View Source AshAuthentication.Strategy.Password.PasswordValidation (ash_authentication v4.2.5)

A convenience validation that checks that the password argument against the hashed password stored in the record.

You can use this validation in your changes where you want the user to enter their current password before being allowed to make a change (eg in a password change flow).

Options:

You can provide these options either in the DSL options, or in the changeset context.

  • strategy_name - the name of the authentication strategy to use. Required.
  • password_argument - the name of the argument to check for the current password. If missing this will default to the password_field value configured on the strategy.

Examples

defmodule MyApp.Accounts.User do
  # ...

  actions do
    update :change_password do
      accept []
      argument :current_password, :string, sensitive?: true, allow_nil?: false
      argument :password, :string, sensitive?: true, allow_nil?: false
      argument :password_confirmation, :string, sensitive?: true, allow_nil?: false

      validate confirm(:password, :password_confirmation)
      validate {AshAuthentication.Strategy.Password.PasswordValidation, strategy_name: :password, password_argument: :current_password}

      change {AshAuthentication.Strategy.Password.HashPasswordChange, strategy_name: :password}
    end
  end

  # ...
end