View Source PowResetPassword.Plug (Pow v1.0.38)

Plug helper functions.

Summary

Functions

Creates a changeset from the user fetched in the connection.

Finds a user for the provided params, creates a token, and stores the user for the token.

Verifies the signed token and fetches user from store.

Updates the password for the user fetched in the connection.

Functions

Link to this function

change_user(conn, params \\ %{})

View Source
@spec change_user(Plug.Conn.t(), map()) :: map()

Creates a changeset from the user fetched in the connection.

Link to this function

create_reset_token(conn, params)

View Source
@spec create_reset_token(Plug.Conn.t(), map()) ::
  {:ok, map(), Plug.Conn.t()} | {:error, map(), Plug.Conn.t()}

Finds a user for the provided params, creates a token, and stores the user for the token.

The returned :token is signed for public consumption using Pow.Plug.sign_token/4. Additionally Pow.UUID.generate/0 is called whether the user exists or not to prevent timing attacks.

:reset_password_token_store can be passed in the config for the conn. This value defaults to {PowResetPassword.Store.ResetTokenCache, backend: Pow.Store.Backend.EtsCache}. The Pow.Store.Backend.EtsCache backend store can be changed with the :cache_store_backend option.

Link to this function

load_user_by_token(conn, signed_token)

View Source
@spec load_user_by_token(Plug.Conn.t(), binary()) ::
  {:ok, Plug.Conn.t()} | {:error, Plug.Conn.t()}

Verifies the signed token and fetches user from store.

If a user is found, it'll be assigned to conn.assigns for key :reset_password_user.

A :pow_reset_password_decoded_token key will be assigned in conn.private with the decoded token. This is used to invalidate the token when calling update_user_password/2.

The token will be decoded and verified with Pow.Plug.verify_token/4.

See create_reset_token/2 for more on :reset_password_token_store config option.

Link to this function

update_user_password(conn, params)

View Source
@spec update_user_password(Plug.Conn.t(), map()) ::
  {:ok, map(), Plug.Conn.t()} | {:error, map(), Plug.Conn.t()}

Updates the password for the user fetched in the connection.

The user should exist in conn.assigns for key :reset_password_user and the decoded token in conn.private for key :pow_reset_password_decoded_token. load_user_by_token/2 will ensure this.

See create_reset_token/2 for more on :reset_password_token_store config option.