feat(user): use gen auth for users

2025-08-14 20:49:11 +02:00 · 2025-08-14 20:49:11 +02:00 · c1385df0f9
commit c1385df0f9
parent fbb65e77c0
36 changed files with 3256 additions and 129 deletions
--- a/lib/learning_phoenix_web/controllers/user_controller.ex
+++ b/lib/learning_phoenix_web/controllers/user_controller.ex
@ -1,36 +0,0 @@
-defmodule LearningPhoenixWeb.UserController do
-  use LearningPhoenixWeb, :controller
-  alias LearningPhoenix.{Repo, User}
-
-  def index(conn, _params) do
-    conn
-    |> assign(:test, Repo.all(User))
-    |> render(:index)
-  end
-
-  def edit(conn, _params) do
-    render(conn, :edit)
-  end
-
-  def new(conn, _params) do
-    render(conn, :new)
-  end
-
-  def show(conn, _params) do
-    render(conn, :show)
-  end
-
-  def create(conn, _params) do
-    #redirect(conn, url(~p"/users/#{id}"))
-    redirect(conn, url(~p"/users"))
-  end
-
-  def update(conn, _params) do
-    #redirect(conn, url(~p"/users/#{id}"))
-    redirect(conn, url(~p"/users"))
-  end
-
-  def delete(conn, _params) do
-    redirect(conn, url(~p"/users"))
-  end
-end
--- a/lib/learning_phoenix_web/controllers/user_html.ex
+++ b/lib/learning_phoenix_web/controllers/user_html.ex
@ -1,10 +0,0 @@
-defmodule LearningPhoenixWeb.UserHTML do
-  @moduledoc """
-  This module contains pages rendered by PageController.
-
-  See the `page_html` directory for all templates available.
-  """
-  use LearningPhoenixWeb, :html
-
-  embed_templates "user_html/*"
-end
--- a/lib/learning_phoenix_web/controllers/user_html/edit.html.heex
+++ b/lib/learning_phoenix_web/controllers/user_html/edit.html.heex
@ -1,9 +0,0 @@
-<Layouts.flash_group flash={@flash} />
-<div class="m-32 text-center">
-  <h1 class="text-4xl font-bold mb-8">
-     Page d'edit des utilisateurs
-  </h1>
-  <p class="text-xl">
-    Cette page permet de modifier un utilisateur 
-  </p>
-</div>
--- a/lib/learning_phoenix_web/controllers/user_html/index.html.heex
+++ b/lib/learning_phoenix_web/controllers/user_html/index.html.heex
@ -1,18 +0,0 @@
-<Layouts.flash_group flash={@flash} />
-<div class="m-32 text-center">
-  <h1 class="text-4xl font-bold mb-8">
-    Liste de tous les utilisateurs
-  </h1>
-  <p class="text-xl">
-    Cette page contient la liste de tous les utilisateurs
-  </p>
-  <div class="flex flex-col gap-4 justify-center justify-items-center">
-    <%= for user <- @test do %>
-      <div class="flex flex-col gap-2">
-        <p>Hello {user.name}!</p>
-        <p>Your email is {user.email}</p>
-        <p>And your hashed password is {user.password}.</p>
-      </div>
-    <% end %>
-  </div>
-</div>
--- a/lib/learning_phoenix_web/controllers/user_html/new.html.heex
+++ b/lib/learning_phoenix_web/controllers/user_html/new.html.heex
@ -1,9 +0,0 @@
-<Layouts.flash_group flash={@flash} />
-<div class="m-32 text-center">
-  <h1 class="text-4xl font-bold mb-8">
-    Création d'utilisateur
-  </h1>
-  <p class="text-xl">
-    Cette page permet de créer un utilisateur.
-  </p>
-</div>
--- a/lib/learning_phoenix_web/controllers/user_html/show.html.heex
+++ b/lib/learning_phoenix_web/controllers/user_html/show.html.heex
@ -1,9 +0,0 @@
-<Layouts.flash_group flash={@flash} />
-<div class="m-32 text-center">
-  <h1 class="text-4xl font-bold mb-8">
-    Info sur un utilisateur en particulier
-  </h1>
-  <p class="text-xl">
-    Cette page donne les info sur un utilisateur en particulier 
-  </p>
-</div>
--- a/lib/learning_phoenix_web/controllers/user_session_controller.ex
+++ b/lib/learning_phoenix_web/controllers/user_session_controller.ex
@ -0,0 +1,67 @@
+defmodule LearningPhoenixWeb.UserSessionController do
+  use LearningPhoenixWeb, :controller
+
+  alias LearningPhoenix.Accounts
+  alias LearningPhoenixWeb.UserAuth
+
+  def create(conn, %{"_action" => "confirmed"} = params) do
+    create(conn, params, "User confirmed successfully.")
+  end
+
+  def create(conn, params) do
+    create(conn, params, "Welcome back!")
+  end
+
+  # magic link login
+  defp create(conn, %{"user" => %{"token" => token} = user_params}, info) do
+    case Accounts.login_user_by_magic_link(token) do
+      {:ok, {user, tokens_to_disconnect}} ->
+        UserAuth.disconnect_sessions(tokens_to_disconnect)
+
+        conn
+        |> put_flash(:info, info)
+        |> UserAuth.log_in_user(user, user_params)
+
+      _ ->
+        conn
+        |> put_flash(:error, "The link is invalid or it has expired.")
+        |> redirect(to: ~p"/users/log-in")
+    end
+  end
+
+  # email + password login
+  defp create(conn, %{"user" => user_params}, info) do
+    %{"email" => email, "password" => password} = user_params
+
+    if user = Accounts.get_user_by_email_and_password(email, password) do
+      conn
+      |> put_flash(:info, info)
+      |> UserAuth.log_in_user(user, user_params)
+    else
+      # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
+      conn
+      |> put_flash(:error, "Invalid email or password")
+      |> put_flash(:email, String.slice(email, 0, 160))
+      |> redirect(to: ~p"/users/log-in")
+    end
+  end
+
+  def update_password(conn, %{"user" => user_params} = params) do
+    user = conn.assigns.current_scope.user
+    true = Accounts.sudo_mode?(user)
+    {:ok, {_user, expired_tokens}} = Accounts.update_user_password(user, user_params)
+
+    # disconnect all existing LiveViews with old sessions
+    UserAuth.disconnect_sessions(expired_tokens)
+
+    conn
+    |> put_session(:user_return_to, ~p"/users/settings")
+    |> create(params, "Password updated successfully!")
+  end
+
+  def delete(conn, _params) do
+    conn
+    |> put_flash(:info, "Logged out successfully.")
+    |> UserAuth.log_out_user()
+  end
+end