Coherence v0.5.2 Coherence.SessionController

Handle the authentication actions.

Link to this section Summary

Link to this section Types

Link to this type conn()
conn() :: Plug.Conn.t()
Link to this type params()
params() :: Map.t()
Link to this type schema()
schema() :: Ecto.Schema.t()

Link to this section Functions

Link to this function create(conn, params)
create(conn(), params()) :: conn()

Login the user.

Find the user based on the login_field. Hash the given password and verify it matches the value stored in the database. Login proceeds only if the following other conditions are satisfied:

  • Confirmation is enabled and the user has been confirmed.
  • Lockable is enabled and the user is not locked.

If the Trackable option is enabled, the trackable fields are update.

If the provided password is not correct, and the lockable option is enabled check to see if the maximum login attempts threshold is exceeded. If so, lock the account.

If the rememberable option is enabled, create a new series and rememberable token, create a new cookie and update the database.

Link to this function delete(conn, params)
delete(conn(), params()) :: conn()

Logout the user.

Delete the user’s session, track the logout and delete the rememberable cookie.

Link to this function get_login_cookie(conn)
get_login_cookie(conn()) :: String.t()

Retrieve the login cookie.

Link to this function get_rememberables(id)
get_rememberables(integer()) :: [schema()]

Fetch a rememberable database record.

Link to this function new(conn, params)
new(conn(), params()) :: conn()

Render the login form.

Link to this function put_flash_inactive_user(conn)
Link to this function rememberable_callback(conn, id, series, token, opts)
rememberable_callback(conn(), integer(), String.t(), String.t(), Keyword.t()) ::
  conn()

Callback for the authenticate plug.

Validate the rememberable cookie. If valid, generate a new token, keep the same series number. Update the rememberable database with the new token. Save the new cookie.

Link to this function reset_failed_attempts(conn, user, arg3)
reset_failed_attempts(conn(), Ecto.Schema.t(), boolean()) :: conn()
Link to this function save_login_cookie(conn, id, series, token, opts \\ [])
save_login_cookie(conn(), Integer.t(), String.t(), String.t(), Keyword.t()) ::
  conn()

Save the login cookie.

Link to this function validate_login(user_id, series, token)
validate_login(integer(), String.t(), String.t()) ::
  {:ok, schema()} | {:error, atom()}

Validate the login cookie.

Check the following conditions:

  • a record exists for the user, the series, but a different token

    • assume a fraud case
    • remove the rememberable cookie and delete the session
  • a record exists for the user, the series, and the token

    • a valid remembered user
  • otherwise, this is an unknown user.