Haytni v0.0.1 Haytni.RecoverablePlugin View Source

This plugin allows the user to reset its password if he forgot it. To do so, its email addresse (default) is asked to him then an unique token is generated and send to its mailbox. This mail contains a link to activate where a new password will be requested to override the previous one.

Fields:

  • reset_password_token (string, nullable, unique, default: NULL): the unique token to reinitialize the password (NULL if none)
  • reset_password_sent_at (datetime@utc, nullable, default: NULL): when the reinitialization token was generated (also NULL if there is no pending request)

Configuration:

  • reset_token_length (default: 32): the length of the generated token
  • reset_password_within (default: {6, :hour}): the delay before the token expires
  • reset_password_keys (default: ~W[email]a): the field(s) to be matched to send a reinitialization token

Routes:

  • password_path (actions: new/create, edit/update)

Link to this section Summary

Functions

Extract (early) the user from the HTTP request (http authentification, cookies/session, …)

Check if the user is in a valid state. This callback is intended to let know others plugins if we should reject the login (and why)

This callback is invoked when a user is editing its registration and change its email address. It is a facility (subset) to avoid you to handle it by yourself via validate_update_registration/1

Invoked when an authentification failed (wrong password). It receives the concerned account and a Keyword to return after updating it if any change have to be done to this user

This callback is invoked when a user (manually) log out. Its purpose is mainly to do some cleanup like removing a cookie

Invoked to accomplish a task right after user’s registration (insert). This callback allows you to do some linked changes to the database, send an email or whatever by appending it to multi

Invoked when an authentification is successful. Like on_failed_authentification/2, it receives the current user and a Keyword to return after updating it if you want to bring any change to this user to the database

Change user’s password from its recovering token

Send instructions to reset user’s password

This callback let you do any kind of change or additionnal validation on the changeset when a user is registering

Same as validate_create_registration but registration’s edition as logic between the two may be completely different

Link to this section Functions

Extract (early) the user from the HTTP request (http authentification, cookies/session, …).

Returns a tuple of the form {conn, user} with user being nil if no user could be found at this early stage.

Callback implementation for Haytni.Plugin.find_user/1.

Check if the user is in a valid state. This callback is intended to let know others plugins if we should reject the login (and why).

Returns false if the user is allowed to login else {:error, reason} where reason is a string, an informative to be directly served to the end user.

For example, you may want to have some kind of ban plugin. This is the way to decline the login:

def invalid?(%{banned: true}), do: {:error, :banned} # or: {:error, dgettext("myapp", "you're banned")}
def invalid?(%{banned: _}), do: false

Callback implementation for Haytni.Plugin.invalid?/1.

Link to this function on_email_change(multi, changeset) View Source

This callback is invoked when a user is editing its registration and change its email address. It is a facility (subset) to avoid you to handle it by yourself via validate_update_registration/1.

It returns a tuple of {Ecto.Multi, Ecto.Changeset}, same as its arguments, to permit to the callback to add any operation to multi or change to changeset.

This callback is called before updating the user but the actions added to multi will be run after its update.

Callback implementation for Haytni.Plugin.on_email_change/2.

Link to this function on_failed_authentification(user, keywords) View Source

Invoked when an authentification failed (wrong password). It receives the concerned account and a Keyword to return after updating it if any change have to be done to this user.

For example, you can use it as follows to count the number of failed attempts to login:

def on_failed_authentification(user = %_{}, keyword) do
  Keyword.put(keyword, :failed_attempts, user.failed_attempts + 1)
end

Note: we choose to use and pass keyword as an accumulator to let the possibility to plugins to deal themselves on a conflict (several different plugins which want to alter a same field). Even if Keyword allows a same key to be defined several times, you’ll probably don’t want it to happen as the last defined value for a given key will (silently) override the others.

Callback implementation for Haytni.Plugin.on_failed_authentification/2.

This callback is invoked when a user (manually) log out. Its purpose is mainly to do some cleanup like removing a cookie.

Callback implementation for Haytni.Plugin.on_logout/1.

Invoked to accomplish a task right after user’s registration (insert). This callback allows you to do some linked changes to the database, send an email or whatever by appending it to multi.

Remember to comply to Ecto.Multi functions. In particular Ecto.Multi.run: the function called by it have to return {:ok, your value} or {:error, your value}. Also note that the inserted user will be passed to the function called by Ecto.Multi.run as the :user key to the map received by the last one as its (only) argument.

The following example illustrate how to send a welcome mail:

def on_registration(multi = %Ecto.Multi{}) do
  multi
  |> Ecto.Multi.run(:send_welcome_email, fn %{user: user} ->
    send_welcome_email_to(user)
    {:ok, :success}
  end)
end

Callback implementation for Haytni.Plugin.on_registration/1.

Link to this function on_successful_authentification(conn, user, keywords) View Source

Invoked when an authentification is successful. Like on_failed_authentification/2, it receives the current user and a Keyword to return after updating it if you want to bring any change to this user to the database.

To continue our example with a failed attempts counter, on a successful authentification it may be a good idea to reset it in this scenario:

def on_successful_authentification(conn = %Plug.Conn{}, user = %_{}, keywords) do
  {conn, user, Keyword.put(keywords, :failed_attempts, 0)}
end

Callback implementation for Haytni.Plugin.on_successful_authentification/3.

Link to this function recover(token, new_password) View Source
recover(token :: String.t(), new_password :: String.t()) ::
  struct() | {:error, String.t()} | no_return()

Change user’s password from its recovering token.

Returns {:error, reason} if the token doesn’t exist or has expired else the user.

Also raises if user couldn’t be updated.

Link to this function reset_password_keys(default \\ ~W"email"a) View Source
Link to this function reset_password_within(default \\ {6, :hour}) View Source
Link to this function reset_token_length(default \\ 32) View Source
Link to this function send_reset_password_instructions(request) View Source
send_reset_password_instructions(request :: Haytni.Recoverable.ResetRequest.t()) ::
  {:ok, struct()} | {:error, :no_match}

Send instructions to reset user’s password.

Returns {:error, :no_match} if there is no account matching reset_password_keys else {:ok, user}.

Raises if user couldn’t be updated.

Link to this function validate_create_registration(changeset) View Source

This callback let you do any kind of change or additionnal validation on the changeset when a user is registering.

Callback implementation for Haytni.Plugin.validate_create_registration/1.

Link to this function validate_update_registration(changeset) View Source

Same as validate_create_registration but registration’s edition as logic between the two may be completely different.

Callback implementation for Haytni.Plugin.validate_update_registration/1.