Users & Authentication

Users
The user.ex schema looks like this:
user.ex
1
defmodule PetalPro.Accounts.User do
2
  ...
3
  
4
  schema "users" do
5
    field :name, :string
6
    field :email, :string
7
    field :password, :string, virtual: true, redact: true
8
    field :hashed_password, :string, redact: true
9
    field :confirmed_at, :naive_datetime
10
    field :is_admin, :boolean, default: false
11
    field :avatar, :string
12
    field :last_signed_in_ip, :string
13
    field :last_signed_in_datetime, :utc_datetime
14
    field :is_subscribed_to_marketing_notifications, :boolean, default: true
15
    field :is_suspended, :boolean, default: false
16
    field :is_deleted, :boolean, default: false
17
    field :is_onboarded, :boolean, default: false
18
​
19
    timestamps()
20
  end
21
  
22
  ...
23
end
Copied!
Users have some extra fields not included by phx.gen.auth:
Field
Type
Description
name
:string
A users full name
avatar
:string
A URL to the users avatar image
last_signed_in_ip
:string
The IP address of the last login by this user.
is_subscribed_to_marketing_notifications
:boolean
Track whether a user wants to receive marketing emails or not.
is_admin
:boolean
Admins get access to a special dashboard where they can modify users, see logs, etc.
is_suspended
:boolean
An admin can suspend a user, preventing them from logging in.
is_deleted
:boolean
Allows for soft deletion of users
is_onboarded
:boolean
Track whether or not a user has seen an onboarding screen after registering.
Authentication
We used phx.gen.auth (email/password) and modified the templates to use Tailwind and Petal Components.
Setting and accessing the current user 
Controller actions
For controller actions we use the plug provided by mix phx.gen.auth to set conn.assigns.current_user . 
user_auth.ex
1
defmodule PetalProWeb.UserAuth do
2
  ...
3
  
4
  def fetch_current_user(conn, _opts) do
5
    {user_token, conn} = ensure_user_token(conn)
6
    user = user_token && Accounts.get_user_by_session_token(user_token)
7
    assign(conn, :current_user, user)
8
  end
9
  
10
  ...
11
end
Copied!
You can see the :fetch_current_user plug used in the :browser pipeline in the router.
router.ex
1
defmodule PetalProWeb.Router do
2
  ...
3
​
4
  pipeline :browser do
5
    plug :accepts, ["html"]
6
    plug :fetch_session
7
    plug :fetch_live_flash
8
    plug :put_root_layout, {PetalProWeb.LayoutView, :root}
9
    plug :protect_from_forgery
10
    plug :put_secure_browser_headers
11
    plug :fetch_current_user
12
    plug PetalProWeb.SetLocalePlug, gettext: PetalProWeb.Gettext
13
    plug :set_color_scheme
14
  end
15
  
16
  ...
17
end
Copied!
If you want to enforce the user then you can use the :require_authenticated_user plug.
router.ex
1
scope "/", PetalProWeb do
2
  pipe_through [:browser, :require_authenticated_user]
3
  
4
  # Routes that require a logged in user go here
5
end
Copied!
Live views
We can't rely on our plugs in live views, since live views connect over web sockets and avoid the traditional request/response lifecycle. However, a live view will have access to the session, which contains the user token set upon login. Hence, in the live view mount we can use the token to find the user_token set in our database for that users session, and from there obtain the logged in user.
Instead of doing this on every live view mount function, we can extract this out into an on_mount function and then apply it in the router, like a mini pipeline.
user_on_mount_hooks.ex
1
defmodule PetalProWeb.UserOnMountHooks do
2
  ...
3
​
4
  def on_mount(:require_authenticated_user, _params, session, socket) do
5
    socket = maybe_assign_user(socket, session)
6
​
7
    if socket.assigns.current_user do
8
      {:cont, socket}
9
    else
10
      {:halt, redirect(socket, to: Routes.user_session_path(socket, :new))}
11
    end
12
  end
13
  
14
  defp maybe_assign_user(socket, session) do
15
    assign_new(socket, :current_user, fn ->
16
      get_user(session["user_token"])
17
    end)
18
  end
19
  
20
  ...
21
end
Copied!
router.ex
1
defmodule PetalProWeb.Router do
2
  ...
3
  
4
  scope "/", PetalProWeb do
5
    pipe_through [:browser, :require_authenticated_user]
6
​
7
    live_session :protected, on_mount: {PetalProWeb.UserOnMountHooks, :require_authenticated_user} do
8
      # Live routes that require a logged in user go here
9
    end
10
  end
11
  
12
  ...
13
end
Copied!

Guides - Previous

Creating a web app from start to finish

Next - Fundamentals

Included Pages

Last modified 2mo ago

Copy link

Contents

Users

Authentication

Setting and accessing the current user