Sigra.Plug.RequireMFAEnrolled (Sigra v0.2.2)

Copy Markdown View Source

Plug that requires the current user to have MFA enrolled.

Redirects unenrolled users to the MFA enrollment page. Used for routes that require MFA as a policy (e.g., admin routes).

Options

  • :enrollment_path - Path to MFA enrollment. Default: "/users/settings".
  • :mfa_check_fn - Function (user -> boolean) to check MFA enrollment. Required. Typically &Sigra.MFA.enabled?(&1, config).

Example

plug Sigra.Plug.RequireMFAEnrolled,
  enrollment_path: "/users/settings",
  mfa_check_fn: &MyApp.Auth.mfa_enabled?/1

Summary

Functions

call(conn, opts)

Check MFA enrollment and redirect if user is not enrolled.

init(opts)

Initialize the plug with the given options.

Functions

call(conn, opts)

(since 0.6.0)

Check MFA enrollment and redirect if user is not enrolled.

Reads conn.assigns[:current_scope] for the current user, then calls the configured :mfa_check_fn. If the function returns false (or user is nil), redirects to :enrollment_path with a flash message and halts.

init(opts)

(since 0.6.0)

Initialize the plug with the given options.