Account lifecycle orchestrator.
Provides a unified API for email change, password change, and account deletion. Each operation delegates to its specialized module:
Sigra.Account.EmailChangefor email change flowsSigra.Account.PasswordChangefor password managementSigra.Account.Deletionfor account deletion lifecycle
All functions follow the library pattern: they receive repo as the first
argument and options keyword list with schema references and config. The
generated MyApp.Auth context delegates to these functions.
Email Change (D-01 to D-10)
Sigra.Account.request_email_change(repo, user, "new@example.com", opts)
Sigra.Account.confirm_email_change(repo, token, opts)
Sigra.Account.cancel_email_change(repo, user, opts)Password Change (D-34 to D-45)
Sigra.Account.change_password(repo, user, "current", %{password: "new"}, opts)
Sigra.Account.set_password(repo, user, %{password: "new"}, opts)
Sigra.Account.clear_password_change_requirement(repo, user, opts)Account Deletion (D-11 to D-33)
Sigra.Account.schedule_deletion(repo, user, opts)
Sigra.Account.cancel_deletion(repo, user, opts)
Sigra.Account.execute_deletion(repo, user, opts)Summary
Functions
Audit a forced password change completion event.
Cancel scheduled deletion and reactivate account.
Cancel a pending email change.
Change password with current password verification.
Clears the admin-enforced password change requirement after the user completes the flow.
Confirm an email change via token from verification email.
Check if deletion is scheduled.
Get deletion status: {:scheduled, days_remaining} | :not_scheduled | :deleted
Execute deletion (called by Oban worker or manual task).
Check if user must change their password.
Request an email change. Sends verification to new address.
Admin API: require user to change password on next login.
Schedule account deletion with grace period.
Set password for OAuth-only user (no current password). Requires sudo.
Functions
Audit a forced password change completion event.
Called by subsystems that complete a forced-password change path
(e.g., Sigra.Account.PasswordChange.clear_force_change/2). Writes
a account.password_change audit row with metadata: %{forced: true}.
Prefer clear_password_change_requirement/3 when :audit_schema is configured so the
domain update and audit share one transaction.
Cancel scheduled deletion and reactivate account.
Cancel a pending email change.
Change password with current password verification.
@spec clear_password_change_requirement(module(), map(), keyword()) :: {:ok, map()} | {:error, Ecto.Changeset.t()}
Clears the admin-enforced password change requirement after the user completes the flow.
When :audit_schema is set in opts, the must_change_password update and the
account.password_change audit row (metadata: %{forced: true}) are committed in one
transaction. Otherwise delegates to PasswordChange.clear_force_change/2 with no audit.
Confirm an email change via token from verification email.
Check if deletion is scheduled.
Get deletion status: {:scheduled, days_remaining} | :not_scheduled | :deleted
Execute deletion (called by Oban worker or manual task).
Check if user must change their password.
Request an email change. Sends verification to new address.
Admin API: require user to change password on next login.
Schedule account deletion with grace period.
Set password for OAuth-only user (no current password). Requires sudo.