A simple, secure, and highly configurable Elixir identity [username | email | id | etc.]/password authentication module to use with Ecto.
Switch branches/tags
Nothing to show
Clone or download

README.md

Aeacus - The holder of keys

A simple, secure, and highly configurable Elixir identity [username | email | id | etc.]/password authentication module to use with Map compatible data structures (ex.Ecto).

Build Status Hex.pm Hex.pm Github Issues Pending Pull-Requests

Description

Aeacus only performs authentication, making it well suited for integration with session storage, or a token system; like Guardian or Phoenix Tokens. For convenience, authenticate/2 & authenticate_resource/3 are delegated from Aeacus (Aeacus.authenticate(...)).

Aeacus.hashpwsalt/1 delegates to the underlying crypto system to salt and hash a password.

Dependencies

Ecto is required only if you wish to use Aeacus.authenticate/2; if using Aeacus.authenticate_resource/3 Ecto is not required.

Requirements

Aeacus requires that you have a Map compatible data structure (ex. Ecto Model) that has a UNIQUE(identity_field) and password_field. These fields can be configured to easily match your schema, whether it be username, email, or pass, password, hash, hashed_password, etc. Of course, the passwords must be stored using the same crypto system as Aeacus; The password should be salted and hashed, plaintext is heavily discouraged. See the tests for examples.

Config

You must set the :repo and :model for Aeacus. The other options have sane defaults.

config :aeacus, Aeacus,
  repo: MyApp.Repo,
  model: MyApp.User,
  # Optional, The following are the default options
  crypto: Comeonin.Pbkdf2,
  identity_field: :email,
  password_field: :hashed_password,
  error_message: "Invalid identity or password."

Example Session Controller

Aeacus.authenticate expects a Map with keys :identity, and :password. Alternatively, Aeacus.authenticate_resource can be used if a resource is already loaded.

defmodule MyApp.SessionController do
  def create(conn, params) do
    case Aeacus.authenticate %{identity: params[:email], password: params[:pass]} do
      {:ok, user} -> CreateTokenOrCookie
      {:error, message} -> DisplayAuthenticationScreenAgain
    end
  end
end