|
<%= form_for :user, Routes.user_reset_password_path(@conn, :create), fn f -> %>
|
||||||
|
<%= label f, :email %>
|
||||||
|
<%= email_input f, :email, required: true %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Send instructions to reset password" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
|
||||||
|
<%= link "Log in", to: Routes.user_session_path(@conn, :new) %>
|
||||||
|
</p>
|
27
lib/ketbin_web/templates/user_session/new.html.eex
Normal file
27
lib/ketbin_web/templates/user_session/new.html.eex
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
<h1>Log in</h1>
|
||||||
|
|
||||||
|
<%= form_for @conn, Routes.user_session_path(@conn, :create), [as: :user], fn f -> %>
|
||||||
|
<%= if @error_message do %>
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
<p><%= @error_message %></p>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= label f, :email %>
|
||||||
|
<%= email_input f, :email, required: true %>
|
||||||
|
|
||||||
|
<%= label f, :password %>
|
||||||
|
<%= password_input f, :password, required: true %>
|
||||||
|
|
||||||
|
<%= label f, :remember_me, "Keep me logged in for 60 days" %>
|
||||||
|
<%= checkbox f, :remember_me %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Log in" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<%= link "Register", to: Routes.user_registration_path(@conn, :new) %> |
|
||||||
|
<%= link "Forgot your password?", to: Routes.user_reset_password_path(@conn, :new) %>
|
||||||
|
</p>
|
53
lib/ketbin_web/templates/user_settings/edit.html.eex
Normal file
53
lib/ketbin_web/templates/user_settings/edit.html.eex
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
<h1>Settings</h1>
|
||||||
|
|
||||||
|
<h3>Change email</h3>
|
||||||
|
|
||||||
|
<%= form_for @email_changeset, Routes.user_settings_path(@conn, :update), fn f -> %>
|
||||||
|
<%= if @email_changeset.action do %>
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
<p>Oops, something went wrong! Please check the errors below.</p>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= hidden_input f, :action, name: "action", value: "update_email" %>
|
||||||
|
|
||||||
|
<%= label f, :email %>
|
||||||
|
<%= email_input f, :email, required: true %>
|
||||||
|
<%= error_tag f, :email %>
|
||||||
|
|
||||||
|
<%= label f, :current_password, for: "current_password_for_email" %>
|
||||||
|
<%= password_input f, :current_password, required: true, name: "current_password", id: "current_password_for_email" %>
|
||||||
|
<%= error_tag f, :current_password %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Change email" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<h3>Change password</h3>
|
||||||
|
|
||||||
|
<%= form_for @password_changeset, Routes.user_settings_path(@conn, :update), fn f -> %>
|
||||||
|
<%= if @password_changeset.action do %>
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
<p>Oops, something went wrong! Please check the errors below.</p>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<%= hidden_input f, :action, name: "action", value: "update_password" %>
|
||||||
|
|
||||||
|
<%= label f, :password, "New password" %>
|
||||||
|
<%= password_input f, :password, required: true %>
|
||||||
|
<%= error_tag f, :password %>
|
||||||
|
|
||||||
|
<%= label f, :password_confirmation, "Confirm new password" %>
|
||||||
|
<%= password_input f, :password_confirmation, required: true %>
|
||||||
|
<%= error_tag f, :password_confirmation %>
|
||||||
|
|
||||||
|
<%= label f, :current_password, for: "current_password_for_password" %>
|
||||||
|
<%= password_input f, :current_password, required: true, name: "current_password", id: "current_password_for_password" %>
|
||||||
|
<%= error_tag f, :current_password %>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<%= submit "Change password" %>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
3
lib/ketbin_web/views/user_confirmation_view.ex
Normal file
3
lib/ketbin_web/views/user_confirmation_view.ex
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defmodule KetbinWeb.UserConfirmationView do
|
||||||
|
use KetbinWeb, :view
|
||||||
|
end
|
3
lib/ketbin_web/views/user_registration_view.ex
Normal file
3
lib/ketbin_web/views/user_registration_view.ex
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defmodule KetbinWeb.UserRegistrationView do
|
||||||
|
use KetbinWeb, :view
|
||||||
|
end
|
3
lib/ketbin_web/views/user_reset_password_view.ex
Normal file
3
lib/ketbin_web/views/user_reset_password_view.ex
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defmodule KetbinWeb.UserResetPasswordView do
|
||||||
|
use KetbinWeb, :view
|
||||||
|
end
|
3
lib/ketbin_web/views/user_session_view.ex
Normal file
3
lib/ketbin_web/views/user_session_view.ex
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defmodule KetbinWeb.UserSessionView do
|
||||||
|
use KetbinWeb, :view
|
||||||
|
end
|
3
lib/ketbin_web/views/user_settings_view.ex
Normal file
3
lib/ketbin_web/views/user_settings_view.ex
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
defmodule KetbinWeb.UserSettingsView do
|
||||||
|
use KetbinWeb, :view
|
||||||
|
end
|
1
mix.exs
1
mix.exs
@ -33,6 +33,7 @@ defmodule Ketbin.MixProject do
|
|||||||
# Type `mix help deps` for examples and options.
|
# Type `mix help deps` for examples and options.
|
||||||
defp deps do
|
defp deps do
|
||||||
[
|
[
|
||||||
|
{:bcrypt_elixir, "~> 2.0"},
|
||||||
{:phoenix, "~> 1.5.10"},
|
{:phoenix, "~> 1.5.10"},
|
||||||
{:phoenix_ecto, "~> 4.1"},
|
{:phoenix_ecto, "~> 4.1"},
|
||||||
{:ecto_sql, "~> 3.4"},
|
{:ecto_sql, "~> 3.4"},
|
||||||
|
3
mix.lock
3
mix.lock
@ -1,4 +1,6 @@
|
|||||||
%{
|
%{
|
||||||
|
"bcrypt_elixir": {:hex, :bcrypt_elixir, "2.3.0", "6cb662d5c1b0a8858801cf20997bd006e7016aa8c52959c9ef80e0f34fb60b7a", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2c81d61d4f6ed0e5cf7bf27a9109b791ff216a1034b3d541327484f46dd43769"},
|
||||||
|
"comeonin": {:hex, :comeonin, "5.3.2", "5c2f893d05c56ae3f5e24c1b983c2d5dfb88c6d979c9287a76a7feb1e1d8d646", [:mix], [], "hexpm", "d0993402844c49539aeadb3fe46a3c9bd190f1ecf86b6f9ebd71957534c95f04"},
|
||||||
"connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"},
|
"connection": {:hex, :connection, "1.1.0", "ff2a49c4b75b6fb3e674bfc5536451607270aac754ffd1bdfe175abe4a6d7a68", [:mix], [], "hexpm", "722c1eb0a418fbe91ba7bd59a47e28008a189d47e37e0e7bb85585a016b2869c"},
|
||||||
"cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"},
|
"cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"},
|
||||||
"cowboy_telemetry": {:hex, :cowboy_telemetry, "0.3.1", "ebd1a1d7aff97f27c66654e78ece187abdc646992714164380d8a041eda16754", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3a6efd3366130eab84ca372cbd4a7d3c3a97bdfcfb4911233b035d117063f0af"},
|
"cowboy_telemetry": {:hex, :cowboy_telemetry, "0.3.1", "ebd1a1d7aff97f27c66654e78ece187abdc646992714164380d8a041eda16754", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "3a6efd3366130eab84ca372cbd4a7d3c3a97bdfcfb4911233b035d117063f0af"},
|
||||||
@ -7,6 +9,7 @@
|
|||||||
"decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},
|
"decimal": {:hex, :decimal, "2.0.0", "a78296e617b0f5dd4c6caf57c714431347912ffb1d0842e998e9792b5642d697", [:mix], [], "hexpm", "34666e9c55dea81013e77d9d87370fe6cb6291d1ef32f46a1600230b1d44f577"},
|
||||||
"ecto": {:hex, :ecto, "3.6.2", "efdf52acfc4ce29249bab5417415bd50abd62db7b0603b8bab0d7b996548c2bc", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "efad6dfb04e6f986b8a3047822b0f826d9affe8e4ebdd2aeedbfcb14fd48884e"},
|
"ecto": {:hex, :ecto, "3.6.2", "efdf52acfc4ce29249bab5417415bd50abd62db7b0603b8bab0d7b996548c2bc", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "efad6dfb04e6f986b8a3047822b0f826d9affe8e4ebdd2aeedbfcb14fd48884e"},
|
||||||
"ecto_sql": {:hex, :ecto_sql, "3.6.2", "9526b5f691701a5181427634c30655ac33d11e17e4069eff3ae1176c764e0ba3", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.6.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.4.0 or ~> 0.5.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5ec9d7e6f742ea39b63aceaea9ac1d1773d574ea40df5a53ef8afbd9242fdb6b"},
|
"ecto_sql": {:hex, :ecto_sql, "3.6.2", "9526b5f691701a5181427634c30655ac33d11e17e4069eff3ae1176c764e0ba3", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.6.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.4.0 or ~> 0.5.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5ec9d7e6f742ea39b63aceaea9ac1d1773d574ea40df5a53ef8afbd9242fdb6b"},
|
||||||
|
"elixir_make": {:hex, :elixir_make, "0.6.2", "7dffacd77dec4c37b39af867cedaabb0b59f6a871f89722c25b28fcd4bd70530", [:mix], [], "hexpm", "03e49eadda22526a7e5279d53321d1cced6552f344ba4e03e619063de75348d9"},
|
||||||
"file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
|
"file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
|
||||||
"gettext": {:hex, :gettext, "0.18.2", "7df3ea191bb56c0309c00a783334b288d08a879f53a7014341284635850a6e55", [:mix], [], "hexpm", "f9f537b13d4fdd30f3039d33cb80144c3aa1f8d9698e47d7bcbcc8df93b1f5c5"},
|
"gettext": {:hex, :gettext, "0.18.2", "7df3ea191bb56c0309c00a783334b288d08a879f53a7014341284635850a6e55", [:mix], [], "hexpm", "f9f537b13d4fdd30f3039d33cb80144c3aa1f8d9698e47d7bcbcc8df93b1f5c5"},
|
||||||
"jason": {:hex, :jason, "1.2.2", "ba43e3f2709fd1aa1dce90aaabfd039d000469c05c56f0b8e31978e03fa39052", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "18a228f5f0058ee183f29f9eae0805c6e59d61c3b006760668d8d18ff0d12179"},
|
"jason": {:hex, :jason, "1.2.2", "ba43e3f2709fd1aa1dce90aaabfd039d000469c05c56f0b8e31978e03fa39052", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "18a228f5f0058ee183f29f9eae0805c6e59d61c3b006760668d8d18ff0d12179"},
|
||||||
|
@ -0,0 +1,27 @@
|
|||||||
|
defmodule Ketbin.Repo.Migrations.CreateUsersAuthTables do
|
||||||
|
use Ecto.Migration
|
||||||
|
|
||||||
|
def change do
|
||||||
|
execute "CREATE EXTENSION IF NOT EXISTS citext", ""
|
||||||
|
|
||||||
|
create table(:users) do
|
||||||
|
add :email, :citext, null: false
|
||||||
|
add :hashed_password, :string, null: false
|
||||||
|
add :confirmed_at, :naive_datetime
|
||||||
|
timestamps()
|
||||||
|
end
|
||||||
|
|
||||||
|
create unique_index(:users, [:email])
|
||||||
|
|
||||||
|
create table(:users_tokens) do
|
||||||
|
add :user_id, references(:users, on_delete: :delete_all), null: false
|
||||||
|
add :token, :binary, null: false
|
||||||
|
add :context, :string, null: false
|
||||||
|
add :sent_to, :string
|
||||||
|
timestamps(updated_at: false)
|
||||||
|
end
|
||||||
|
|
||||||
|
create index(:users_tokens, [:user_id])
|
||||||
|
create unique_index(:users_tokens, [:context, :token])
|
||||||
|
end
|
||||||
|
end
|
507
test/ketbin/accounts_test.exs
Normal file
507
test/ketbin/accounts_test.exs
Normal file
@ -0,0 +1,507 @@
|
|||||||
|
defmodule Ketbin.AccountsTest do
|
||||||
|
use Ketbin.DataCase
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
alias Ketbin.Accounts.{User, UserToken}
|
||||||
|
|
||||||
|
describe "get_user_by_email/1" do
|
||||||
|
test "does not return the user if the email does not exist" do
|
||||||
|
refute Accounts.get_user_by_email("unknown@example.com")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns the user if the email exists" do
|
||||||
|
%{id: id} = user = user_fixture()
|
||||||
|
assert %User{id: ^id} = Accounts.get_user_by_email(user.email)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "get_user_by_email_and_password/2" do
|
||||||
|
test "does not return the user if the email does not exist" do
|
||||||
|
refute Accounts.get_user_by_email_and_password("unknown@example.com", "hello world!")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not return the user if the password is not valid" do
|
||||||
|
user = user_fixture()
|
||||||
|
refute Accounts.get_user_by_email_and_password(user.email, "invalid")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns the user if the email and password are valid" do
|
||||||
|
%{id: id} = user = user_fixture()
|
||||||
|
|
||||||
|
assert %User{id: ^id} =
|
||||||
|
Accounts.get_user_by_email_and_password(user.email, valid_user_password())
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "get_user!/1" do
|
||||||
|
test "raises if id is invalid" do
|
||||||
|
assert_raise Ecto.NoResultsError, fn ->
|
||||||
|
Accounts.get_user!(-1)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns the user with the given id" do
|
||||||
|
%{id: id} = user = user_fixture()
|
||||||
|
assert %User{id: ^id} = Accounts.get_user!(user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "register_user/1" do
|
||||||
|
test "requires email and password to be set" do
|
||||||
|
{:error, changeset} = Accounts.register_user(%{})
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
password: ["can't be blank"],
|
||||||
|
email: ["can't be blank"]
|
||||||
|
} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates email and password when given" do
|
||||||
|
{:error, changeset} = Accounts.register_user(%{email: "not valid", password: "not valid"})
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
email: ["must have the @ sign and no spaces"],
|
||||||
|
password: ["should be at least 12 character(s)"]
|
||||||
|
} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates maximum values for email and password for security" do
|
||||||
|
too_long = String.duplicate("db", 100)
|
||||||
|
{:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long})
|
||||||
|
assert "should be at most 160 character(s)" in errors_on(changeset).email
|
||||||
|
assert "should be at most 80 character(s)" in errors_on(changeset).password
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates email uniqueness" do
|
||||||
|
%{email: email} = user_fixture()
|
||||||
|
{:error, changeset} = Accounts.register_user(%{email: email})
|
||||||
|
assert "has already been taken" in errors_on(changeset).email
|
||||||
|
|
||||||
|
# Now try with the upper cased email too, to check that email case is ignored.
|
||||||
|
{:error, changeset} = Accounts.register_user(%{email: String.upcase(email)})
|
||||||
|
assert "has already been taken" in errors_on(changeset).email
|
||||||
|
end
|
||||||
|
|
||||||
|
test "registers users with a hashed password" do
|
||||||
|
email = unique_user_email()
|
||||||
|
{:ok, user} = Accounts.register_user(valid_user_attributes(email: email))
|
||||||
|
assert user.email == email
|
||||||
|
assert is_binary(user.hashed_password)
|
||||||
|
assert is_nil(user.confirmed_at)
|
||||||
|
assert is_nil(user.password)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "change_user_registration/2" do
|
||||||
|
test "returns a changeset" do
|
||||||
|
assert %Ecto.Changeset{} = changeset = Accounts.change_user_registration(%User{})
|
||||||
|
assert changeset.required == [:password, :email]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "allows fields to be set" do
|
||||||
|
email = unique_user_email()
|
||||||
|
password = valid_user_password()
|
||||||
|
|
||||||
|
changeset =
|
||||||
|
Accounts.change_user_registration(
|
||||||
|
%User{},
|
||||||
|
valid_user_attributes(email: email, password: password)
|
||||||
|
)
|
||||||
|
|
||||||
|
assert changeset.valid?
|
||||||
|
assert get_change(changeset, :email) == email
|
||||||
|
assert get_change(changeset, :password) == password
|
||||||
|
assert is_nil(get_change(changeset, :hashed_password))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "change_user_email/2" do
|
||||||
|
test "returns a user changeset" do
|
||||||
|
assert %Ecto.Changeset{} = changeset = Accounts.change_user_email(%User{})
|
||||||
|
assert changeset.required == [:email]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "apply_user_email/3" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "requires email to change", %{user: user} do
|
||||||
|
{:error, changeset} = Accounts.apply_user_email(user, valid_user_password(), %{})
|
||||||
|
assert %{email: ["did not change"]} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates email", %{user: user} do
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.apply_user_email(user, valid_user_password(), %{email: "not valid"})
|
||||||
|
|
||||||
|
assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates maximum value for email for security", %{user: user} do
|
||||||
|
too_long = String.duplicate("db", 100)
|
||||||
|
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.apply_user_email(user, valid_user_password(), %{email: too_long})
|
||||||
|
|
||||||
|
assert "should be at most 160 character(s)" in errors_on(changeset).email
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates email uniqueness", %{user: user} do
|
||||||
|
%{email: email} = user_fixture()
|
||||||
|
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.apply_user_email(user, valid_user_password(), %{email: email})
|
||||||
|
|
||||||
|
assert "has already been taken" in errors_on(changeset).email
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates current password", %{user: user} do
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.apply_user_email(user, "invalid", %{email: unique_user_email()})
|
||||||
|
|
||||||
|
assert %{current_password: ["is not valid"]} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "applies the email without persisting it", %{user: user} do
|
||||||
|
email = unique_user_email()
|
||||||
|
{:ok, user} = Accounts.apply_user_email(user, valid_user_password(), %{email: email})
|
||||||
|
assert user.email == email
|
||||||
|
assert Accounts.get_user!(user.id).email != email
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "deliver_update_email_instructions/3" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "sends token through notification", %{user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_update_email_instructions(user, "current@example.com", url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
{:ok, token} = Base.url_decode64(token, padding: false)
|
||||||
|
assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
|
||||||
|
assert user_token.user_id == user.id
|
||||||
|
assert user_token.sent_to == user.email
|
||||||
|
assert user_token.context == "change:current@example.com"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "update_user_email/2" do
|
||||||
|
setup do
|
||||||
|
user = user_fixture()
|
||||||
|
email = unique_user_email()
|
||||||
|
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{user: user, token: token, email: email}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "updates the email with a valid token", %{user: user, token: token, email: email} do
|
||||||
|
assert Accounts.update_user_email(user, token) == :ok
|
||||||
|
changed_user = Repo.get!(User, user.id)
|
||||||
|
assert changed_user.email != user.email
|
||||||
|
assert changed_user.email == email
|
||||||
|
assert changed_user.confirmed_at
|
||||||
|
assert changed_user.confirmed_at != user.confirmed_at
|
||||||
|
refute Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update email with invalid token", %{user: user} do
|
||||||
|
assert Accounts.update_user_email(user, "oops") == :error
|
||||||
|
assert Repo.get!(User, user.id).email == user.email
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update email if user email changed", %{user: user, token: token} do
|
||||||
|
assert Accounts.update_user_email(%{user | email: "current@example.com"}, token) == :error
|
||||||
|
assert Repo.get!(User, user.id).email == user.email
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update email if token expired", %{user: user, token: token} do
|
||||||
|
{1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
||||||
|
assert Accounts.update_user_email(user, token) == :error
|
||||||
|
assert Repo.get!(User, user.id).email == user.email
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "change_user_password/2" do
|
||||||
|
test "returns a user changeset" do
|
||||||
|
assert %Ecto.Changeset{} = changeset = Accounts.change_user_password(%User{})
|
||||||
|
assert changeset.required == [:password]
|
||||||
|
end
|
||||||
|
|
||||||
|
test "allows fields to be set" do
|
||||||
|
changeset =
|
||||||
|
Accounts.change_user_password(%User{}, %{
|
||||||
|
"password" => "new valid password"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert changeset.valid?
|
||||||
|
assert get_change(changeset, :password) == "new valid password"
|
||||||
|
assert is_nil(get_change(changeset, :hashed_password))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "update_user_password/3" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates password", %{user: user} do
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.update_user_password(user, valid_user_password(), %{
|
||||||
|
password: "not valid",
|
||||||
|
password_confirmation: "another"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
password: ["should be at least 12 character(s)"],
|
||||||
|
password_confirmation: ["does not match password"]
|
||||||
|
} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates maximum values for password for security", %{user: user} do
|
||||||
|
too_long = String.duplicate("db", 100)
|
||||||
|
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.update_user_password(user, valid_user_password(), %{password: too_long})
|
||||||
|
|
||||||
|
assert "should be at most 80 character(s)" in errors_on(changeset).password
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates current password", %{user: user} do
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.update_user_password(user, "invalid", %{password: valid_user_password()})
|
||||||
|
|
||||||
|
assert %{current_password: ["is not valid"]} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "updates the password", %{user: user} do
|
||||||
|
{:ok, user} =
|
||||||
|
Accounts.update_user_password(user, valid_user_password(), %{
|
||||||
|
password: "new valid password"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert is_nil(user.password)
|
||||||
|
assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "deletes all tokens for the given user", %{user: user} do
|
||||||
|
_ = Accounts.generate_user_session_token(user)
|
||||||
|
|
||||||
|
{:ok, _} =
|
||||||
|
Accounts.update_user_password(user, valid_user_password(), %{
|
||||||
|
password: "new valid password"
|
||||||
|
})
|
||||||
|
|
||||||
|
refute Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "generate_user_session_token/1" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "generates a token", %{user: user} do
|
||||||
|
token = Accounts.generate_user_session_token(user)
|
||||||
|
assert user_token = Repo.get_by(UserToken, token: token)
|
||||||
|
assert user_token.context == "session"
|
||||||
|
|
||||||
|
# Creating the same token for another user should fail
|
||||||
|
assert_raise Ecto.ConstraintError, fn ->
|
||||||
|
Repo.insert!(%UserToken{
|
||||||
|
token: user_token.token,
|
||||||
|
user_id: user_fixture().id,
|
||||||
|
context: "session"
|
||||||
|
})
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "get_user_by_session_token/1" do
|
||||||
|
setup do
|
||||||
|
user = user_fixture()
|
||||||
|
token = Accounts.generate_user_session_token(user)
|
||||||
|
%{user: user, token: token}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns user by token", %{user: user, token: token} do
|
||||||
|
assert session_user = Accounts.get_user_by_session_token(token)
|
||||||
|
assert session_user.id == user.id
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not return user for invalid token" do
|
||||||
|
refute Accounts.get_user_by_session_token("oops")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not return user for expired token", %{token: token} do
|
||||||
|
{1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
||||||
|
refute Accounts.get_user_by_session_token(token)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "delete_session_token/1" do
|
||||||
|
test "deletes the token" do
|
||||||
|
user = user_fixture()
|
||||||
|
token = Accounts.generate_user_session_token(user)
|
||||||
|
assert Accounts.delete_session_token(token) == :ok
|
||||||
|
refute Accounts.get_user_by_session_token(token)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "deliver_user_confirmation_instructions/2" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "sends token through notification", %{user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_confirmation_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
{:ok, token} = Base.url_decode64(token, padding: false)
|
||||||
|
assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
|
||||||
|
assert user_token.user_id == user.id
|
||||||
|
assert user_token.sent_to == user.email
|
||||||
|
assert user_token.context == "confirm"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "confirm_user/1" do
|
||||||
|
setup do
|
||||||
|
user = user_fixture()
|
||||||
|
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_confirmation_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{user: user, token: token}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "confirms the email with a valid token", %{user: user, token: token} do
|
||||||
|
assert {:ok, confirmed_user} = Accounts.confirm_user(token)
|
||||||
|
assert confirmed_user.confirmed_at
|
||||||
|
assert confirmed_user.confirmed_at != user.confirmed_at
|
||||||
|
assert Repo.get!(User, user.id).confirmed_at
|
||||||
|
refute Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not confirm with invalid token", %{user: user} do
|
||||||
|
assert Accounts.confirm_user("oops") == :error
|
||||||
|
refute Repo.get!(User, user.id).confirmed_at
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not confirm email if token expired", %{user: user, token: token} do
|
||||||
|
{1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
||||||
|
assert Accounts.confirm_user(token) == :error
|
||||||
|
refute Repo.get!(User, user.id).confirmed_at
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "deliver_user_reset_password_instructions/2" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "sends token through notification", %{user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_reset_password_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
{:ok, token} = Base.url_decode64(token, padding: false)
|
||||||
|
assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
|
||||||
|
assert user_token.user_id == user.id
|
||||||
|
assert user_token.sent_to == user.email
|
||||||
|
assert user_token.context == "reset_password"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "get_user_by_reset_password_token/1" do
|
||||||
|
setup do
|
||||||
|
user = user_fixture()
|
||||||
|
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_reset_password_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{user: user, token: token}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "returns the user with valid token", %{user: %{id: id}, token: token} do
|
||||||
|
assert %User{id: ^id} = Accounts.get_user_by_reset_password_token(token)
|
||||||
|
assert Repo.get_by(UserToken, user_id: id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not return the user with invalid token", %{user: user} do
|
||||||
|
refute Accounts.get_user_by_reset_password_token("oops")
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not return the user if token expired", %{user: user, token: token} do
|
||||||
|
{1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
|
||||||
|
refute Accounts.get_user_by_reset_password_token(token)
|
||||||
|
assert Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "reset_user_password/2" do
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates password", %{user: user} do
|
||||||
|
{:error, changeset} =
|
||||||
|
Accounts.reset_user_password(user, %{
|
||||||
|
password: "not valid",
|
||||||
|
password_confirmation: "another"
|
||||||
|
})
|
||||||
|
|
||||||
|
assert %{
|
||||||
|
password: ["should be at least 12 character(s)"],
|
||||||
|
password_confirmation: ["does not match password"]
|
||||||
|
} = errors_on(changeset)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "validates maximum values for password for security", %{user: user} do
|
||||||
|
too_long = String.duplicate("db", 100)
|
||||||
|
{:error, changeset} = Accounts.reset_user_password(user, %{password: too_long})
|
||||||
|
assert "should be at most 80 character(s)" in errors_on(changeset).password
|
||||||
|
end
|
||||||
|
|
||||||
|
test "updates the password", %{user: user} do
|
||||||
|
{:ok, updated_user} = Accounts.reset_user_password(user, %{password: "new valid password"})
|
||||||
|
assert is_nil(updated_user.password)
|
||||||
|
assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "deletes all tokens for the given user", %{user: user} do
|
||||||
|
_ = Accounts.generate_user_session_token(user)
|
||||||
|
{:ok, _} = Accounts.reset_user_password(user, %{password: "new valid password"})
|
||||||
|
refute Repo.get_by(UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "inspect/2" do
|
||||||
|
test "does not include password" do
|
||||||
|
refute inspect(%User{password: "123456"}) =~ "password: \"123456\""
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
173
test/ketbin_web/controllers/user_auth_test.exs
Normal file
173
test/ketbin_web/controllers/user_auth_test.exs
Normal file
@ -0,0 +1,173 @@
|
|||||||
|
defmodule KetbinWeb.UserAuthTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias KetbinWeb.UserAuth
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
@remember_me_cookie "_ketbin_web_user_remember_me"
|
||||||
|
|
||||||
|
setup %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> Map.replace!(:secret_key_base, KetbinWeb.Endpoint.config(:secret_key_base))
|
||||||
|
|> init_test_session(%{})
|
||||||
|
|
||||||
|
%{user: user_fixture(), conn: conn}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "log_in_user/3" do
|
||||||
|
test "stores the user token in the session", %{conn: conn, user: user} do
|
||||||
|
conn = UserAuth.log_in_user(conn, user)
|
||||||
|
assert token = get_session(conn, :user_token)
|
||||||
|
assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert Accounts.get_user_by_session_token(token)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "clears everything previously stored in the session", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(user)
|
||||||
|
refute get_session(conn, :to_be_removed)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "redirects to the configured path", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(user)
|
||||||
|
assert redirected_to(conn) == "/hello"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
|
||||||
|
assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]
|
||||||
|
|
||||||
|
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
|
||||||
|
assert signed_token != get_session(conn, :user_token)
|
||||||
|
assert max_age == 5_184_000
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "logout_user/1" do
|
||||||
|
test "erases session and cookies", %{conn: conn, user: user} do
|
||||||
|
user_token = Accounts.generate_user_session_token(user)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_session(:user_token, user_token)
|
||||||
|
|> put_req_cookie(@remember_me_cookie, user_token)
|
||||||
|
|> fetch_cookies()
|
||||||
|
|> UserAuth.log_out_user()
|
||||||
|
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
refute conn.cookies[@remember_me_cookie]
|
||||||
|
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
refute Accounts.get_user_by_session_token(user_token)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "broadcasts to the given live_socket_id", %{conn: conn} do
|
||||||
|
live_socket_id = "users_sessions:abcdef-token"
|
||||||
|
KetbinWeb.Endpoint.subscribe(live_socket_id)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> put_session(:live_socket_id, live_socket_id)
|
||||||
|
|> UserAuth.log_out_user()
|
||||||
|
|
||||||
|
assert_receive %Phoenix.Socket.Broadcast{
|
||||||
|
event: "disconnect",
|
||||||
|
topic: "users_sessions:abcdef-token"
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "works even if user is already logged out", %{conn: conn} do
|
||||||
|
conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "fetch_current_user/2" do
|
||||||
|
test "authenticates user from session", %{conn: conn, user: user} do
|
||||||
|
user_token = Accounts.generate_user_session_token(user)
|
||||||
|
conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
|
||||||
|
assert conn.assigns.current_user.id == user.id
|
||||||
|
end
|
||||||
|
|
||||||
|
test "authenticates user from cookies", %{conn: conn, user: user} do
|
||||||
|
logged_in_conn =
|
||||||
|
conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
|
||||||
|
|
||||||
|
user_token = logged_in_conn.cookies[@remember_me_cookie]
|
||||||
|
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
|
||||||
|
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_cookie(@remember_me_cookie, signed_token)
|
||||||
|
|> UserAuth.fetch_current_user([])
|
||||||
|
|
||||||
|
assert get_session(conn, :user_token) == user_token
|
||||||
|
assert conn.assigns.current_user.id == user.id
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not authenticate if data is missing", %{conn: conn, user: user} do
|
||||||
|
_ = Accounts.generate_user_session_token(user)
|
||||||
|
conn = UserAuth.fetch_current_user(conn, [])
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
refute conn.assigns.current_user
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "redirect_if_user_is_authenticated/2" do
|
||||||
|
test "redirects if user is authenticated", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> assign(:current_user, user) |> UserAuth.redirect_if_user_is_authenticated([])
|
||||||
|
assert conn.halted
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not redirect if user is not authenticated", %{conn: conn} do
|
||||||
|
conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
|
||||||
|
refute conn.halted
|
||||||
|
refute conn.status
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "require_authenticated_user/2" do
|
||||||
|
test "redirects if user is not authenticated", %{conn: conn} do
|
||||||
|
conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
|
||||||
|
assert conn.halted
|
||||||
|
assert redirected_to(conn) == Routes.user_session_path(conn, :new)
|
||||||
|
assert get_flash(conn, :error) == "You must log in to access this page."
|
||||||
|
end
|
||||||
|
|
||||||
|
test "stores the path to redirect to on GET", %{conn: conn} do
|
||||||
|
halted_conn =
|
||||||
|
%{conn | request_path: "/foo", query_string: ""}
|
||||||
|
|> fetch_flash()
|
||||||
|
|> UserAuth.require_authenticated_user([])
|
||||||
|
|
||||||
|
assert halted_conn.halted
|
||||||
|
assert get_session(halted_conn, :user_return_to) == "/foo"
|
||||||
|
|
||||||
|
halted_conn =
|
||||||
|
%{conn | request_path: "/foo", query_string: "bar=baz"}
|
||||||
|
|> fetch_flash()
|
||||||
|
|> UserAuth.require_authenticated_user([])
|
||||||
|
|
||||||
|
assert halted_conn.halted
|
||||||
|
assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"
|
||||||
|
|
||||||
|
halted_conn =
|
||||||
|
%{conn | request_path: "/foo?bar", method: "POST"}
|
||||||
|
|> fetch_flash()
|
||||||
|
|> UserAuth.require_authenticated_user([])
|
||||||
|
|
||||||
|
assert halted_conn.halted
|
||||||
|
refute get_session(halted_conn, :user_return_to)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not redirect if user is authenticated", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> assign(:current_user, user) |> UserAuth.require_authenticated_user([])
|
||||||
|
refute conn.halted
|
||||||
|
refute conn.status
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -0,0 +1,94 @@
|
|||||||
|
defmodule KetbinWeb.UserConfirmationControllerTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias Ketbin.Repo
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/confirm" do
|
||||||
|
test "renders the confirmation page", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_confirmation_path(conn, :new))
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Resend confirmation instructions</h1>"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /users/confirm" do
|
||||||
|
@tag :capture_log
|
||||||
|
test "sends a new confirmation token", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_confirmation_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => user.email}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "If your email is in our system"
|
||||||
|
assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "confirm"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not send confirmation token if User is confirmed", %{conn: conn, user: user} do
|
||||||
|
Repo.update!(Accounts.User.confirm_changeset(user))
|
||||||
|
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_confirmation_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => user.email}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "If your email is in our system"
|
||||||
|
refute Repo.get_by(Accounts.UserToken, user_id: user.id)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not send confirmation token if email is invalid", %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_confirmation_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => "unknown@example.com"}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "If your email is in our system"
|
||||||
|
assert Repo.all(Accounts.UserToken) == []
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/confirm/:token" do
|
||||||
|
test "confirms the given token once", %{conn: conn, user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_confirmation_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
conn = get(conn, Routes.user_confirmation_path(conn, :confirm, token))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "User confirmed successfully"
|
||||||
|
assert Accounts.get_user!(user.id).confirmed_at
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
assert Repo.all(Accounts.UserToken) == []
|
||||||
|
|
||||||
|
# When not logged in
|
||||||
|
conn = get(conn, Routes.user_confirmation_path(conn, :confirm, token))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
|
||||||
|
|
||||||
|
# When logged in
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> log_in_user(user)
|
||||||
|
|> get(Routes.user_confirmation_path(conn, :confirm, token))
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
refute get_flash(conn, :error)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not confirm email with invalid token", %{conn: conn, user: user} do
|
||||||
|
conn = get(conn, Routes.user_confirmation_path(conn, :confirm, "oops"))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
|
||||||
|
refute Accounts.get_user!(user.id).confirmed_at
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -0,0 +1,54 @@
|
|||||||
|
defmodule KetbinWeb.UserRegistrationControllerTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
describe "GET /users/register" do
|
||||||
|
test "renders registration page", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_registration_path(conn, :new))
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Register</h1>"
|
||||||
|
assert response =~ "Log in</a>"
|
||||||
|
assert response =~ "Register</a>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "redirects if already logged in", %{conn: conn} do
|
||||||
|
conn = conn |> log_in_user(user_fixture()) |> get(Routes.user_registration_path(conn, :new))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /users/register" do
|
||||||
|
@tag :capture_log
|
||||||
|
test "creates account and logs the user in", %{conn: conn} do
|
||||||
|
email = unique_user_email()
|
||||||
|
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_registration_path(conn, :create), %{
|
||||||
|
"user" => valid_user_attributes(email: email)
|
||||||
|
})
|
||||||
|
|
||||||
|
assert get_session(conn, :user_token)
|
||||||
|
assert redirected_to(conn) =~ "/"
|
||||||
|
|
||||||
|
# Now do a logged in request and assert on the menu
|
||||||
|
conn = get(conn, "/")
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ email
|
||||||
|
assert response =~ "Settings</a>"
|
||||||
|
assert response =~ "Log out</a>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "render errors for invalid data", %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_registration_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => "with spaces", "password" => "too short"}
|
||||||
|
})
|
||||||
|
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Register</h1>"
|
||||||
|
assert response =~ "must have the @ sign and no spaces"
|
||||||
|
assert response =~ "should be at least 12 character"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -0,0 +1,113 @@
|
|||||||
|
defmodule KetbinWeb.UserResetPasswordControllerTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
alias Ketbin.Repo
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/reset_password" do
|
||||||
|
test "renders the reset password page", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_reset_password_path(conn, :new))
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Forgot your password?</h1>"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /users/reset_password" do
|
||||||
|
@tag :capture_log
|
||||||
|
test "sends a new reset password token", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_reset_password_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => user.email}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "If your email is in our system"
|
||||||
|
assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "reset_password"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not send reset password token if email is invalid", %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_reset_password_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => "unknown@example.com"}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :info) =~ "If your email is in our system"
|
||||||
|
assert Repo.all(Accounts.UserToken) == []
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/reset_password/:token" do
|
||||||
|
setup %{user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_reset_password_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{token: token}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "renders reset password", %{conn: conn, token: token} do
|
||||||
|
conn = get(conn, Routes.user_reset_password_path(conn, :edit, token))
|
||||||
|
assert html_response(conn, 200) =~ "<h1>Reset password</h1>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not render reset password with invalid token", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_reset_password_path(conn, :edit, "oops"))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "PUT /users/reset_password/:token" do
|
||||||
|
setup %{user: user} do
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_user_reset_password_instructions(user, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{token: token}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "resets password once", %{conn: conn, user: user, token: token} do
|
||||||
|
conn =
|
||||||
|
put(conn, Routes.user_reset_password_path(conn, :update, token), %{
|
||||||
|
"user" => %{
|
||||||
|
"password" => "new valid password",
|
||||||
|
"password_confirmation" => "new valid password"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == Routes.user_session_path(conn, :new)
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
assert get_flash(conn, :info) =~ "Password reset successfully"
|
||||||
|
assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not reset password on invalid data", %{conn: conn, token: token} do
|
||||||
|
conn =
|
||||||
|
put(conn, Routes.user_reset_password_path(conn, :update, token), %{
|
||||||
|
"user" => %{
|
||||||
|
"password" => "too short",
|
||||||
|
"password_confirmation" => "does not match"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Reset password</h1>"
|
||||||
|
assert response =~ "should be at least 12 character(s)"
|
||||||
|
assert response =~ "does not match password"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not reset password with invalid token", %{conn: conn} do
|
||||||
|
conn = put(conn, Routes.user_reset_password_path(conn, :update, "oops"))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
98
test/ketbin_web/controllers/user_session_controller_test.exs
Normal file
98
test/ketbin_web/controllers/user_session_controller_test.exs
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
defmodule KetbinWeb.UserSessionControllerTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
setup do
|
||||||
|
%{user: user_fixture()}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/log_in" do
|
||||||
|
test "renders log in page", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_session_path(conn, :new))
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Log in</h1>"
|
||||||
|
assert response =~ "Log in</a>"
|
||||||
|
assert response =~ "Register</a>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "redirects if already logged in", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> log_in_user(user) |> get(Routes.user_session_path(conn, :new))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "POST /users/log_in" do
|
||||||
|
test "logs the user in", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_session_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => user.email, "password" => valid_user_password()}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert get_session(conn, :user_token)
|
||||||
|
assert redirected_to(conn) =~ "/"
|
||||||
|
|
||||||
|
# Now do a logged in request and assert on the menu
|
||||||
|
conn = get(conn, "/")
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ user.email
|
||||||
|
assert response =~ "Settings</a>"
|
||||||
|
assert response =~ "Log out</a>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "logs the user in with remember me", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_session_path(conn, :create), %{
|
||||||
|
"user" => %{
|
||||||
|
"email" => user.email,
|
||||||
|
"password" => valid_user_password(),
|
||||||
|
"remember_me" => "true"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert conn.resp_cookies["_ketbin_web_user_remember_me"]
|
||||||
|
assert redirected_to(conn) =~ "/"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "logs the user in with return to", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> init_test_session(user_return_to: "/foo/bar")
|
||||||
|
|> post(Routes.user_session_path(conn, :create), %{
|
||||||
|
"user" => %{
|
||||||
|
"email" => user.email,
|
||||||
|
"password" => valid_user_password()
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == "/foo/bar"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "emits error message with invalid credentials", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
post(conn, Routes.user_session_path(conn, :create), %{
|
||||||
|
"user" => %{"email" => user.email, "password" => "invalid_password"}
|
||||||
|
})
|
||||||
|
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Log in</h1>"
|
||||||
|
assert response =~ "Invalid email or password"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "DELETE /users/log_out" do
|
||||||
|
test "logs the user out", %{conn: conn, user: user} do
|
||||||
|
conn = conn |> log_in_user(user) |> delete(Routes.user_session_path(conn, :delete))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
assert get_flash(conn, :info) =~ "Logged out successfully"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "succeeds even if the user is not logged in", %{conn: conn} do
|
||||||
|
conn = delete(conn, Routes.user_session_path(conn, :delete))
|
||||||
|
assert redirected_to(conn) == "/"
|
||||||
|
refute get_session(conn, :user_token)
|
||||||
|
assert get_flash(conn, :info) =~ "Logged out successfully"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
129
test/ketbin_web/controllers/user_settings_controller_test.exs
Normal file
129
test/ketbin_web/controllers/user_settings_controller_test.exs
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
defmodule KetbinWeb.UserSettingsControllerTest do
|
||||||
|
use KetbinWeb.ConnCase, async: true
|
||||||
|
|
||||||
|
alias Ketbin.Accounts
|
||||||
|
import Ketbin.AccountsFixtures
|
||||||
|
|
||||||
|
setup :register_and_log_in_user
|
||||||
|
|
||||||
|
describe "GET /users/settings" do
|
||||||
|
test "renders settings page", %{conn: conn} do
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :edit))
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Settings</h1>"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "redirects if user is not logged in" do
|
||||||
|
conn = build_conn()
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :edit))
|
||||||
|
assert redirected_to(conn) == Routes.user_session_path(conn, :new)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "PUT /users/settings (change password form)" do
|
||||||
|
test "updates the user password and resets tokens", %{conn: conn, user: user} do
|
||||||
|
new_password_conn =
|
||||||
|
put(conn, Routes.user_settings_path(conn, :update), %{
|
||||||
|
"action" => "update_password",
|
||||||
|
"current_password" => valid_user_password(),
|
||||||
|
"user" => %{
|
||||||
|
"password" => "new valid password",
|
||||||
|
"password_confirmation" => "new valid password"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(new_password_conn) == Routes.user_settings_path(conn, :edit)
|
||||||
|
assert get_session(new_password_conn, :user_token) != get_session(conn, :user_token)
|
||||||
|
assert get_flash(new_password_conn, :info) =~ "Password updated successfully"
|
||||||
|
assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update password on invalid data", %{conn: conn} do
|
||||||
|
old_password_conn =
|
||||||
|
put(conn, Routes.user_settings_path(conn, :update), %{
|
||||||
|
"action" => "update_password",
|
||||||
|
"current_password" => "invalid",
|
||||||
|
"user" => %{
|
||||||
|
"password" => "too short",
|
||||||
|
"password_confirmation" => "does not match"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
response = html_response(old_password_conn, 200)
|
||||||
|
assert response =~ "<h1>Settings</h1>"
|
||||||
|
assert response =~ "should be at least 12 character(s)"
|
||||||
|
assert response =~ "does not match password"
|
||||||
|
assert response =~ "is not valid"
|
||||||
|
|
||||||
|
assert get_session(old_password_conn, :user_token) == get_session(conn, :user_token)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "PUT /users/settings (change email form)" do
|
||||||
|
@tag :capture_log
|
||||||
|
test "updates the user email", %{conn: conn, user: user} do
|
||||||
|
conn =
|
||||||
|
put(conn, Routes.user_settings_path(conn, :update), %{
|
||||||
|
"action" => "update_email",
|
||||||
|
"current_password" => valid_user_password(),
|
||||||
|
"user" => %{"email" => unique_user_email()}
|
||||||
|
})
|
||||||
|
|
||||||
|
assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
|
||||||
|
assert get_flash(conn, :info) =~ "A link to confirm your email"
|
||||||
|
assert Accounts.get_user_by_email(user.email)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update email on invalid data", %{conn: conn} do
|
||||||
|
conn =
|
||||||
|
put(conn, Routes.user_settings_path(conn, :update), %{
|
||||||
|
"action" => "update_email",
|
||||||
|
"current_password" => "invalid",
|
||||||
|
"user" => %{"email" => "with spaces"}
|
||||||
|
})
|
||||||
|
|
||||||
|
response = html_response(conn, 200)
|
||||||
|
assert response =~ "<h1>Settings</h1>"
|
||||||
|
assert response =~ "must have the @ sign and no spaces"
|
||||||
|
assert response =~ "is not valid"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "GET /users/settings/confirm_email/:token" do
|
||||||
|
setup %{user: user} do
|
||||||
|
email = unique_user_email()
|
||||||
|
|
||||||
|
token =
|
||||||
|
extract_user_token(fn url ->
|
||||||
|
Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
|
||||||
|
end)
|
||||||
|
|
||||||
|
%{token: token, email: email}
|
||||||
|
end
|
||||||
|
|
||||||
|
test "updates the user email once", %{conn: conn, user: user, token: token, email: email} do
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
|
||||||
|
assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
|
||||||
|
assert get_flash(conn, :info) =~ "Email changed successfully"
|
||||||
|
refute Accounts.get_user_by_email(user.email)
|
||||||
|
assert Accounts.get_user_by_email(email)
|
||||||
|
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
|
||||||
|
assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
|
||||||
|
assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
|
||||||
|
end
|
||||||
|
|
||||||
|
test "does not update email with invalid token", %{conn: conn, user: user} do
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :confirm_email, "oops"))
|
||||||
|
assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
|
||||||
|
assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
|
||||||
|
assert Accounts.get_user_by_email(user.email)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "redirects if user is not logged in", %{token: token} do
|
||||||
|
conn = build_conn()
|
||||||
|
conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
|
||||||
|
assert redirected_to(conn) == Routes.user_session_path(conn, :new)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
@ -40,4 +40,30 @@ defmodule KetbinWeb.ConnCase do
|
|||||||
|
|
||||||
{:ok, conn: Phoenix.ConnTest.build_conn()}
|
{:ok, conn: Phoenix.ConnTest.build_conn()}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Setup helper that registers and logs in users.
|
||||||
|
|
||||||
|
setup :register_and_log_in_user
|
||||||
|
|
||||||
|
It stores an updated connection and a registered user in the
|
||||||
|
test context.
|
||||||
|
"""
|
||||||
|
def register_and_log_in_user(%{conn: conn}) do
|
||||||
|
user = Ketbin.AccountsFixtures.user_fixture()
|
||||||
|
%{conn: log_in_user(conn, user), user: user}
|
||||||
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
Logs the given `user` into the `conn`.
|
||||||
|
|
||||||
|
It returns an updated `conn`.
|
||||||
|
"""
|
||||||
|
def log_in_user(conn, user) do
|
||||||
|
token = Ketbin.Accounts.generate_user_session_token(user)
|
||||||
|
|
||||||
|
conn
|
||||||
|
|> Phoenix.ConnTest.init_test_session(%{})
|
||||||
|
|> Plug.Conn.put_session(:user_token, token)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
31
test/support/fixtures/accounts_fixtures.ex
Normal file
31
test/support/fixtures/accounts_fixtures.ex
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
defmodule Ketbin.AccountsFixtures do
|
||||||
|
@moduledoc """
|
||||||
|
This module defines test helpers for creating
|
||||||
|
entities via the `Ketbin.Accounts` context.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def unique_user_email, do: "user#{System.unique_integer()}@example.com"
|
||||||
|
def valid_user_password, do: "hello world!"
|
||||||
|
|
||||||
|
def valid_user_attributes(attrs \\ %{}) do
|
||||||
|
Enum.into(attrs, %{
|
||||||
|
email: unique_user_email(),
|
||||||
|
password: valid_user_password()
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_fixture(attrs \\ %{}) do
|
||||||
|
{:ok, user} =
|
||||||
|
attrs
|
||||||
|
|> valid_user_attributes()
|
||||||
|
|> Ketbin.Accounts.register_user()
|
||||||
|
|
||||||
|
user
|
||||||
|
end
|
||||||
|
|
||||||
|
def extract_user_token(fun) do
|
||||||
|
{:ok, captured} = fun.(&"[TOKEN]#{&1}[TOKEN]")
|
||||||
|
[_, token, _] = String.split(captured.body, "[TOKEN]")
|
||||||
|
token
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user