z_auth (zotonic_core v1.0.0-rc.17)
Handle authentication of zotonic users. Also shows the logon screen when authentication is required.
Summary
Functions
Set the user to 'confirmed'.
Check if the visitor has been authenticated. Assumes a completely initalized context.
Check if the user is enabled, a user is enabled when the rsc is published and within its publication date range.
Forget about the user being logged on.
Logon a user whose id we know, set all user prefs in the context.
Logon a username/password combination, checks passwords with m_identity.
Logon a user and redirect the user agent. The MQTT websocket MUST be connected.
Allow an admin user to switch to another user account.
Allow an admin user to switch to another user account. The ActingUserId is typically the user_id of the user that initially logged on. This is stored in the auth_options as 'sudo_user_id' and is set when performing the switch.
Publish the current IP address and session-id to the sessions topic of the user. This enables tracking where users are active. This _must_ be a session initiated from a remote IP address. If no remote IP address is known then the user session is not logged.
Request the client's auth worker to re-authenticate as a new user. The ACL for this operation is checked by z_auth:logon_switch/3, which is called by the controller_authentication when asked to make the switch.
Remove the retained user session value, this removes the session from the overview of active sessions. Called when resetting the authentication cookies.
Functions
-spec confirm(m_rsc:resource_id(), z:context()) -> {ok, z:context()} | {error, user_not_enabled}.
Set the user to 'confirmed'.
Check if the visitor has been authenticated. Assumes a completely initalized context.
-spec is_enabled(m_rsc:resource_id(), z:context()) -> boolean().
Check if the user is enabled, a user is enabled when the rsc is published and within its publication date range.
Forget about the user being logged on.
-spec logon(m_rsc:resource_id(), z:context()) -> {ok, z:context()} | {error, user_not_enabled}.
Logon a user whose id we know, set all user prefs in the context.
Logon a username/password combination, checks passwords with m_identity.
-spec logon_redirect(m_rsc:resource_id(), binary() | undefined, z:context()) -> ok | {error, term()}.
Logon a user and redirect the user agent. The MQTT websocket MUST be connected.
-spec logon_switch(m_rsc:resource_id(), z:context()) -> {ok, z:context()} | {error, eacces}.
Allow an admin user to switch to another user account.
-spec logon_switch(ToUserId, ActingUserId, Context) -> {ok, Context1} | {error, eacces} when ToUserId :: m_rsc:resource_id(), ActingUserId :: m_rsc:resource_id(), Context :: z:context(), Context1 :: z:context().
Allow an admin user to switch to another user account. The ActingUserId is typically the user_id of the user that initially logged on. This is stored in the auth_options as 'sudo_user_id' and is set when performing the switch.
-spec publish_user_session(Context) -> ok | {error, Reason} when Context :: z:context(), Reason :: no_user | no_session | term().
Publish the current IP address and session-id to the sessions topic of the user. This enables tracking where users are active. This _must_ be a session initiated from a remote IP address. If no remote IP address is known then the user session is not logged.
-spec switch_user(m_rsc:resource_id(), z:context()) -> ok | {error, eacces}.
Request the client's auth worker to re-authenticate as a new user. The ACL for this operation is checked by z_auth:logon_switch/3, which is called by the controller_authentication when asked to make the switch.
-spec unpublish_user_session(Context) -> ok | {error, Reason} when Context :: z:context(), Reason :: no_user | no_session | term().
Remove the retained user session value, this removes the session from the overview of active sessions. Called when resetting the authentication cookies.