AuthN v0.2.0 AuthZ.AuthorizationPlugMixin behaviour View Source

Allows to create a plug enforcing authorization for protected routes.

A user-defined module must use this module, making the user module a plug, and implement the handle_authorization/3 and handle_authentication_error/2 behaviours. The handle_authorization/3 and handle_authentication_error/2 callbacks receive a Plug.Conn struct and an atom identifying the set of routes that require authorization, and must return a Plug.Conn struct; handle_authorization/3 additionally receives the logged in user.

Example:

  defmodule MyAppWeb.Plugs.EnsureAuthorized do
    use AuthZ.AuthorizationPlugMixin

    import Plug.Conn
    import Phoenix.Controller

    alias MyApp.Accounts.User

    def handle_authentication_error(conn, :admin_routes),
      do: conn |> put_status(401) |> text("unauthenticated") |> halt()

    def handle_authorization(conn, %User{type: "admin"}, :admin_routes),
      do: conn

    def handle_authorization(conn, _, _),
      do: conn |> put_status(403) |> text("unauthorized") |> halt()
  end

EnsureAuthorized is now a plug which can be used in the router:

  pipeline :ensure_admin_routes_authorized do
    plug MyAppWeb.Plugs.EnsureAuthorized,
      resource: :admin_routes
  end

  scope "/admin", MyAppWeb, as: :admin do
    pipe_through [:browser, :ensure_admin_routes_authorized]
    # code
  end

Link to this section Summary

Link to this section Callbacks

Link to this callback

handle_authentication_error(arg1, atom)

View Source
handle_authentication_error(Plug.Conn.t(), atom()) :: Plug.Conn.t()
Link to this callback

handle_authorization(arg1, term, atom)

View Source
handle_authorization(Plug.Conn.t(), term(), atom()) :: Plug.Conn.t()