Comments (10)
I would just call the plug actions directly in the individual actions rather than using the controller callbacks:
# In session create action
PowPersistentSession.Plug.create(conn, user)
# In session delete action
PowPersistentSession.Plug.delete(conn)
In Pow most important methods can be found in the plug modules, controller callbacks are usually very light.
from pow.
But when the persistent session is in place with a longer ttl than the regular sessions, it will allow sessions that have expired to be renewed.
In that case, the only changes I need to make are to plug in the cookie, and to call
PowPersistentSession.create/3
in my custom controller actions, and otherwise the use of pow remains the same. Is that right?
Yeah, you are correct. You need to call PowPersistentSession.Plug.create/2
when you create the session with Pow.Plug.create/2
.
from pow.
Thanks Dan. I think I have things working now. Here is how I finally ended up in my controller actions:
def signup(conn, %{"user" => user_params}) do
conn
|> Pow.Plug.create_user(user_params)
|> case do
{:ok, user, conn} ->
conn
|> PowPersistentSession.Plug.create(user)
|> redirect(to: Routes.page_path(conn, :show))
{:error, changeset, conn} ->
render(conn, "index.html", changeset: changeset)
end
end
def login(conn, %{"user" => user_params}) do
conn
|> Pow.Plug.authenticate_user(user_params)
|> case do
{:ok, conn} ->
conn
|> PowPersistentSession.Plug.create(conn.assigns.current_user)
|> redirect(to: Routes.page_path(conn, :show))
{:error, conn} ->
changeset = Pow.Plug.change_user(conn, conn.params["user"])
conn
|> put_flash(:info, "Invalid email or password")
|> render("index.html", changeset: changeset)
end
end
from pow.
Thanks @vaer-k for your code š
This is definitely related to #516 which I just opened this morning.
from pow.
Yeah, and this is for a good reason. Controller callbacks is mostly a compromise to make Pow plug nā play, but ideally developers take control of everything they change rather than having implicit callbacks. I have written about it in the custom controller guide, and Iām also thinking of redoing how the callbacks work in #66.
I would recommend writing the controllers as explicit as possible. However, you can build a controller that uses the Pow.Phoenix.Controller
macro, and will use the controller callbacks from the config. Take a look at the registration controller to get an idea of how it works:
https://github.com/danschultzer/pow/blob/master/lib/pow/phoenix/controllers/registration_controller.ex
Controllers are very thin in Pow with a process and response separation that makes it possible to hook in callbacks.
from pow.
@danschultzer so how would one go about making a custom controller work with persisted sessions plug?
from pow.
@danschultzer thank you! It seems to have worked.
from pow.
I would appreciate fuller documentation regarding how to integrate PowPersistentSession with custom controllers. For instance, how do you properly RequireAuthenticated in the router? As a test, I set persistent_session_ttl
to just 30 seconds, but after the ttl I see that my user is still able to access protected routes, when I expected that their session would have been purged from the store and the cookie invalidated by that time.
from pow.
You have to use plug PowPersistentSession.Plug.Cookie
as described in https://hexdocs.pm/pow/1.0.19/pow_persistent_session.html#content
It's not a replacement for the session. It's there to ensure that the session can be recreated once it has expired. PowPersistentSession
sets a cookie that can be used once to create a new session for the user. In your case the normal session works as expected. Let me know if this could be better described in the docs!
from pow.
Oh, I see! So setting a ttl for the persistent session lower than the regular session will not result in sessions being invalidated after the persistent ttl. In that case the regular session TTLs will dictate when the session expires. But when the persistent session is in place with a longer ttl than the regular sessions, it will allow sessions that have expired to be renewed.
In that case, the only changes I need to make are to plug in the cookie, and to call PowPersistentSession.create/3
in my custom controller actions, and otherwise the use of pow remains the same. Is that right?
from pow.
Related Issues (20)
- Replacing Phoenix.Token with JWT-based for signing and verifiying of tokens HOT 1
- Unable to logout user in Pow API HOT 2
- Feature Request: Apple Passkeys HOT 1
- Pow.Plug.authenticate_user/1 performance HOT 2
- Reset password - test fails issue HOT 1
- Upgrading to Phoenix 1.7 HOT 5
- Create account without email/password using some unique ID?
- Phoenix 1.7 compilers warning HOT 1
- Maintain case when storing emails HOT 2
- Permissions issues with mnesia backend for Pow HOT 16
- Improve mix tasks
- Crash @missing_field? in Schema.ex HOT 1
- Inject values on registration HOT 2
- users_context seems to be ignored HOT 1
- Upgrading POW from 1.6 to 1.7 HOT 12
- Changeset errors into view HOT 1
- POW & LiveView - best way to implement `assigns.current_user` ? HOT 7
- Elixir 1.15 deprecation warnings HOT 1
- Persistence of stale session ids in MnesiaCache HOT 10
- Phoenix 1.6 App upgraded to 1.7 warning about layout conflicts. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pow.