Coherence.SessionController (Coherence v0.8.0)
Handle the authentication actions.
Module used for the session controller when the parent project does not
generate controllers. Most of the work is done by the
Coherence.SessionControllerBase inclusion.
Summary
Functions
Check if the user is confirmed.
Login the user.
Logout the user.
Retrieve the login cookie.
Get the user from the database.
Fetch a rememberable database record.
Render the login form.
Callback for the authenticate plug.
Save the login cookie.
Validate a user' login.
Validate the login cookie.
Types
conn()
@type conn() :: Plug.Conn.t()
params()
@type params() :: map()
schema()
@type schema() :: Ecto.Schema.t()
Functions
confirmed_access?(user)
Check if the user is confirmed.
create(conn, params)
Login the user.
Find the user based on the login_field. Hash the given password and verify it matches the value stored in the database. Login proceeds only if the following other conditions are satisfied:
- Confirmation is enabled and the user has been confirmed.
- Lockable is enabled and the user is not locked.
If the Trackable option is enabled, the trackable fields are update.
If the provided password is not correct, and the lockable option is enabled check to see if the maximum login attempts threshold is exceeded. If so, lock the account.
If the rememberable option is enabled, create a new series and rememberable token, create a new cookie and update the database.
delete(conn, params)
Logout the user.
Delete the user's session, track the logout and delete the rememberable cookie.
delete_expired_tokens!(repo)
do_lockable(conn, login_field, opts, bool)
do_valid_login(user, conn, params, opts)
failed_login(conn, user, arg3)
gen_cookie(user_id, series, token)
get_invalid_login!(repo, user_id, series, token)
get_login_cookie(conn)
Retrieve the login cookie.
get_login_user(login_field, login, params)
Get the user from the database.
get_rememberables(id)
Fetch a rememberable database record.
get_valid_login!(repo, user_id, series, token)
hash(value)
new(conn, params)
Render the login form.
put_flash_inactive_user(conn)
rememberable_callback(conn, id, series, token, opts)
Callback for the authenticate plug.
Validate the rememberable cookie. If valid, generate a new token, keep the same series number. Update the rememberable database with the new token. Save the new cookie.
reset_failed_attempts(conn, user, arg3)
@spec reset_failed_attempts(conn(), Ecto.Schema.t(), boolean()) :: conn()
save_login_cookie(conn, id, series, token, opts \\ [])
Save the login cookie.
save_rememberable(conn, user, none)
schema(which)
track_login(conn, user, trackable?, trackable_table?)
user_active?(user)
valid_user_login?(user, arg2)
Validate a user' login.
validate_login(user_id, series, token)
Validate the login cookie.
Check the following conditions:
- a record exists for the user, the series, but a different token
- assume a fraud case
- remove the rememberable cookie and delete the session
- a record exists for the user, the series, and the token
- a valid remembered user
- otherwise, this is an unknown user.