Last active
November 25, 2015 21:29
-
-
Save mprymek/0fe6bb614c59e9b788fd to your computer and use it in GitHub Desktop.
Revisions
-
mprymek renamed this gist
Aug 5, 2014 . 1 changed file with 10 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,11 +1,11 @@ # Simple Phoenix authentication plug # # - based on Plug's session store # - redirects unauthenticated requests to login page "/login/<request url>" # - /static/... requests are not authenticated # - authentication is valid as long as session is valid (you can change this behaviour easily) # Because we need session to be fetched BEFORE this plug, we must put this to router.ex: #---------------------------- # copied from https://github.com/phoenixframework/phoenix/blob/master/lib/phoenix/router.ex @@ -19,7 +19,7 @@ Because we need session to be fetched BEFORE this plug, we must put this to rout # here put your other plugs... #---------------------------- # Auth plug code: #---------------------------- defmodule WebApp.Plugs.Auth do @@ -57,7 +57,7 @@ defmodule WebApp.Plugs.Auth do end #---------------------------- # Login page in router.ex: #---------------------------- get "/login/*src", WebApp.LoginController, :login @@ -66,7 +66,7 @@ Login page in router.ex: #---------------------------- # Login page controller: #---------------------------- defmodule WebApp.LoginController do -
Aug 5, 2014 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 5, 2014 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -72,12 +72,12 @@ Login page controller: defmodule WebApp.LoginController do use Phoenix.Controller def login(conn, _, messages\\[]) do if WebApp.Plugs.Auth.authenticated?(conn) do # already logged in redirect conn, "/#{conn.params["src"]}" else render conn, "login", [messages: messages] end end -
Aug 5, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,105 @@ Simple Phoenix authentication plug - based on Plug's session store - redirects unauthenticated requests to login page "/login/<request url>" - /static/... requests are not authenticated - authentication is valid as long as session is valid (you can change this behaviour easily) Because we need session to be fetched BEFORE this plug, we must put this to router.ex: #---------------------------- # copied from https://github.com/phoenixframework/phoenix/blob/master/lib/phoenix/router.ex key = Phoenix.Config.router!(__MODULE__, [:session_key]) secret = Phoenix.Config.router!(__MODULE__, [:session_secret]) plug Plug.Session, store: :cookie, key: key, secret: secret plug Phoenix.Plugs.SessionFetcher # auth plug now plug WebApp.Plugs.Auth, [] # here put your other plugs... #---------------------------- Auth plug code: #---------------------------- defmodule WebApp.Plugs.Auth do require Logger def init(opts), do: opts def call(conn, _opts) do cond do skip?(conn.path_info) -> conn authenticated?(conn) -> conn true -> Logger.debug "AUTH for #{inspect conn.path_info}" url = "/#{Enum.join(conn.path_info,"/")}" Phoenix.Controller.Connection.redirect(conn,"/login#{url}") Phoenix.Controller.Connection.halt!(conn) end end defp skip?(["static"|_]), do: true defp skip?(["login"|_]), do: true # # you can insert any unauthenticated pages here... # defp skip?(_), do: false def authenticated?(conn) do # BEWARE! # User is authenticated as long as session is valid! # You probably want to check if user still exists and is authorized here. Plug.Conn.get_session(conn, :user) != nil end end #---------------------------- Login page in router.ex: #---------------------------- get "/login/*src", WebApp.LoginController, :login post "/login/*src", WebApp.LoginController, :login_post get "/logout", WebApp.LoginController, :logout #---------------------------- Login page controller: #---------------------------- defmodule WebApp.LoginController do use Phoenix.Controller def login(conn, _) do if WebApp.Plugs.Auth.authenticated?(conn) do # already logged in redirect conn, "/#{conn.params["src"]}" else render conn, "login" end end def login_post(conn, _) do passwd = conn.params["password"] user = conn.params["username"] case WebApp.Auth.auth(user,passwd) do nil -> login(conn,[{:error,"Login failed."}]) group -> conn = conn |> Plug.Conn.put_session(:user, String.to_atom(user)) |> Plug.Conn.put_session(:group, group) redirect conn, "/#{conn.params["src"]}" end end def logout(conn, _) do conn = conn |> Plug.Conn.delete_session(:user) |> Plug.Conn.delete_session(:group) redirect conn, "/login" end end #----------------------------