Haytni v0.0.1 Haytni.RecoverablePlugin View Source
This plugin allows the user to reset its password if he forgot it. To do so, its email addresse (default) is asked to him then an unique token is generated and send to its mailbox. This mail contains a link to activate where a new password will be requested to override the previous one.
Fields:
- reset_password_token (string, nullable, unique, default:
NULL
): the unique token to reinitialize the password (NULL
if none) - reset_password_sent_at (datetime@utc, nullable, default:
NULL
): when the reinitialization token was generated (alsoNULL
if there is no pending request)
Configuration:
reset_token_length
(default:32
): the length of the generated tokenreset_password_within
(default:{6, :hour}
): the delay before the token expiresreset_password_keys
(default:~W[email]a
): the field(s) to be matched to send a reinitialization token
Routes:
password_path
(actions: new/create, edit/update)
Link to this section Summary
Functions
Extract (early) the user from the HTTP request (http authentification, cookies/session, …)
Check if the user is in a valid state. This callback is intended to let know others plugins if we should reject the login (and why)
This callback is invoked when a user is editing its registration and change its email address.
It is a facility (subset) to avoid you to handle it by yourself via validate_update_registration/1
Invoked when an authentification failed (wrong password). It receives the concerned account and a Keyword to return after updating it if any change have to be done to this user
This callback is invoked when a user (manually) log out. Its purpose is mainly to do some cleanup like removing a cookie
Invoked to accomplish a task right after user’s registration (insert). This callback allows you to do some linked changes to the database, send an email or whatever by appending it to multi
Invoked when an authentification is successful. Like on_failed_authentification/2
, it receives
the current user and a Keyword to return after updating it if you want to bring any change to this
user to the database
Change user’s password from its recovering token
Send instructions to reset user’s password
This callback let you do any kind of change or additionnal validation on the changeset when a user is registering
Same as validate_create_registration
but registration’s edition as logic between the two
may be completely different
Link to this section Functions
Extract (early) the user from the HTTP request (http authentification, cookies/session, …).
Returns a tuple of the form {conn, user}
with user being nil
if no user could be found at
this early stage.
Callback implementation for Haytni.Plugin.find_user/1
.
Check if the user is in a valid state. This callback is intended to let know others plugins if we should reject the login (and why).
Returns false
if the user is allowed to login else {:error, reason}
where reason is a string,
an informative to be directly served to the end user.
For example, you may want to have some kind of ban plugin. This is the way to decline the login:
def invalid?(%{banned: true}), do: {:error, :banned} # or: {:error, dgettext("myapp", "you're banned")}
def invalid?(%{banned: _}), do: false
Callback implementation for Haytni.Plugin.invalid?/1
.
This callback is invoked when a user is editing its registration and change its email address.
It is a facility (subset) to avoid you to handle it by yourself via validate_update_registration/1
.
It returns a tuple of {Ecto.Multi, Ecto.Changeset}
, same as its arguments, to permit to the
callback to add any operation to multi or change to changeset.
This callback is called before updating the user but the actions added to multi will be run after its update.
Callback implementation for Haytni.Plugin.on_email_change/2
.
Invoked when an authentification failed (wrong password). It receives the concerned account and a Keyword to return after updating it if any change have to be done to this user.
For example, you can use it as follows to count the number of failed attempts to login:
def on_failed_authentification(user = %_{}, keyword) do
Keyword.put(keyword, :failed_attempts, user.failed_attempts + 1)
end
Note: we choose to use and pass keyword as an accumulator to let the possibility to plugins
to deal themselves on a conflict (several different plugins which want to alter a same field).
Even if Keyword
allows a same key to be defined several times, you’ll probably don’t want it
to happen as the last defined value for a given key will (silently) override the others.
Callback implementation for Haytni.Plugin.on_failed_authentification/2
.
This callback is invoked when a user (manually) log out. Its purpose is mainly to do some cleanup like removing a cookie.
Callback implementation for Haytni.Plugin.on_logout/1
.
Invoked to accomplish a task right after user’s registration (insert). This callback allows you to do some linked changes to the database, send an email or whatever by appending it to multi.
Remember to comply to Ecto.Multi
functions. In particular Ecto.Multi.run
: the function
called by it have to return {:ok, your value}
or {:error, your value}
. Also note that
the inserted user will be passed to the function called by Ecto.Multi.run
as the :user
key to the map received by the last one as its (only) argument.
The following example illustrate how to send a welcome mail:
def on_registration(multi = %Ecto.Multi{}) do
multi
|> Ecto.Multi.run(:send_welcome_email, fn %{user: user} ->
send_welcome_email_to(user)
{:ok, :success}
end)
end
Callback implementation for Haytni.Plugin.on_registration/1
.
Invoked when an authentification is successful. Like on_failed_authentification/2
, it receives
the current user and a Keyword to return after updating it if you want to bring any change to this
user to the database.
To continue our example with a failed attempts counter, on a successful authentification it may be a good idea to reset it in this scenario:
def on_successful_authentification(conn = %Plug.Conn{}, user = %_{}, keywords) do
{conn, user, Keyword.put(keywords, :failed_attempts, 0)}
end
Callback implementation for Haytni.Plugin.on_successful_authentification/3
.
Change user’s password from its recovering token.
Returns {:error, reason}
if the token doesn’t exist or has expired else the user.
Also raises if user couldn’t be updated.
send_reset_password_instructions(request :: Haytni.Recoverable.ResetRequest.t()) :: {:ok, struct()} | {:error, :no_match}
Send instructions to reset user’s password.
Returns {:error, :no_match}
if there is no account matching reset_password_keys
else {:ok, user}
.
Raises if user couldn’t be updated.
This callback let you do any kind of change or additionnal validation on the changeset when a user is registering.
Callback implementation for Haytni.Plugin.validate_create_registration/1
.
Same as validate_create_registration
but registration’s edition as logic between the two
may be completely different.
Callback implementation for Haytni.Plugin.validate_update_registration/1
.