Claper
Claper
v1.7.0

View Source ClaperWeb.UserAuth (Claper v1.7.0)

Plug for user authentication.

Link to this section Summary

Functions

fetch_current_user(conn, opts)

Authenticates the user by looking into the session and remember me token.

log_in_user(conn, user, params \\ %{})

Logs the user in.

log_out_user(conn)

Logs the user out.

redirect_if_user_is_authenticated(conn, opts)

Used for routes that require the user to not be authenticated.

require_authenticated_user(conn, opts)

Used for routes that require the user to be authenticated.

Link to this section Functions

Link to this function

fetch_current_user(conn, opts)

View Source

Authenticates the user by looking into the session and remember me token.

Link to this function

log_in_user(conn, user, params \\ %{})

View Source

Logs the user in.

It renews the session ID and clears the whole session to avoid fixation attacks. See the renew_session function to customize this behaviour.

It also sets a :live_socket_id key in the session, so LiveView sessions are identified and automatically disconnected on log out. The line can be safely removed if you are not using LiveView.

Link to this function

log_out_user(conn)

View Source

Logs the user out.

It clears all session data for safety. See renew_session.

Link to this function

redirect_if_user_is_authenticated(conn, opts)

View Source

Used for routes that require the user to not be authenticated.

Link to this function

require_authenticated_user(conn, opts)

View Source

Used for routes that require the user to be authenticated.

If you want to enforce the user email is confirmed before they use the application at all, here would be a good place.