bent/BeetRoundServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Login per email token. With logout of previous account if already logged in.

Browse Source
This commit is contained in:
Bent Witthold
2026-02-18 15:01:31 +01:00
parent 02b473bbf1
commit 55c128e25e
6 changed files with 71 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/beet_round_server/accounts.ex
View File

@ -57,6 +57,13 @@ defmodule BeetRoundServer.Accounts do
if User.valid_password?(user, password), do: user
end
def get_user_by_email_token(token) do
{:ok, query} =
UserToken.verify_email_token_query(token, "session")
Repo.one(query)
end
@doc """
Gets a single user.

21
lib/beet_round_server/accounts/user_token.ex
View File

@ -125,6 +125,27 @@ defmodule BeetRoundServer.Accounts.UserToken do
end
end
def verify_email_token_query(token, context) do
case Base.url_decode64(token, padding: false) do
{:ok, decoded_token} ->
hashed_token = :crypto.hash(@hash_algorithm, decoded_token)
days = days_for_context(context)
query =
from token in by_token_and_context_query(hashed_token, context),
join: user in assoc(token, :user),
where: token.inserted_at > ago(^days, "day") and token.sent_to == user.email,
select: user
{:ok, query}
:error ->
:error
end
end
defp days_for_context("session"), do: @session_validity_in_days
@doc """
Checks if the token is valid and returns its underlying lookup query.

3
lib/beet_round_server_web/controllers/user_json.ex
View File

@ -15,9 +15,6 @@ defmodule BeetRoundServerWeb.UserJSON do
%{data: %{email: user.email, id: user.id, token: encoded_token}}
end
@doc """
Renders a single user.
"""
def show(%{user: user}) do
%{data: data(user)}
end

17
lib/beet_round_server_web/controllers/user_session_controller.ex
View File

@ -12,6 +12,23 @@ defmodule BeetRoundServerWeb.UserSessionController do
create(conn, params, "Welcome back!")
end
def login(conn, %{"token" => token}) do
IO.puts("Login via token:")
IO.inspect(token)
UserAuth.log_out_user_without_redirect(conn)
if user = Accounts.get_user_by_email_token(token) do
conn
|> put_flash(:info, "Login successful!")
|> UserAuth.log_in_without_creating_cookie(user)
else
conn
|> put_flash(:error, "Invalid token")
|> redirect(to: ~p"/")
end
end
# magic link login
defp create(conn, %{"user" => %{"token" => token} = user_params}, info) do
case Accounts.login_user_by_magic_link(token) do

2
lib/beet_round_server_web/router.ex
View File

@ -88,5 +88,7 @@ defmodule BeetRoundServerWeb.Router do
post "/users/log-in", UserSessionController, :create
delete "/users/log-out", UserSessionController, :delete
get "/log_in/:token", UserSessionController, :login
end
end

25
lib/beet_round_server_web/user_auth.ex
View File

@ -40,6 +40,16 @@ defmodule BeetRoundServerWeb.UserAuth do
|> redirect(to: user_return_to || signed_in_path(conn))
end
def log_in_without_creating_cookie(conn, user) do
token = Accounts.generate_user_session_token(user)
user_return_to = get_session(conn, :user_return_to)
conn
|> renew_session(user)
|> put_token_in_session(token)
|> redirect(to: user_return_to || signed_in_path(conn))
end
@doc """
Logs the user out.
@ -59,6 +69,19 @@ defmodule BeetRoundServerWeb.UserAuth do
|> redirect(to: ~p"/")
end
def log_out_user_without_redirect(conn) do
user_token = get_session(conn, :user_token)
user_token && Accounts.delete_user_session_token(user_token)
if live_socket_id = get_session(conn, :live_socket_id) do
BeetRoundServerWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
end
conn
|> renew_session(nil)
|> delete_resp_cookie(@remember_me_cookie)
end
@doc """
Authenticates the user by looking into the session and remember me token.
@ -259,7 +282,7 @@ defmodule BeetRoundServerWeb.UserAuth do
@doc "Returns the path to redirect to after log in."
# the user was already logged in, redirect to settings
def signed_in_path(%Plug.Conn{assigns: %{current_scope: %Scope{user: %Accounts.User{}}}}) do
~p"/users/settings"
~p"/biddings"
end
def signed_in_path(_), do: ~p"/biddings"