-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'user-change' into elm-console
- Loading branch information
Showing
12 changed files
with
178 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
defmodule Stackfooter.Repo.Migrations.CreateUser do | ||
use Ecto.Migration | ||
|
||
def change do | ||
create table(:users) do | ||
add :username, :string | ||
add :password_hash, :string | ||
add :api_keys, {:array, :string} | ||
|
||
timestamps | ||
end | ||
|
||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
defmodule Stackfooter.UserTest do | ||
use Stackfooter.ModelCase | ||
|
||
alias Stackfooter.User | ||
|
||
@valid_attrs %{api_keys: ["some content"], password_hash: "some content", username: "some content"} | ||
@invalid_attrs %{} | ||
|
||
test "changeset with valid attributes" do | ||
changeset = User.changeset(%User{}, @valid_attrs) | ||
assert changeset.valid? | ||
end | ||
|
||
test "changeset with invalid attributes" do | ||
changeset = User.changeset(%User{}, @invalid_attrs) | ||
refute changeset.valid? | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,10 @@ | ||
defmodule Stackfooter.ConsoleController do | ||
use Stackfooter.Web, :controller | ||
|
||
plug :authenticate_user | ||
|
||
def index(conn, _params) do | ||
render conn, "index.html", api_key: "1234567" | ||
key = conn.assigns.current_user.api_keys |> List.first | ||
render conn, "index.html", api_key: key | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
defmodule Stackfooter.SessionController do | ||
use Stackfooter.Web, :controller | ||
|
||
def new(conn, _) do | ||
render conn, "new.html" | ||
end | ||
|
||
def create(conn, %{"session" => %{"username" => user, "password" => pass}}) do | ||
case Stackfooter.UserAuth.login_by_username_and_pass(conn, user, pass, repo: Repo) do | ||
{:ok, conn} -> | ||
conn | ||
|> redirect(to: console_path(conn, :index)) | ||
{:error, _reason, conn} -> | ||
conn | ||
|> put_flash(:error, "Invalid username or password") | ||
|> render("new.html") | ||
end | ||
end | ||
|
||
def delete(conn, _) do | ||
conn | ||
|> Stackfooter.UserAuth.logout() | ||
|> redirect(to: session_path(conn, :new)) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
defmodule Stackfooter.User do | ||
use Stackfooter.Web, :model | ||
|
||
schema "users" do | ||
field :username, :string | ||
field :password_hash, :string | ||
field :password, :string, virtual: true | ||
field :api_keys, {:array, :string} | ||
|
||
timestamps | ||
end | ||
|
||
@required_fields ~w(username password api_keys) | ||
@optional_fields ~w() | ||
|
||
@doc """ | ||
Creates a changeset based on the `model` and `params`. | ||
If no params are provided, an invalid changeset is returned | ||
with no validation performed. | ||
""" | ||
def changeset(model, params \\ :empty) do | ||
model | ||
|> cast(params, @required_fields, @optional_fields) | ||
|> put_pass_hash() | ||
end | ||
|
||
defp put_pass_hash(changeset) do | ||
case changeset do | ||
%Ecto.Changeset{valid?: true, changes: %{password: pass}} -> | ||
put_change(changeset, :password_hash, Comeonin.Bcrypt.hashpwsalt(pass)) | ||
_ -> | ||
changeset | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
defmodule Stackfooter.UserAuth do | ||
import Plug.Conn | ||
import Comeonin.Bcrypt, only: [checkpw: 2, dummy_checkpw: 0] | ||
import Phoenix.Controller | ||
alias Stackfooter.Router.Helpers | ||
|
||
def init(opts) do | ||
Keyword.fetch!(opts, :repo) | ||
end | ||
|
||
def call(conn, repo) do | ||
user_id = get_session(conn, :user_id) | ||
|
||
cond do | ||
user = conn.assigns[:current_user] -> | ||
conn | ||
user = user_id && repo.get(Stackfooter.User, user_id) -> | ||
assign(conn, :current_user, user) | ||
true -> | ||
assign(conn, :current_user, nil) | ||
end | ||
end | ||
|
||
def authenticate_user(conn, _opts) do | ||
if conn.assigns.current_user do | ||
conn | ||
else | ||
conn | ||
|> put_flash(:error, "You must be logged in to access that page") | ||
|> redirect(to: Helpers.session_path(conn, :new)) | ||
|> halt() | ||
end | ||
end | ||
|
||
def login_by_username_and_pass(conn, username, given_pass, opts) do | ||
repo = Keyword.fetch!(opts, :repo) | ||
user = repo.get_by(Stackfooter.User, username: username) | ||
|
||
cond do | ||
user && checkpw(given_pass, user.password_hash) -> | ||
{:ok, login(conn, user)} | ||
user -> | ||
{:error, :unauthorized, conn} | ||
true -> | ||
dummy_checkpw() | ||
{:error, :not_found, conn} | ||
end | ||
end | ||
|
||
def login(conn, user) do | ||
conn | ||
|> assign(:current_user, user) | ||
|> put_session(:user_id, user.id) | ||
|> configure_session(renew: true) | ||
end | ||
|
||
def logout(conn) do | ||
configure_session(conn, drop: true) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<h1>Login</h1> | ||
|
||
<%= form_for @conn, session_path(@conn, :create), [as: :session], fn f -> %> | ||
<div class="form-group"> | ||
<%= text_input f, :username, placeholder: "username", class: "form-control" %> | ||
</div> | ||
<div class="form-group"> | ||
<%= password_input f, :password, placeholder: "password", class: "form-control" %> | ||
</div> | ||
<%= submit "Log in", class: "btn btn-primary" %> | ||
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
defmodule Stackfooter.SessionView do | ||
use Stackfooter.Web, :view | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters