View Source Pow.Ecto.Schema.Changeset (Pow v1.0.37)

Handles changesets functions for Pow schema.

These functions should never be called directly, but instead the functions build in macros in Pow.Ecto.Schema should be used. This is to ensure that only compile time configuration is used.

Pow.Ecto.Schema.Password is by default used to hash and verify passwords.

Configuration options

  • :password_min_length - minimum password length, defaults to 8

  • :password_max_length - maximum password length, defaults to 4096

  • :password_hash_verify - the password hash and verify anonymous functions or MFAs, defaults to:

    {&Pow.Ecto.Schema.Password.pbkdf2_hash/1,
    &Pow.Ecto.Schema.Password.pbkdf2_verify/2}

    It may be anonymous functions of MFAs.

  • :email_validator - the email validation anonymous function or MFA, defaults to:

    &Pow.Ecto.Schema.Changeset.validate_email/1

    The function should either return :ok, :error, or {:error, reason}.

Summary

Functions

Link to this function

confirm_password_changeset(user_or_changeset, params, config)

View Source
@spec confirm_password_changeset(
  Ecto.Schema.t() | Ecto.Changeset.t(),
  map(),
  Pow.Config.t()
) ::
  Ecto.Changeset.t()

Validates the confirm password field.

Requires password and confirm_password params to be equal. Validation is only performed if a change for :password exists and the change is not nil.

Link to this function

current_password_changeset(user_or_changeset, params, config)

View Source
@spec current_password_changeset(
  Ecto.Schema.t() | Ecto.Changeset.t(),
  map(),
  Pow.Config.t()
) ::
  Ecto.Changeset.t()

Validates the current password field.

It's only required to provide a current password if the password_hash value exists in the data struct.

Link to this function

new_password_changeset(user_or_changeset, params, config)

View Source
@spec new_password_changeset(
  Ecto.Schema.t() | Ecto.Changeset.t(),
  map(),
  Pow.Config.t()
) ::
  Ecto.Changeset.t()

Validates the password field.

A password hash is generated by using :password_hash_verify in the configuration. The password is always required if the password hash is nil, and it's required to be between :password_min_length to :password_max_length characters long.

The password hash is only generated if the changeset is valid, but always required.

Link to this function

password_changeset(user_or_changeset, params, config)

View Source
@spec password_changeset(Ecto.Schema.t() | Ecto.Changeset.t(), map(), Pow.Config.t()) ::
  Ecto.Changeset.t()

Validates the password field.

Calls confirm_password_changeset/3 and new_password_changeset/3.

Link to this function

user_id_field_changeset(user_or_changeset, params, config)

View Source
@spec user_id_field_changeset(
  Ecto.Schema.t() | Ecto.Changeset.t(),
  map(),
  Pow.Config.t()
) ::
  Ecto.Changeset.t()

Validates the user id field.

The user id field is always required. It will be treated as case insensitive, and it's required to be unique. If the user id field is :email, the value will be validated as an e-mail address too.

@spec validate_email(binary()) :: :ok | {:error, any()}

Validates an e-mail.

This implementation has the following rules:

  • Split into local-part and domain at last @ occurance
  • Local-part should;
    • be at most 64 octets
    • separate quoted and unquoted content with a single dot
    • only have letters, digits, and the following characters outside quoted content:
      !#$%&'*+-/=?^_`{|}~.
    • not have any consecutive dots outside quoted content
  • Domain should;
    • be at most 255 octets
    • only have letters, digits, hyphen, and dots

Unicode characters are permitted in both local-part and domain.

The implementation is based on RFC 3696.

IP addresses are not allowed as per the RFC 3696 specification: "The domain name can also be replaced by an IP address in square brackets, but that form is strongly discouraged except for testing and troubleshooting purposes.".

Link to this function

verify_password(map, password, config)

View Source
@spec verify_password(Ecto.Schema.t(), binary(), Pow.Config.t()) :: boolean()

Verifies a password in a struct.

The password will be verified by using the :password_hash_verify in the configuration.

To prevent timing attacks, a blank password will be passed to the hash method in the :password_hash_verify configuration option if the :password_hash is nil.