Sigra.Account (Sigra v0.2.4)

Account lifecycle orchestrator.

Provides a unified API for email change, password change, and account deletion. Each operation delegates to its specialized module:

Sigra.Account.EmailChange for email change flows
Sigra.Account.PasswordChange for password management
Sigra.Account.Deletion for account deletion lifecycle

All functions follow the library pattern: they receive repo as the first argument and options keyword list with schema references and config. The generated MyApp.Auth context delegates to these functions.

Email Change (D-01 to D-10)

Sigra.Account.request_email_change(repo, user, "new@example.com", opts)
Sigra.Account.confirm_email_change(repo, token, opts)
Sigra.Account.cancel_email_change(repo, user, opts)

Password Change (D-34 to D-45)

Sigra.Account.change_password(repo, user, "current", %{password: "new"}, opts)
Sigra.Account.set_password(repo, user, %{password: "new"}, opts)

Account Deletion (D-11 to D-33)

Sigra.Account.schedule_deletion(repo, user, opts)
Sigra.Account.cancel_deletion(repo, user, opts)
Sigra.Account.execute_deletion(repo, user, opts)

Summary

Functions

audit_forced_password_change(opts, user_id)

Audit a forced password change completion event.

cancel_deletion(repo, user, opts)

Cancel scheduled deletion and reactivate account.

cancel_email_change(repo, user, opts)

Cancel a pending email change.

change_password(repo, user, current_password, attrs, opts)

Change password with current password verification.

confirm_email_change(repo, encoded_token, opts)

Confirm an email change via token from verification email.

deletion_scheduled?(user)

Check if deletion is scheduled.

deletion_status(user)

Get deletion status: {:scheduled, days_remaining} | :not_scheduled | :deleted

execute_deletion(repo, user, opts)

Execute deletion (called by Oban worker or manual task).

must_change_password?(user)

Check if user must change their password.

request_email_change(repo, user, new_email, opts)

Request an email change. Sends verification to new address.

require_password_change(repo, user)

Admin API: require user to change password on next login.

schedule_deletion(repo, user, opts)

Schedule account deletion with grace period.

set_password(repo, user, attrs, opts)

Set password for OAuth-only user (no current password). Requires sudo.

Functions

audit_forced_password_change(opts, user_id)

(since 0.9.0)

@spec audit_forced_password_change(
  keyword(),
  term()
) :: :ok

Audit a forced password change completion event.

Called by subsystems that complete a forced-password change path (e.g., Sigra.Account.PasswordChange.clear_force_change/2). Writes a account.password_change audit row with metadata: %{forced: true}.

cancel_deletion(repo, user, opts)

(since 0.8.0)

Cancel scheduled deletion and reactivate account.

cancel_email_change(repo, user, opts)

(since 0.8.0)

Cancel a pending email change.

change_password(repo, user, current_password, attrs, opts)

(since 0.8.0)

Change password with current password verification.

confirm_email_change(repo, encoded_token, opts)

(since 0.8.0)

Confirm an email change via token from verification email.

deletion_scheduled?(user)

(since 0.8.0)

Check if deletion is scheduled.

deletion_status(user)

(since 0.8.0)

Get deletion status: {:scheduled, days_remaining} | :not_scheduled | :deleted

execute_deletion(repo, user, opts)

(since 0.8.0)

Execute deletion (called by Oban worker or manual task).

must_change_password?(user)

(since 0.8.0)

Check if user must change their password.

request_email_change(repo, user, new_email, opts)

(since 0.8.0)

Request an email change. Sends verification to new address.

require_password_change(repo, user)

(since 0.8.0)

Admin API: require user to change password on next login.

schedule_deletion(repo, user, opts)

(since 0.8.0)

Schedule account deletion with grace period.

set_password(repo, user, attrs, opts)

(since 0.8.0)

Set password for OAuth-only user (no current password). Requires sudo.