View Source PowResetPassword.Plug (Pow v1.0.36)
Plug helper functions.
Summary
Functions
Creates a changeset from the user fetched in the connection.
Finds a user for the provided params, creates a token, and stores the user for the token.
Verifies the signed token and fetches user from store.
Updates the password for the user fetched in the connection.
Functions
@spec change_user(Plug.Conn.t(), map()) :: map()
Creates a changeset from the user fetched in the connection.
@spec create_reset_token(Plug.Conn.t(), map()) :: {:ok, map(), Plug.Conn.t()} | {:error, map(), Plug.Conn.t()}
Finds a user for the provided params, creates a token, and stores the user for the token.
The returned :token
is signed for public consumption using
Pow.Plug.sign_token/4
. Additionally Pow.UUID.generate/0
is called whether
the user exists or not to prevent timing attacks.
:reset_password_token_store
can be passed in the config for the conn. This
value defaults to
{PowResetPassword.Store.ResetTokenCache, backend: Pow.Store.Backend.EtsCache}
.
The Pow.Store.Backend.EtsCache
backend store can be changed with the
:cache_store_backend
option.
@spec load_user_by_token(Plug.Conn.t(), binary()) :: {:ok, Plug.Conn.t()} | {:error, Plug.Conn.t()}
Verifies the signed token and fetches user from store.
If a user is found, it'll be assigned to conn.assigns
for key
:reset_password_user
.
A :pow_reset_password_decoded_token
key will be assigned in conn.private
with the decoded token. This is used to invalidate the token when calling
update_user_password/2
.
The token will be decoded and verified with Pow.Plug.verify_token/4
.
See create_reset_token/2
for more on :reset_password_token_store
config
option.
@spec update_user_password(Plug.Conn.t(), map()) :: {:ok, map(), Plug.Conn.t()} | {:error, map(), Plug.Conn.t()}
Updates the password for the user fetched in the connection.
The user should exist in conn.assigns
for key :reset_password_user
and
the decoded token in conn.private
for key
:pow_reset_password_decoded_token
. load_user_by_token/2
will ensure this.
See create_reset_token/2
for more on :reset_password_token_store
config
option.