After "mix phx.gen.auth Admins Admin admins" with added working register and login path.

2026-02-20 13:09:55 +01:00
parent a47931f40e
commit 53d19a3a18
28 changed files with 2830 additions and 0 deletions
--- a/lib/beet_round_server_web/controllers/admin_session_controller.ex
+++ b/lib/beet_round_server_web/controllers/admin_session_controller.ex
@ -0,0 +1,88 @@
+defmodule BeetRoundServerWeb.AdminSessionController do
+  use BeetRoundServerWeb, :controller
+
+  alias BeetRoundServer.Admins
+  alias BeetRoundServerWeb.AdminAuth
+
+  def new(conn, _params) do
+    email = get_in(conn.assigns, [:current_scope, Access.key(:admin), Access.key(:email)])
+    form = Phoenix.Component.to_form(%{"email" => email}, as: "admin")
+
+    render(conn, :new, form: form)
+  end
+
+  # magic link login
+  def create(conn, %{"admin" => %{"token" => token} = admin_params} = params) do
+    info =
+      case params do
+        %{"_action" => "confirmed"} -> "Admin confirmed successfully."
+        _ -> "Welcome back!"
+      end
+
+    case Admins.login_admin_by_magic_link(token) do
+      {:ok, {admin, _expired_tokens}} ->
+        conn
+        |> put_flash(:info, info)
+        |> AdminAuth.log_in_admin(admin, admin_params)
+
+      {:error, :not_found} ->
+        conn
+        |> put_flash(:error, "The link is invalid or it has expired.")
+        |> render(:new, form: Phoenix.Component.to_form(%{}, as: "admin"))
+    end
+  end
+
+  # email + password login
+  def create(conn, %{"admin" => %{"email" => email, "password" => password} = admin_params}) do
+    if admin = Admins.get_admin_by_email_and_password(email, password) do
+      conn
+      |> put_flash(:info, "Welcome back!")
+      |> AdminAuth.log_in_admin(admin, admin_params)
+    else
+      form = Phoenix.Component.to_form(admin_params, as: "admin")
+
+      # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
+      conn
+      |> put_flash(:error, "Invalid email or password")
+      |> render(:new, form: form)
+    end
+  end
+
+  # magic link request
+  def create(conn, %{"admin" => %{"email" => email}}) do
+    if admin = Admins.get_admin_by_email(email) do
+      Admins.deliver_login_instructions(
+        admin,
+        &url(~p"/admins/log-in/#{&1}")
+      )
+    end
+
+    info =
+      "If your email is in our system, you will receive instructions for logging in shortly."
+
+    conn
+    |> put_flash(:info, info)
+    |> redirect(to: ~p"/admins/log-in")
+  end
+
+  def confirm(conn, %{"token" => token}) do
+    if admin = Admins.get_admin_by_magic_link_token(token) do
+      form = Phoenix.Component.to_form(%{"token" => token}, as: "admin")
+
+      conn
+      |> assign(:admin, admin)
+      |> assign(:form, form)
+      |> render(:confirm)
+    else
+      conn
+      |> put_flash(:error, "Magic link is invalid or it has expired.")
+      |> redirect(to: ~p"/admins/log-in")
+    end
+  end
+
+  def delete(conn, _params) do
+    conn
+    |> put_flash(:info, "Logged out successfully.")
+    |> AdminAuth.log_out_admin()
+  end
+end