AuthWeb.AuthController (auth v1.6.6)

Defines AuthController and all functions for authenticaiton

Link to this section Summary

Functions

get_client_secret_from_state/1 gets the client_id from state, attempts to decode_decrypt it and then look it up in apikeys if it finds the corresponding client_secret it returns the client_secret. All other failure conditions return a 0 (zero) which results in a 401.

github_auth/2 handles the callback from GitHub Auth API redirect.

google_handler/2 handles the callback from Google Auth API redirect.

handler/3 responds to successful auth requests. if the state is defined, redirect to it.

login_register_handler/2 is a hybrid of traditional registration and login. If the person has already registered, we treat it as a login attempt and present them with a password field/form to complete. If the person does not exist (or has not yet verified their email address), we show them a welcome screen informing them that a verification email was sent to their address. When they click it they will see a password (reset) form where they can define a new password for their account.

logout/2 logs the person out of their session and destroys cookie.

make_verify_link/3 creates a verfication link that gets included in the email we send to people to verify their email address. The person.id is encrypted and base58 encoded to avoid anyone verifying a different person's email. (not that anyone would do that, right? ;-) We include the original state (HTTP referer) so that the request can be redirected back to the desired page on successful verification.

password_create/2 is called when a new person is registering with email and is defining a password for the first time. Note: at present we are not enforcing any rules for password strength/length. Thinking of doing these checks as progressive enhancement in Browser. see

password_prompt/2 handles all requests to verify a password for a person. If the pasword is verified (using Argon2.verify_pass), redirect to their desired page. If the password is invalid reset & re-render the form.

redirect_or_render/3 does what it's name suggests, redirects if the state (HTTP referer) is defined or renders the default :welcome template. If the auth_client_id is undefined or invalid, render the unauthorized/1 401.

Link to this section Functions

Link to this function

add_jwt_url_param(person, sid, state, client_secret)

Link to this function

admin(conn, params)

Link to this function

append_client_id(referer, client_id)

Link to this function

client_id_valid?(client_id, conn)

Link to this function

error(conn, msg, status)

Link to this function

get_app_id(state)

Link to this function

get_client_id_from_state(state)

Link to this function

get_client_secret(client_id, state)

Link to this function

get_client_secret_from_state(state)

get_client_secret_from_state/1 gets the client_id from state, attempts to decode_decrypt it and then look it up in apikeys if it finds the corresponding client_secret it returns the client_secret. All other failure conditions return a 0 (zero) which results in a 401.

Link to this function

get_referer(conn)

Link to this function

github_handler(conn, map)

github_auth/2 handles the callback from GitHub Auth API redirect.

Link to this function

google_handler(conn, map)

google_handler/2 handles the callback from Google Auth API redirect.

Link to this function

handler(conn, person, state)

handler/3 responds to successful auth requests. if the state is defined, redirect to it.

Link to this function

index(conn, params)

Link to this function

login_register_handler(conn, params)

login_register_handler/2 is a hybrid of traditional registration and login. If the person has already registered, we treat it as a login attempt and present them with a password field/form to complete. If the person does not exist (or has not yet verified their email address), we show them a welcome screen informing them that a verification email was sent to their address. When they click it they will see a password (reset) form where they can define a new password for their account.

Link to this function

logout(conn, params)

logout/2 logs the person out of their session and destroys cookie.

Link to this function

make_verify_link(conn, person, state)

make_verify_link/3 creates a verfication link that gets included in the email we send to people to verify their email address. The person.id is encrypted and base58 encoded to avoid anyone verifying a different person's email. (not that anyone would do that, right? ;-) We include the original state (HTTP referer) so that the request can be redirected back to the desired page on successful verification.

Link to this function

not_found(conn, msg)

Link to this function

password_create(conn, params)

password_create/2 is called when a new person is registering with email and is defining a password for the first time. Note: at present we are not enforcing any rules for password strength/length. Thinking of doing these checks as progressive enhancement in Browser. see:

Link to this function

password_prompt(conn, params)

password_prompt/2 handles all requests to verify a password for a person. If the pasword is verified (using Argon2.verify_pass), redirect to their desired page. If the password is invalid reset & re-render the form.

Link to this function

redirect_or_render(conn, person, state)

redirect_or_render/3 does what it's name suggests, redirects if the state (HTTP referer) is defined or renders the default :welcome template. If the auth_client_id is undefined or invalid, render the unauthorized/1 401.

Link to this function

render_login_buttons(conn, params)

Link to this function

render_password_form(conn, email, message, state, template)

Link to this function

session_data(person, sid)

Link to this function

unauthorized(conn, msg \\ "invalid AUTH_API_KEY/client_id please check")

Link to this function

verify_email(conn, params)