danschultzer / pow Goto Github PK
View Code? Open in Web Editor NEWRobust, modular, and extendable user authentication system
Home Page: https://powauth.com
License: MIT License
Robust, modular, and extendable user authentication system
Home Page: https://powauth.com
License: MIT License
In my webapp, Bodyguard
library is used for simple authorization.
And Bodyguard.Plug.Authorization
receives 1-arity fn for user allocation like &get_current_user/1
. Docs
Currently there's a helper fn which simply wraps Pow.Operations.current_user(conn, otp_app: :myapp)
.
I believe almost every users with Bodyguard
and Pow
would do the same thing, which means it'll be one of the most frequently used fn.
So, how about adding a fn current_user(conn)
or current_user(conn, default_options)
?
I am fully loving pow so far but I am finding very hard to integrate or use with other libs due to the controller methods. When we try to implement a new flow its never easy because the custom controller methods lack guidance around how to to properly utilise these.
I had to create custom controller since I am using assigns in weird way in which I require them to generate the reg form and sign in forms. This is working, we now have a problem when it comes to email confirmation as this is not functional at all.
We manage to implement this based on a previous issue:
defmodule AppWeb.RegistrationController do
use AppWeb, :controller
alias PowEmailConfirmation.Phoenix.ControllerCallbacks, as: PowEmailConfirmationControllerCallbacks
def new(conn, _params) do
changeset = Pow.Plug.change_user(conn)
form = create_form(App.Users.UserType, %App.Users.User{})
render(conn, "new.html", changeset: changeset, form: form)
end
def create(conn, %{"user" => user_params}) do
conn
|> Pow.Plug.create_user(user_params)
|> verify_confirmed()
end
defp verify_confirmed({:error, conn}), do: render(conn, "new.html")
defp verify_confirmed({:ok, conn}) do
user = Pow.Plug.current_user(conn)
if confirmed?(user) do
conn
|> put_flash(:info, "Welcome!")
|> redirect(to: Routes.page_path(conn, :index))
else
PowEmailConfirmationControllerCallbacks.send_confirmation_email(user, conn)
{:ok, conn} = Pow.Plug.clear_authenticated_user(conn)
# conn session has been reset and error can be returned
render(conn, "new.html")
end
end
defp confirmed?(%{email_confirmed_at: nil, email_confirmation_token: token}) when not is_nil(token), do: false
defp confirmed?(_user), do: true
end
We mainly seem to be running in to issue around the expected return type. We have had to disable this feature for the time being as we are still in development. If there a better or easier way to pass assigns to Pow controllers ? Can you provide the best method to add or call the extension from here from the reg controller ?
The error we tend to see if the following: no function clause matching in AppWeb.RegistrationController.verify_confirmed/1
and this occurs on the following line: defp verify_confirmed({:error, conn}), do: render(conn, "new.html")
I like the following which is the initial example we went with as it provides a decent place to start building from:
defmodule AppWeb.RegistrationController do
use AppWeb, :controller
def new(conn, _params) do
changeset = Pow.Plug.change_user(conn)
form = create_form(App.Users.UserType, %App.Users.User{})
render(conn, "new.html", changeset: changeset, form: form)
end
def create(conn, %{"user" => user_params}) do
conn
|> Pow.Plug.create_user(user_params)
|> case do
{:ok, user, conn} ->
conn
|> put_flash(:info, "Welcome!")
|> redirect(to: Routes.page_path(conn, :index))
{:error, changeset, conn} ->
render(conn, "new.html", changeset: changeset)
end
end
end
In my website pow
is equipped with three included extensions. And whenever I restarted the server, all the sessions are gone away.
I expected that the PowPersistentSession
stores credentials into DB layer, but there's no additional migration.
Is this feature intended or under development?
In my app, I have the need for multiple user tables.
Devise does a killer job (via warden) to authenticate via varying tables & warden scopes.
Is there a good mechanism to do this with this library (without an umbrella)?
Running mix pow.phoenix.gen.templates
or mix pow.phoenix.gen.templates --context-app Ss
gives the error:
* creating lib/ss_web/views/pow/registration_view.ex
** (ArgumentError) argument error
:erlang.binary_to_existing_atom("edit", :utf8)
(elixir) lib/string.ex:2089: String.to_existing_atom/1
(elixir) lib/enum.ex:1294: Enum."-map/2-lists^map/1-0-"/2
(elixir) lib/enum.ex:1294: Enum."-map/2-lists^map/1-0-"/2
lib/mix/pow/phoenix.ex:59: Mix.Pow.Phoenix.create_templates/4
(elixir) lib/enum.ex:737: Enum."-each/2-lists^foreach/1-0-"/2
(elixir) lib/enum.ex:737: Enum.each/2
lib/mix/tasks/phoenix/pow.phoenix.gen.templates.ex:41: Mix.Tasks.Pow.Phoenix.Gen.Templates.create_template_files/1
It does generate lib/ss_web/views/pow/registration_view.ex
, but that is all.
Hello!
I'm trying to follow the instructions in the README about the e-mail confirmation extension. I updated the config.ex
, the user.ex
and the router.ex
, generated the templates, added the pow_mailer.ex
module, added the mailer_backend
key to the config.ex
, added the mailer_view
function, generated the templates and added the web_mailer_module
key. Yet after login I get this error message:
[error] #PID<0.417.0> running UserProfileManagerWeb.Endpoint (cowboy_protocol) terminated
Server: localhost:4000 (http)
Request: POST /session?request_path=%2F
** (exit) an exception was raised:
** (UndefinedFunctionError) function UserProfileManagerWeb.Router.Helpers.pow_email_confirmation_confirmation_url/3 is undefined or private
(user_profile_manager) UserProfileManagerWeb.Router.Helpers.pow_email_confirmation_confirmation_url(%Plug.Conn{adapter: {Plug.Adapters.Cowboy.Conn, :...}, assigns: %{action: "/session?request_path=%2F", current_user: ...
(pow) lib/extensions/email_confirmation/phoenix/controllers/controller_callbacks.ex:56: PowEmailConfirmation.Phoenix.ControllerCallbacks.send_confirmation_email/2
(pow) lib/extensions/email_confirmation/phoenix/controllers/controller_callbacks.ex:39: PowEmailConfirmation.Phoenix.ControllerCallbacks.halt_unconfirmed/3
(elixir) lib/enum.ex:1925: Enum."-reduce/3-lists^foldl/2-0-"/3
(pow) lib/pow/phoenix/controllers/controller.ex:88: Pow.Phoenix.Controller.action/3
(pow) lib/pow/phoenix/controllers/session_controller.ex:1: Pow.Phoenix.SessionController.action/2
(pow) lib/pow/phoenix/controllers/session_controller.ex:1: Pow.Phoenix.SessionController.phoenix_controller_pipeline/2
(user_profile_manager) lib/user_profile_manager_web/endpoint.ex:1: UserProfileManagerWeb.Endpoint.instrument/4
(phoenix) lib/phoenix/router.ex:278: Phoenix.Router.call/1
(user_profile_manager) lib/user_profile_manager_web/endpoint.ex:1: UserProfileManagerWeb.Endpoint.plug_builder_call/2
(user_profile_manager) lib/plug/debugger.ex:122: UserProfileManagerWeb.Endpoint."call (overridable 3)"/2
(user_profile_manager) lib/user_profile_manager_web/endpoint.ex:1: UserProfileManagerWeb.Endpoint.call/2
(plug) lib/plug/adapters/cowboy/handler.ex:16: Plug.Adapters.Cowboy.Handler.upgrade/4
(cowboy) /home/nar/mena_playground/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4
I see that this pow_email_confirmation_confirmation_url
function is called, but I don't see any implementation for it in the 1.0.0-rc4 version and the README doesn't mention that I need to implement it either. I see that the e62374b commit changed this in the extension, but I don't know how to get the latest version. How do I get it? I added {:pow, "~> 1.0.0-rc.4"}
to mix.exs
.
Hello,
I'm trying to test pow in a new phoenix 1.4 app.
The mix task pow.install return this:
mix pow.install -r Powtest.Repo Accounts.User users
** (MatchError) no match of right hand side value: :undefined
lib/pow.ex:9: Pow.dependency_vsn_match?/2
lib/mix/pow/ecto/migration.ex:69: Mix.Pow.Ecto.Migration.source_repo_priv/1
lib/mix/pow/ecto/migration.ex:15: Mix.Pow.Ecto.Migration.create_migration_files/3
(elixir) lib/enum.ex:765: Enum."-each/2-lists^foreach/1-0-"/2
(elixir) lib/enum.ex:765: Enum.each/2
lib/mix/tasks/ecto/pow.ecto.install.ex:49: Mix.Tasks.Pow.Ecto.Install.maybe_run_gen_migration/2
lib/mix/tasks/ecto/pow.ecto.install.ex:41: Mix.Tasks.Pow.Ecto.Install.run/1
lib/mix/tasks/pow.install.ex:38: Mix.Tasks.Pow.Install.run_ecto_install/2
lib/mix/tasks/pow.install.ex:31: Mix.Tasks.Pow.Install.run/1
(mix) lib/mix/task.ex:316: Mix.Task.run_task/3
(mix) lib/mix/cli.ex:79: Mix.CLI.run_task/2
(elixir) lib/code.ex:767: Code.require_file/2
Can you provide a user.ex file and the typical migration pow required ?
I've followed the Getting Started (Phoenix) section in the README to the letter but when I 'fire up' the iex -S mix phx.server
and try going to localhost:4000/registration/new I'm told that
$ iex -S mix phx.server
Erlang/OTP 21 [erts-10.0.7] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [hipe] [dtrace]
[info] Running PowwowWeb.Endpoint with Cowboy using http://0.0.0.0:4000
Interactive Elixir (1.7.3) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> 10:25:47 - info: compiled 6 files into 2 files, copied 3 in 874 ms
[info] GET /registration/new
[info] Sent 500 in 69ms
[error] #PID<0.398.0> running PowwowWeb.Endpoint (cowboy_protocol) terminated
Server: localhost:4000 (http)
Request: GET /registration/new
** (exit) an exception was raised:
** (UndefinedFunctionError) function PowwowWeb.Pow.Phoenix.RegistrationController.init/1 is undefined (module PowwowWeb.Pow.Phoenix.RegistrationController is not available)
PowwowWeb.Pow.Phoenix.RegistrationController.init(:new)
(powwow) lib/powwow_web/router.ex:1: anonymous fn/1 in PowwowWeb.Router.__match_route__/4
(phoenix) lib/phoenix/router.ex:278: Phoenix.Router.__call__/1
(powwow) lib/powwow_web/endpoint.ex:1: PowwowWeb.Endpoint.plug_builder_call/2
(powwow) lib/plug/debugger.ex:122: PowwowWeb.Endpoint."call (overridable 3)"/2
(powwow) lib/powwow_web/endpoint.ex:1: PowwowWeb.Endpoint.call/2
(plug) lib/plug/adapters/cowboy/handler.ex:16: Plug.Adapters.Cowboy.Handler.upgrade/4
(cowboy) /Users/Walther/tmp/meetup/powwow/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4
[info] GET /
[debug] Processing with PowwowWeb.PageController.index/2
Parameters: %{}
Pipelines: [:browser]
[info] Sent 200 in 12ms
Any ideas?
Can we add a feature so you still get to use the confirmation flow (sends email) but confirmation is not required to proceed after registration?
Hi!
I'm looking for a way to disable registration routes, as the app I'm building won't need them. I couldn't find any configuration option, so what's the suggested approach for this?
I tried changing pow_routes()
in my router to this:
scope "/", Pow.Phoenix, as: "pow" do
resources "/session", SessionController, singleton: true, only: [:new, :create, :delete]
end
But it forces me to import the session templates and overwrite them, as they use the registration path (which doesn't exist now).
Is there a better way to achieve this?
Thanks! ๐
What are the goals for 1.0? What will it take to move from rc to 1.0?
By default, reset_password.html.eex
only exposes the @url
assigns variable.
How would I go about also having the @user
variable exposed so that I can customise my email templates? For example, I want to open my emails with Hi {user},
as opposed to just a generic Hi,
?
Guidance appreciated.
Current form template L72 builds form inputs with @changeset.data.__struct__.pow_user_id_field()
.
This is useful when there're some different types of @changeset
s are given. (is this intended?)
It can be resolved by replace with Pow.Config.get([otp_app: :my_app], :user, nil)
when the template is generated.
It seems like when using a custom SessionController with the PowEmailConfirmation extension, the controller callbacks that handle checking whether the email was confirmed aren't run and the connection isn't halted regardless of the email being unconfirmed.
I realized this is because I defined the controller with a custom name instead of Pow.Phoenix.SessionController
.
The motivation behind this is using Pow and its extensions in an API which is decoupled from the front end of the app, so all responses should be JSON rather than HTML. Beginning to wonder if it'd be possible to just handle all the responses with controller callbacks instead and maybe it could be useful as an extension.
I'm looking into implementing https://tools.ietf.org/html/rfc8252, but I'm not sure how to authenticate using pow.
My best guess is some sort of double authentication. The app authenticates with pow and then pow authenticates with Google Apps (for an example). Any ideas?
More than often, it's enough to check whether an user session is logged in or not.
But currently I can only check user via current_user/1
which returns a bit heavy user-full struct.
How about add a new function returning lightweight true/false
instead? This will make consuming less resource.
Recently I changed the credential config from default ets to mnesia explained in the readme guide.
It has worked in dev, but error is popped out in prod. (Release made via Distillery
and :mnesia
is included in :extra_applications
.
Any clue?
9์ 24 09:29:11 nohogu1 nohogu[4506]: Loading nohogu...
9์ 24 09:29:11 nohogu1 nohogu[4506]: Starting dependencies..
9์ 24 09:29:11 nohogu1 nohogu[4506]: Creating database if not exists...
9์ 24 09:29:11 nohogu1 nohogu[4506]: Running migrations...
9์ 24 09:29:12 nohogu1 nohogu[4506]: Success!
9์ 24 09:29:12 nohogu1 nohogu[4506]: 09:29:12.159 [info] Already up
9์ 24 09:29:14 nohogu1 nohogu[4506]: 09:29:14.948 [info] Running NohoguWeb.Endpoint with Cowboy using http://0.0.0.0:4000
9์ 24 09:29:14 nohogu1 nohogu[4506]: 09:29:14.994 [info] Application nohogu exited: Nohogu.Application.start(:normal, []) returned an error: shutdown: failed to start c
9์ 24 09:29:14 nohogu1 nohogu[4506]: ** (EXIT) an exception was raised:
9์ 24 09:29:14 nohogu1 nohogu[4506]: ** (CaseClauseError) no case clause matching: {:aborted, {:bad_type, Pow.Store.Backend.MnesiaCache, :disc_copies, :"nohogu@
9์ 24 09:29:14 nohogu1 nohogu[4506]: (pow) lib/pow/store/backend/mnesia_cache.ex:144: Pow.Store.Backend.MnesiaCache.table_init/1
9์ 24 09:29:14 nohogu1 nohogu[4506]: (pow) lib/pow/store/backend/mnesia_cache.ex:54: Pow.Store.Backend.MnesiaCache.init/1
9์ 24 09:29:14 nohogu1 nohogu[4506]: (stdlib) gen_server.erl:374: :gen_server.init_it/2
9์ 24 09:29:14 nohogu1 nohogu[4506]: (stdlib) gen_server.erl:342: :gen_server.init_it/6
9์ 24 09:29:14 nohogu1 nohogu[4506]: (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
9์ 24 09:29:16 nohogu1 nohogu[4506]: {"Kernel pid terminated",application_controller,"{application_start_failure,nohogu,{{shutdown,{failed_to_start_child,'Elixir.Pow.St
9์ 24 09:29:16 nohogu1 nohogu[4506]: Kernel pid terminated (application_controller) ({application_start_failure,nohogu,{{shutdown,{failed_to_start_child,'Elixir.Pow.Sto
9์ 24 09:29:16 nohogu1 nohogu[4506]: [1B blob data]
9์ 24 09:29:16 nohogu1 nohogu[4506]: Crash dump is being written to: erl_crash.dump...done
# Authentication
config :nohogu, :pow,
user: Nohogu.Users.User,
repo: Nohogu.Repo,
web_module: NohoguWeb,
web_mailer_module: NohoguWeb,
mailer_backend: NohoguWeb.PowMailer,
messages_backend: NohoguWeb.Pow.Messages,
routes_backend: NohoguWeb.Pow.Routes,
cache_store_backend: Pow.Store.Backend.MnesiaCache,
session_store: {Pow.Store.CredentialsCache, ttl: :timer.minutes(60), namespace: "credentials"},
session_ttl_renewal: :timer.minutes(30),
extensions: [PowResetPassword, PowEmailConfirmation, PowPersistentSession],
controller_callbacks: Pow.Extension.Phoenix.ControllerCallbacks
plug Plug.Session,
store: :cookie,
key: "_nohogu_key",
signing_salt: "SOME_KEY"
plug Pow.Plug.Session, otp_app: :nohogu
Hey Dan,
In the docs you mentioned that "the best way is to create and modify our own controllers". Can you provide some examples?
Should we copy/paste the controllers from pow/phoenix/controllers
or import something? Maybe a snippet of custom routes could help too.
Context: I'm trying to implement pow in an app where registration should be closed/protected and users are created by something like an admin or a user already created. I want to document the process of the custom install/configuration of pow then I'll make a PR for the guides.
When a user submits a password that does not meet the minimum characters, they currently get the following message: "should be at least %{count} character(s)"
.
Ecto.Changeset.traverse_errors/2 can be used to insert the count
into the error message. The example function in the docs specifically addresses this situation.
I'm not sure where the function to update the error message should be added, but it would improve the error messages to the user.
Hello. A logo is a good idea to improve the project. I can design it voluntarily. What dou you think?
How do we manually create a session given a user?
I was going through the readme trying things out and got the following error when I ran the command to generate the extension templates.
$ mix pow.extension.phoenix.gen.templates --extension PowResetPassword --extension PowEmailConfirmation
warning: found quoted keyword "test" but the quotes are not required. Note that keywords are always atoms, even when quoted, and quotes should only be used to introduce keywords with foreign characters in them
mix.exs:62
* creating lib/my_app_web/views/pow_reset_password/reset_password_view.ex
** (ArgumentError) argument error
:erlang.binary_to_existing_atom("edit", :utf8)
(elixir) lib/string.ex:2169: String.to_existing_atom/1
(elixir) lib/enum.ex:1314: Enum."-map/2-lists^map/1-0-"/2
(elixir) lib/enum.ex:1314: Enum."-map/2-lists^map/1-0-"/2
lib/mix/pow/phoenix.ex:59: Mix.Pow.Phoenix.create_templates/4
(elixir) lib/enum.ex:765: Enum."-each/2-lists^foreach/1-0-"/2
(elixir) lib/enum.ex:765: Enum.each/2
(elixir) lib/enum.ex:765: Enum."-each/2-lists^foreach/1-0-"/2
What are the trade offs of using Postgres for session storage?
Hello!
I tried to follow the installation instructions: added pow
to the dependencies, fetched the dependencies using mix deps.get
, then executed the mix pow.install
command, but got this error:
** (Mix) Could not load UserProfileManager.Repo, error: :nofile. Please configure your app accordingly or pass a repo with the -r option.
What could be the problem? My project is under an umbrella. The output from mix deps.get
is this:
Running dependency resolution...
Dependency resolution completed:
cowboy 1.1.2
cowlib 1.0.2
decimal 1.5.0
ecto 2.2.11
file_system 0.2.6
gettext 0.16.0
mime 1.3.0
phoenix 1.3.4
phoenix_ecto 3.5.0
phoenix_html 2.12.0
phoenix_live_reload 1.1.7
phoenix_pubsub 1.1.0
plug 1.6.4
poison 3.1.0
poolboy 1.5.1
pow 1.0.0-rc.4
ranch 1.3.2
All dependencies up to date
I'm trying to i18n the flash messages in PowEmailConfirmation
, by adding custom functions in messages backend module NohoguWeb.Pow.Message
and add messages_backend: NohoguWeb.Pow.Messages,
in config.exs
.
But it looks not working well.
Here's the codes:
defmodule NohoguWeb.Pow.Messages do
use Pow.Phoenix.Messages
use Pow.Extension.Phoenix.Messages,
extensions: [PowResetPassword, PowEmailConfirmation, PowPersistentSession]
import NohoguWeb.Gettext
def user_not_authenticated(_conn), do: gettext("You need to sign in to see this page.")
def pow_reset_password_email_has_been_sent(_conn), do: IO.inspect dgettext("pow", "An email with reset instructions has been sent to you. Please check your inbox.")
def email_has_been_confirmed(_conn), do: IO.inspect dgettext("pow", "The email address has been confirmed.")
def email_confirmation_failed(_conn), do: dgettext("pow", "The email address couldn't be confirmed.")
def email_confirmation_required(_conn), do: IO.inspect dgettext("pow", "You'll need to confirm your e-mail before you can sign in. An e-mail confirmation link has been sent to you.")
end
IO.inspect
is to leave the logs, but they didn't appear in the console log.
Any idea?
I have a site (https://github.com/axelclark/golf) that has both an html frontend and a graphql api for a mobile app. I have the ResetPassword extension set up for html. I'm trying to enable a user to send the reset token email from their mobile app using graphql.
I'm trying to figure out which Pow.PasswordReset
functions to use in my graphql resolver which acts like a controller. The problem is I don't have a conn with the config in it. I just have the user email from the params.
def create_reset_token(_parent, %{email: email}, _resolution) do
# Need to create the token and send the email
end
Any suggestions on how to do this? I only want to enable the create action through graphql.
๐
- The credentials and session are renewed after 15 minutes if any activity is detected
- The credentials and session are renewed when user updates
Hi! Could you please point me to the code where these happen? I tried making a session cache backend backed by postgres, but it seems neither of the last two points work with it. Updating a user with both , and pow_user_id_field_changeset/2
and
pow_password_changeset/2
in the changeset doesn't make any calls to the session cache processno matter the activity, the users still get logged out after 30 minutes. I'm tracing the cache process and don't see any put
calls to it being made by any pow module after the initial one -- only get
s like this:
# 14:40:11 #PID<0.761.0> :cowboy_stream_h.request_process/3
# Demo.Pow.SessionCache.get([ttl: 1800000, namespace: "credentials"], "demo_bbf48417-285a-4a14-bf0d-335e2b0fc657")
I made a fresh phoenix 1.4 install and followed steps in readme file of Pow to install it:
Tried to go to the localhost:4000/registration/new
in the browser but got the error:
no route found for GET /registration/new (HelloWeb.Router)
If I make a command mix phx.routes
in the console it gives me:
pow_session_path GET /session/new Pow.Phoenix.SessionController :new
pow_session_path POST /session Pow.Phoenix.SessionController :create
pow_session_path DELETE /session Pow.Phoenix.SessionController :delete
pow_registration_path GET /registration/edit Pow.Phoenix.RegistrationController :edit
pow_registration_path GET /registration/new Pow.Phoenix.RegistrationController :new
pow_registration_path POST /registration Pow.Phoenix.RegistrationController :create
pow_registration_path PATCH /registration Pow.Phoenix.RegistrationController :update
PUT /registration Pow.Phoenix.RegistrationController :update
pow_registration_path DELETE /registration Pow.Phoenix.RegistrationController :delete
page_path GET / HelloWeb.PageController :card_index:
I also tried to access /session/new in the browser but got the same error.
What is wrong with my install?
My router file looks like this:
defmodule HelloWeb.Router do
use HelloWeb, :router
use Pow.Phoenix.Router
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
end
pipeline :api do
plug :accepts, ["json"]
end
scope "/" do
pipe_through :browser
pow_routes()
end
scope "/", HelloWeb do
pipe_through :browser
get "/", PageController, :index
end
end
I wonder which is the better way to get total registered users count.
How about adding a function to return the count of total users?
id
in users
table.users
table.For operation purpose, some managers can change the user's role. But when I tried using Pow.Operations.update/3
, it passes through changeset
in pow_changeset/2
which requires :current_password
. Since the managers don't know other users' password, it blocks from updating fields like `:role'.
What's the better way to update :role
for this situation?
It looks Pow.Operations.update/3
allows updating other users, but can't utilize it practically.
For those of us migrating from devise, we have encrypted_password
as a field.
For most fields, I can do field :email, :string, [source: :other_field]
.
Think it would be possible to add in a config option for pow_fields()
like pow_fields(password_hash: :encrypted_password
?
We can get current active users
from several places; phoenix channel, google analytics. But I think the real data can only get from credential store
.
There's a similar fn Pow.Store.CredentialsCache.sessions/3
, but this shows a list of sessions for a given user.
So, how about support fn which list up current active users? This is a fancy and unique fn, too!
There's a default setting of password_min_length: 10
. And I'd like to redefine it to 8
because it's widely accepted. I don't want to bother or enforce the inconveniences to my users.
How can I redefine some default configurations like password_min_length
? Adding password_min_length: 8
in the config.exs
didn't work.
We are deploying to Heroku which as I understand doesn't support mnesia?
Can you use redis with pow for session storage?
I'm looking over the extension PowEmailConfirmation
to find fn confirm!
which is required in dev seed and tests.
And I found that this extension has a lot different style than Elixir de-facto standards two mainly;
PowEmailConfirmation.Plug
- Plug only and should implement two functions init/1
and call/2
. I believe this module is sufficient to be renamed PowEmailConfirmation
to avoid conflict and excessive encapsulation. (This is applied to the other modules as well.)Pow.UUID
- I cannot find any reason to replace the Ecto.UUID
or elixir_uuid
. We don't need to reinvent the wheel.I see that you are using PBKDF2-SHA512 for password hashing. Would you ever consider moving to Argon2?
Both :last_login_at
and :last_login_ip
attributes are useful when providing basic security protection.
Maybe :updated_at
can be used in replace for :last_login_at
though not proper. (for example, when user changed name or password).
In the readme of PowEmailConfirmation
, manual email confirmation by setting up :email_confirmed_at
is described.
But in my test seed it didn't work. I think :email_confirmed_at
field is not casted in the changeset.
Seed codes are like this;
user_params = %{name: "na", email: "na@some_url.com", password: "abcd1234", confirm_password: "abcd1234", email_confirmed_at: DateTime.utc_now()}
{:ok, na_user} = Pow.Operations.create(user_params, otp_app: :myapp)
Fortunately, PowEmailConfirmation.Ecto.Context.confirm_email/2
is working as expected.
My user registration process is register -> confirm email -> Create Userinfo record when confirmed
.
To implement Creating Userinfo record when confirmed
three approaches were made.
First I tried modifying Ecto changeset
. But it didn't work since id
is available yet, prepare_changes
can't access User's id field.
Next I tried using Callback routes
.
def after_registration_path(conn) do
# This returns nil
current_user = Pow.Plug.current_user(conn)
# This didn't work.
Myapp.Generals.create_userinfo(%{user_id: current_user.id})
Routes.page_path(conn, :index)
end
It didn't work. Simply because conn
doesn't have :current_user
as it's not email confirmed
yet.
Last, I'm trying ControllerCallbacks
now. Since I can access user
there, it seems to be working there. But I can't figure out where and how to configure callbacks. So can you explain more in the readme?
At present controller_callbacks: Pow.Extension.Phoenix.ControllerCallbacks
is set in config. But it won't touch my custom callbacks. I can't sure that it can be replaced with my custom callbacks.
When I run mix pow.extension.ecto.gen.migrations --extension PowResetPassword
or just mix pow.extension.ecto.gen.migrations
with the following in config/config.exs
, my project compiles, but then the Ecto migrations aren't generated.
# config/config.exs
...
config :golf, :pow,
user: Golf.Accounts.User,
repo: Golf.Repo,
extensions: [PowResetPassword, PowPersistentSession]
Here is my branch: https://github.com/axelclark/golf/tree/pow
I'm using
{:ecto_sql, "~> 3.0"},
{:pow, "~> 1.0.0"}
have you got an example project, a reference project, of Pow, Pow Assent and Phoenix Oauth2 Provider working together?
I am interested in an umbrella app scenario
Hi, great library!
Thanks to how configurable it is I've been able to use it in my app which is just an API. I'm trying to write tests for my SessionController
and when POSTing valid credentials, it seems like the password_hash never gets generated. It works fine outside of the test which leads me to believe it might be a config I need to set somewhere... any idea what I might be missing?
Add two factor support to Pow with at least OTP and FIDO U2F support.
Good primer for ensuring secure and useful two factor setup: https://medium.com/@stuartschechter/before-you-turn-on-two-factor-authentication-27148cc5b9a1
Edit: Here's some security considerations: https://shahmeeramir.com/4-methods-to-bypass-two-factor-authentication-2b0075d9eb5f
In general the MFA authentication process will go like this:
User ID & password --> MFA authorization --> Signed in
OR as passwordless:
User ID --> MFA authorization --> Signed in
This latter option could also be all on the same page for some of the above methods. The MFA methods can also be used for the registration process.
There should be a controller action for handling 2FA auth, and probably one for handling registration with 2FA. Maybe one for managing 2FA methods.
https://webauthn.guide/
https://auth0.com/blog/web-authentication-webauthn-overview-demo-tool/
There're two ways to go about this. Embedded or separate table. Separate table may make it easier to not require user id, but it could be that the user id should just be set to generated_id
if developers wish to login without user id with a randomly generated id that will be stored with the authenticator.
field :type, :string
field :nickname, :string
field :settings, :map
WebAuthn allows for no user id and can be used for single authentication.
The WebAuthn will store at minimum the following data:
{
credential_id: "credential_id",
cose_key: "cose_key"
}
For no user id setup, the user id used for the authenticator could be a randomly generated id that's stored in the authenticator schema.
TOTP can only be used for 2FA. The data stored would be the following:
{
issuer: "My Service",
otp_secret: "secret",
last_otp_at: "492039"
}
Version info:
Windows 10
Erlang/OTP 21 [erts-10.0.1] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1]
Elixir 1.7.3 (compiled with Erlang/OTP 19)
Phoenix v1.3.4
I'm following the getting started guide. Although the code examples look different now (likely due to using newer versions of Elixir and Phoenix), I think I have managed to set it up correctly.
When visiting http://localhost:4000/registration/new
, I get the following error:
[error] #PID<0.394.0> running MyAppWeb.Endpoint (cowboy_protocol) terminated
Server: localhost:4000 (http)
Request: GET /registration/new
** (exit) an exception was raised:
** (Pow.Config.ConfigError) No :user configuration option found for user schema module.
(pow) lib/pow/config.ex:55: Pow.Config.raise_error/1
(pow) lib/pow/operations.ex:18: Pow.Operations.changeset/2
(pow) lib/pow/phoenix/controllers/registration_controller.ex:15: Pow.Phoenix.RegistrationController.process_new/2
(pow) lib/pow/phoenix/controllers/controller.ex:87: Pow.Phoenix.Controller.action/3
(pow) lib/pow/phoenix/controllers/registration_controller.ex:1: Pow.Phoenix.RegistrationController.action/2
(pow) lib/pow/phoenix/controllers/registration_controller.ex:1: Pow.Phoenix.RegistrationController.phoenix_controller_pipeline/2
(my_app) lib/my_app_web/endpoint.ex:1: MyAppWeb.Endpoint.instrument/4
(phoenix) lib/phoenix/router.ex:278: Phoenix.Router.__call__/1
(my_app) lib/my_app_web/endpoint.ex:1: MyAppWeb.Endpoint.plug_builder_call/2
(my_app) lib/plug/debugger.ex:122: MyAppWeb.Endpoint."call (overridable 3)"/2
(my_app) lib/my_app_web/endpoint.ex:1: MyAppWeb.Endpoint.call/2
(plug) lib/plug/adapters/cowboy/handler.ex:16: Plug.Adapters.Cowboy.Handler.upgrade/4
(cowboy) c:/Code/my_app/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4
Contents of config.exs
:
# This file is responsible for configuring your application
# and its dependencies with the aid of the Mix.Config module.
#
# This configuration file is loaded before any dependency and
# is restricted to this project.
use Mix.Config
# General application configuration
config :my_app, :pow,
user: MyApp.Users.User,
ecto_repos: [MyApp.Repo] # Notice that this is different from the getting started guide
# Configures the endpoint
config :my_app, MyAppWeb.Endpoint,
url: [host: "localhost"],
secret_key_base: "my_secret",
render_errors: [view: MyAppWeb.ErrorView, accepts: ~w(html json)],
pubsub: [name: MyApp.PubSub,
adapter: Phoenix.PubSub.PG2]
# Configures Elixir's Logger
config :logger, :console,
format: "$time $metadata[$level] $message\n",
metadata: [:user_id]
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env}.exs"
Output of mix ecto.setup
:
warning: could not find Ecto repos in any of the apps: [:my_app].
You can avoid this warning by passing the -r flag or by setting the
repositories managed by those applications in your config/config.exs:
config :my_app, ecto_repos: [...]
warning: could not find Ecto repos in any of the apps: [:my_app].
You can avoid this warning by passing the -r flag or by setting the
repositories managed by those applications in your config/config.exs:
config :my_app, ecto_repos: [...]
I'm investigating this now; trying to find the cause. If/when I figure it out, I will update this issue. Figured I'd post it here, in case other beginners encounter the same issue in the future.
When a new user adds a space at the end of their email, they will get a format error in the form. The error isn't obvious and may cause confusion.
Consider adding String.trim/1
in addition to String.downcase/1
to the Pow.Ecto.Schema.normalize_user_id_field_value/1
function.
There seems two (or more?) places to configure credential TTL; Pow.Plug.Session
and Pow.Store.Base
.
Where can I set up the credential TTL?
There are some email templates types of html
and text
. At first I followed document guide, but it didn't work.
Mine is currently providing both English
and Korean
and going to add some Asian languages soon.
If you're busy then I can make PR. (I don't fully understand pow yet.)
Hi!
I wonder if there are any additional changes required to make custom controllers work with extensions like persistent session plug.
However, to make it easier to integrate extension, you can add callbacks to the controllers that do some light pre/post-processing of the request:
From https://github.com/danschultzer/pow#phoenix-controllers, seems to imply that using custom controllers breaks Pow.Extension.Phoenix.ControllerCallbacks
, that is, there are no traces of any function in Pow.Extension.Phoenix.ControllerCallbacks
being called during login/logout when using custom controllers.
Ok forgive me, totally new at Phoenix and app dev in general so the obvious is not very obvious.
I have an Umbrella app with a db
elixir app managing my repo.
I do not understand the ELixir/Phoenix relationship well enough yet and suffer major OCD - I am using Phoenix apps in my umbrella for an admin UI and my REST API and understand the sorta the need for 2 folders in a Phoenix app lib for App
(business logic) and App_Web
(presentation). Where my OCD kicks in overdrive is having to use a Phoenix app in my umbrella for an app that does not require a UI and therefore that App_Web
folder Phoenix provides.
In my mind, Auth (POW) supports access through the phoenix rest api app to the business logic in all my umbrella apps and should stand alone. So I am trying to setup POW as an Elixir only app in the umbrella with mix new auth --module Auth --sup
. I do not want Auth to be a Phoenix app that requires me to stare at the damn App-Web
folder all day.
Maybe (likely) I am just plain wrong and do not get it yet.
In any case, reading what I can find in DuckDuckGo about POW and of course your git repo you mention using a plug instead of Phoenix but sadly only provide a getting started with a Phoenix app.
Can you help a brother out and provide an example of using POW in an umbrella Elixir app using a Plug? I am going to keep digging and will probably hack it out but will likely be wrong, wrong, wrong.
FWIW I am also using Triplex (multi-tenant by schema) in my elixir db
app and have the following umbrella setup I am reasoning through:
Thanks in advance for any help, updates or references to anything that may help me get on track...
Is there a way to make current password optional when riding user?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.