bcardarella/session_controller.ex

## session_controller.ex
defmodule SogApi.SessionController do
  use SogApi.Web, :controller
  import Comeonin.Bcrypt
  import SogApi.Authenticator

  alias SogApi.Account
  alias SogApi.AccountSerializer

  plug :attempt_to_authenticate, "before delete" when action in [:delete, :show]

  def forgot_password(conn, %{"token" => token}) do
    create(conn, :forgot_password, token)
  end

  def register(conn, %{"token" => token}) do
    create(conn, :register, token)
  end

  def create(conn, %{"email" => email, "password" => password}) do
    query = Ecto.Query.from a in Account,
      where: a.login == ^email

    params = %{
      "password" => password,
      "email" => email,
      "query" => query
    }
    create(conn, :password, params)
  end

  def show(conn, _params) do
    account = conn.assigns[:account]
    authenticate_account(conn, account)
  end

  def create(conn, type, params) do
    auth(type, params)
    |> Account.can_access?(type)
    |> case do
      %Account{}=account ->
        authenticate_account(conn, account)
      nil ->
        send_resp(conn, 401, "")
    end
  end

  defp authenticate_account(conn, account) do
    serialized_account = Account.update_login_data(conn, account)
    |> Repo.update!
    |> AccountSerializer.format(conn)

    fetch_session(conn)
    |> put_session(:account_id, account.id)
    |> json(serialized_account)
  end

  def auth(:password, %{"email" => email, "password" => password, "query" => query}) do
    account = Repo.one!(query)

    case checkpw(password, account.password_hash) do
      true ->
        account
      _ ->
        nil
    end
  end

  def auth(:register, token) do
    query = Ecto.Query.from a in Account,
      where: a.signup_token == ^token

    Repo.one(query)
  end

  def auth(:forgot_password, token) do
    query = Ecto.Query.from a in Account,
      where: a.password_reset_token == ^token

    Repo.one(query)
  end

  def delete(conn, _params) do
    conn
    |> fetch_session
    |> delete_session(:account_id)
    |> send_resp(:no_content, "")
  end
end
	defmodule SogApi.SessionController do
	use SogApi.Web, :controller
	import Comeonin.Bcrypt
	import SogApi.Authenticator

	alias SogApi.Account
	alias SogApi.AccountSerializer

	plug :attempt_to_authenticate, "before delete" when action in [:delete, :show]

	def forgot_password(conn, %{"token" => token}) do
	create(conn, :forgot_password, token)
	end

	def register(conn, %{"token" => token}) do
	create(conn, :register, token)
	end

	def create(conn, %{"email" => email, "password" => password}) do
	query = Ecto.Query.from a in Account,
	where: a.login == ^email

	params = %{
	"password" => password,
	"email" => email,
	"query" => query
	}
	create(conn, :password, params)
	end

	def show(conn, _params) do
	account = conn.assigns[:account]
	authenticate_account(conn, account)
	end

	def create(conn, type, params) do
	auth(type, params)
	\|> Account.can_access?(type)
	\|> case do
	%Account{}=account ->
	authenticate_account(conn, account)
	nil ->
	send_resp(conn, 401, "")
	end
	end

	defp authenticate_account(conn, account) do
	serialized_account = Account.update_login_data(conn, account)
	\|> Repo.update!
	\|> AccountSerializer.format(conn)

	fetch_session(conn)
	\|> put_session(:account_id, account.id)
	\|> json(serialized_account)
	end

	def auth(:password, %{"email" => email, "password" => password, "query" => query}) do
	account = Repo.one!(query)

	case checkpw(password, account.password_hash) do
	true ->
	account
	_ ->
	nil
	end
	end

	def auth(:register, token) do
	query = Ecto.Query.from a in Account,
	where: a.signup_token == ^token

	Repo.one(query)
	end

	def auth(:forgot_password, token) do
	query = Ecto.Query.from a in Account,
	where: a.password_reset_token == ^token

	Repo.one(query)
	end

	def delete(conn, _params) do
	conn
	\|> fetch_session
	\|> delete_session(:account_id)
	\|> send_resp(:no_content, "")
	end
	end