guardian_backdoor v1.1.0

Guardian.Plug.Backdoor (guardian_backdoor v1.1.0)

This plug allows you to bypass authentication in acceptance tests by passing the token needed to load the current resource directly to your Guardian module via a query string parameter.

Installation

Add the following to your Phoenix router before other Guardian plugs.

if Mix.env() == :test do
  plug Guardian.Plug.Backdoor, module: MyApp.Guardian
end
plug Guardian.Plug.VerifySession

NOTE: This plug is designed for acceptance testing and should never be added to a production environment.

Usage

Now that Guardian.Plug.Backdoor is installed, it's time to sign in. Pass your claims as claims in the query string of your route.

conn = get(conn, "/", claims: %{sub: "User:1"})

resource = MyApp.Guardian.Plug.current_resource(conn)
%{"sub" => "User:1"} = MyApp.Guardian.Plug.current_claims(conn)

When the Guardian.Plug.Backdoor plug runs, it fetches the resource from your Guardian implementation with those claims and signs in.

Alternatively, encode your claims into a token and pass that as token in the query string instead.

{:ok, token, _claims} = MyApp.Guardian.encode_and_sign(resource)

conn = get(conn, "/", token: token)

resource = MyApp.Guardian.Plug.current_resource(conn)

Options

:module - Your app's Guardian implementation module. Required.