Login per email token. With logout of previous account if already logged in.

lib/beet_round_server/accounts.ex

@@ -57,6 +57,13 @@ defmodule BeetRoundServer.Accounts do
     if User.valid_password?(user, password), do: user
   end
 
+  def get_user_by_email_token(token) do
+    {:ok, query} =
+      UserToken.verify_email_token_query(token, "session")
+
+    Repo.one(query)
+  end
+
   @doc """
   Gets a single user.
 
@@ -180,6 +187,13 @@ defmodule BeetRoundServer.Accounts do
     |> update_user_and_delete_all_tokens()
   end
 
+  def create_email_token(%User{} = user) do
+    {encoded_token, user_token} = UserToken.build_email_token(user, "session")
+    Repo.insert!(user_token)
+
+    encoded_token
+  end
+
   ## Session
 
   @doc """
@@ -294,6 +308,11 @@ defmodule BeetRoundServer.Accounts do
     :ok
   end
 
+  def delete_user(id) do
+    user = get_user!(id)
+    Repo.delete(user)
+  end
+
   ## Token helper
 
   defp update_user_and_delete_all_tokens(changeset) do

lib/beet_round_server/accounts/user_token.ex

@@ -125,6 +125,27 @@ defmodule BeetRoundServer.Accounts.UserToken do
     end
   end
 
+  def verify_email_token_query(token, context) do
+    case Base.url_decode64(token, padding: false) do
+      {:ok, decoded_token} ->
+        hashed_token = :crypto.hash(@hash_algorithm, decoded_token)
+        days = days_for_context(context)
+
+        query =
+          from token in by_token_and_context_query(hashed_token, context),
+            join: user in assoc(token, :user),
+            where: token.inserted_at > ago(^days, "day") and token.sent_to == user.email,
+            select: user
+
+        {:ok, query}
+
+      :error ->
+        :error
+    end
+  end
+
+  defp days_for_context("session"), do: @session_validity_in_days
+
   @doc """
   Checks if the token is valid and returns its underlying lookup query.
 

lib/beet_round_server_web/controllers/user_controller.ex

@@ -12,11 +12,23 @@ defmodule BeetRoundServerWeb.UserController do
   end
 
   def create(conn, %{"user" => user_params}) do
-    with {:ok, %User{} = user} <- Accounts.register_user(user_params) do
+    case Accounts.register_user(user_params) do
+      {:ok, %User{} = user} ->
+        send_created_response(conn, user)
+
+      {:error, changeset} ->
+        with %User{} = user <- Accounts.get_user_by_email(user_params["email"]) do
+          send_already_reported_response(conn, user)
+        else
+          _ ->
+            send_not_acceptable(conn, changeset)
+        end
+
+      _ ->
         conn
-      |> put_status(:created)
+        |> put_status(:bad_request)
-      |> put_resp_header("location", ~p"/api/users/#{user}")
+        |> put_resp_header("location", ~p"/api/users")
-      |> render(:show, user: user)
+        |> render(:show, changeset: "Bad request")
     end
   end
 
@@ -40,4 +52,30 @@ defmodule BeetRoundServerWeb.UserController do
   #     send_resp(conn, :no_content, "")
   #   end
   # end
+
+  defp send_created_response(conn, %User{} = user) do
+    encoded_token = Accounts.create_email_token(user)
+
+    conn
+    |> put_status(:created)
+    |> put_resp_header("location", ~p"/api/users/#{user}")
+    |> render(:show, %{user: user, token: encoded_token})
+  end
+
+  defp send_already_reported_response(conn, %User{} = user) do
+    encoded_token = Accounts.create_email_token(user)
+    IO.puts("encoded_token for user: " <> user.email)
+    IO.inspect(encoded_token)
+
+    conn
+    |> put_status(:already_reported)
+    |> render(:show, %{user: user, token: encoded_token})
+  end
+
+  defp send_not_acceptable(conn, changeset) do
+    conn
+    |> put_status(:not_acceptable)
+    |> put_resp_header("location", ~p"/api/users")
+    |> render(:show, changeset: changeset)
+  end
 end

lib/beet_round_server_web/controllers/user_json.ex

@@ -9,16 +9,41 @@ defmodule BeetRoundServerWeb.UserJSON do
   end
 
   @doc """
-  Renders a single user.
+  Renders a single user with token.
   """
+  def show(%{user: user, token: encoded_token}) do
+    %{data: %{email: user.email, id: user.id, token: encoded_token}}
+  end
+
   def show(%{user: user}) do
     %{data: data(user)}
   end
 
+  def show(%{changeset: changeset}) do
+    # When encoded, the changeset returns its errors
+    # as a JSON object. So we just pass it forward.
+    %{errors: Ecto.Changeset.traverse_errors(changeset, &translate_error/1)}
+  end
+
   defp data(%User{} = user) do
     %{
       id: user.id,
       email: user.email
     }
   end
+
+  defp translate_error({msg, opts}) do
+    # You can make use of gettext to translate error messages by
+    # uncommenting and adjusting the following code:
+
+    # if count = opts[:count] do
+    #   Gettext.dngettext(BeetRoundServerWeb.Gettext, "errors", msg, msg, count, opts)
+    # else
+    #   Gettext.dgettext(BeetRoundServerWeb.Gettext, "errors", msg, opts)
+    # end
+
+    Enum.reduce(opts, msg, fn {key, value}, acc ->
+      String.replace(acc, "%{#{key}}", fn _ -> to_string(value) end)
+    end)
+  end
 end

lib/beet_round_server_web/controllers/user_session_controller.ex

@@ -12,6 +12,23 @@ defmodule BeetRoundServerWeb.UserSessionController do
     create(conn, params, "Welcome back!")
   end
 
+  def login(conn, %{"token" => token}) do
+    IO.puts("Login via token:")
+    IO.inspect(token)
+
+    UserAuth.log_out_user_without_redirect(conn)
+
+    if user = Accounts.get_user_by_email_token(token) do
+      conn
+      |> put_flash(:info, "Login successful!")
+      |> UserAuth.log_in_without_creating_cookie(user)
+    else
+      conn
+      |> put_flash(:error, "Invalid token")
+      |> redirect(to: ~p"/")
+    end
+  end
+
   # magic link login
   defp create(conn, %{"user" => %{"token" => token} = user_params}, info) do
     case Accounts.login_user_by_magic_link(token) do

lib/beet_round_server_web/live/bidding_live/form.ex

@@ -21,8 +21,44 @@ defmodule BeetRoundServerWeb.BiddingLive.Form do
       <% else %>
         <.form for={@form} id="bidding-form" phx-change="validate" phx-submit="save">
           <.input field={@form[:amount]} type="number" label="Betrag" />
-          <.input field={@form[:depot_wish_one]} type="text" label="Depot Wunsch 1" />
+          <.input
-          <.input field={@form[:depot_wish_two]} type="text" label="Depot Wunsch 2" />
+            field={@form[:depot_wish_one]}
+            type="select"
+            label="Depot Wunsch 1"
+            options={[
+              {"", ""},
+              {"KlimaWerkStadt (1)", "KlimaWerkStadt"},
+              {"Puramila (2)", "Puramila"},
+              {"Eine Welt Aktion (3)", "Eine Welt Aktion"},
+              {"Hof Buntentor (4)", "Hof Buntentor"},
+              {"Mädchen-Kulturhaus (5)", "Mädchen-Kulturhaus"},
+              {"neues Depot im Viertel (6)", "neues Depot im Viertel"},
+              {"Creative Hub (7)", "Creative Hub"},
+              {"Klimazone (8)", "Klimazone"},
+              {"Garage Walle (9)", "Garage Walle"},
+              {"Hof Riede (A)", "Hof Riede"},
+              {"Thedinghausen (B)", "Thedinghausen"}
+            ]}
+          />
+          <.input
+            field={@form[:depot_wish_two]}
+            type="select"
+            label="Depot Wunsch 2"
+            options={[
+              {"", ""},
+              {"KlimaWerkStadt (1)", "KlimaWerkStadt"},
+              {"Puramila (2)", "Puramila"},
+              {"Eine Welt Aktion (3)", "Eine Welt Aktion"},
+              {"Hof Buntentor (4)", "Hof Buntentor"},
+              {"Mädchen-Kulturhaus (5)", "Mädchen-Kulturhaus"},
+              {"neues Depot im Viertel (6)", "neues Depot im Viertel"},
+              {"Creative Hub (7)", "Creative Hub"},
+              {"Klimazone (8)", "Klimazone"},
+              {"Garage Walle (9)", "Garage Walle"},
+              {"Hof Riede (A)", "Hof Riede"},
+              {"Thedinghausen (B)", "Thedinghausen"}
+            ]}
+          />
           <.input field={@form[:bidding_round]} type="number" readonly hidden />
           <footer>
             <.button phx-disable-with="Bearbeitung..." variant="primary">Gebot abgeben</.button>

lib/beet_round_server_web/router.ex

@@ -88,5 +88,7 @@ defmodule BeetRoundServerWeb.Router do
 
     post "/users/log-in", UserSessionController, :create
     delete "/users/log-out", UserSessionController, :delete
+
+    get "/log_in/:token", UserSessionController, :login
   end
 end

lib/beet_round_server_web/user_auth.ex

@@ -40,6 +40,16 @@ defmodule BeetRoundServerWeb.UserAuth do
     |> redirect(to: user_return_to || signed_in_path(conn))
   end
 
+  def log_in_without_creating_cookie(conn, user) do
+    token = Accounts.generate_user_session_token(user)
+    user_return_to = get_session(conn, :user_return_to)
+
+    conn
+    |> renew_session(user)
+    |> put_token_in_session(token)
+    |> redirect(to: user_return_to || signed_in_path(conn))
+  end
+
   @doc """
   Logs the user out.
 
@@ -59,6 +69,19 @@ defmodule BeetRoundServerWeb.UserAuth do
     |> redirect(to: ~p"/")
   end
 
+  def log_out_user_without_redirect(conn) do
+    user_token = get_session(conn, :user_token)
+    user_token && Accounts.delete_user_session_token(user_token)
+
+    if live_socket_id = get_session(conn, :live_socket_id) do
+      BeetRoundServerWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
+    end
+
+    conn
+    |> renew_session(nil)
+    |> delete_resp_cookie(@remember_me_cookie)
+  end
+
   @doc """
   Authenticates the user by looking into the session and remember me token.
 
@@ -259,7 +282,7 @@ defmodule BeetRoundServerWeb.UserAuth do
   @doc "Returns the path to redirect to after log in."
   # the user was already logged in, redirect to settings
   def signed_in_path(%Plug.Conn{assigns: %{current_scope: %Scope{user: %Accounts.User{}}}}) do
-    ~p"/users/settings"
+    ~p"/biddings"
   end
 
   def signed_in_path(_), do: ~p"/biddings"