Authentication helpers for Dialup applications.
Dialup separates two session concepts:
dialup_session— connection ID forUserSessionProcess(anonymous until enriched)_dialup_user_token— opaque auth token resolved tocurrent_user
Configure an accounts module on the app or plug:
use Dialup,
auth_accounts: MyApp.Accounts
plugs: [{Dialup.Auth.Plug, accounts: MyApp.Accounts}]
Summary
Functions
Returns the configured accounts module for an app, if any.
Merges auth context into an existing session map.
Returns cookie options aligned with the app's :secure_cookies setting.
Cookie name for CSRF double-submit.
Returns a CSRF token for forms, setting the cookie when needed.
Resolves the current user from conn assigns (set by Dialup.Auth.Plug).
Fetches the current user from assigns or cookies.
Seeds layout session with current_user before layout.mount runs.
Logs a user in by issuing the auth cookie and rotating dialup_session.
Logs a user out, clearing the auth cookie and rotating dialup_session.
Projects a user for Dialup session / agent_state (no secrets).
Halts with a redirect when no user is present.
Resolves the current user from plug assigns or cookies.
Rotates the anonymous connection session cookie (session fixation mitigation).
Returns a same-origin relative path or / when the target is unsafe.
Returns the opaque auth session token from a connection's cookies.
Returns the opaque auth session token from cookies, if present.
Resolves a user from request cookies using the accounts module.
Cookie name for the opaque user session token.
Validates a CSRF token from form params against the cookie.
Functions
Returns the configured accounts module for an app, if any.
Merges auth context into an existing session map.
@spec cookie_opts(Plug.Conn.t()) :: keyword()
Returns cookie options aligned with the app's :secure_cookies setting.
Cookie name for CSRF double-submit.
@spec csrf_token(Plug.Conn.t()) :: {Plug.Conn.t(), binary()}
Returns a CSRF token for forms, setting the cookie when needed.
@spec current_user(Plug.Conn.t()) :: map() | struct() | nil
Resolves the current user from conn assigns (set by Dialup.Auth.Plug).
@spec fetch_current_user(Plug.Conn.t(), module()) :: {Plug.Conn.t(), map() | struct() | nil}
Fetches the current user from assigns or cookies.
Seeds layout session with current_user before layout.mount runs.
@spec log_in_user(Plug.Conn.t(), map() | struct(), module()) :: Plug.Conn.t()
Logs a user in by issuing the auth cookie and rotating dialup_session.
@spec log_out_user(Plug.Conn.t(), module()) :: Plug.Conn.t()
Logs a user out, clearing the auth cookie and rotating dialup_session.
Projects a user for Dialup session / agent_state (no secrets).
@spec require_authenticated_user(Plug.Conn.t(), binary()) :: Plug.Conn.t()
Halts with a redirect when no user is present.
@spec resolve_conn_user(Plug.Conn.t(), atom()) :: map() | struct() | nil
Resolves the current user from plug assigns or cookies.
Matches HTTP page rendering: prefers dialup_current_user from Dialup.Auth.Plug,
then falls back to cookie resolution when auth_accounts is configured.
@spec rotate_dialup_session(Plug.Conn.t()) :: Plug.Conn.t()
Rotates the anonymous connection session cookie (session fixation mitigation).
Returns a same-origin relative path or / when the target is unsafe.
@spec session_token(Plug.Conn.t()) :: binary() | nil
Returns the opaque auth session token from a connection's cookies.
Returns the opaque auth session token from cookies, if present.
Resolves a user from request cookies using the accounts module.
Cookie name for the opaque user session token.
@spec valid_csrf?(Plug.Conn.t(), map()) :: boolean()
Validates a CSRF token from form params against the cookie.