Coherence v0.1.3 Coherence.SessionController

Handle the authentication actions.

Summary

Functions

Helper to check if a user has been confirmed

Login the user

Logout the user

Retrieve the login cookie

Fetch a rememberable database record

Call back for the authentication plug

Render the login form

Callback for the authenticate plug

Validate the login cookie

Functions

confirmed?(user)

Helper to check if a user has been confirmed.

create(conn, params)

Login the user.

Find the user based on the login_field. Hash the given password and verify it matches the value stored in the database. Login proceeds only if the following other conditions are satisfied:

  • Confirmation is enabled and the user has been confirmed.
  • Lockable is enabled and the user is not locked.

If the Trackable option is enabled, the trackable fields are update.

If the provided password is not correct, and the lockable option is enabled check to see if the maximum login attempts threshold is exceeded. If so, lock the account.

If the rememberable option is enabled, create a new series and rememberable token, create a new cookie and update the database.

delete(conn, params)

Logout the user.

Delete the user’s session, track the logout and delete the rememberable cookie.

delete_rememberable(conn, map)
get_login_cookie(conn)

Retrieve the login cookie.

get_rememberables(id)

Fetch a rememberable database record.

login_callback(conn)

Call back for the authentication plug.

Render the login form.

new(conn, params)

Render the login form.

remberable_callback(conn, id, series, token, opts)

Callback for the authenticate plug.

Validate the rememberable cookie. If valid, generate a new token, keep the same series number. Update the rememberable database with the new token. Save the new cookie.

reset_failed_attempts(conn, user, arg3)
save_login_cookie(conn, id, series, token, key \\ "coherence_login", expire \\ 2 * 24 * 60 * 60)

Save the login cookie.

validate_login(user_id, series, token)

Validate the login cookie.

Check the following conditions:

  • a record exists for the user, the series, but a different token
  • assume a fraud case
  • remove the rememberable cookie and delete the session
  • a record exists for the user, the series, and the token
  • a valid remembered user
  • otherwise, this is an unknown user.