This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def confirm_email(conn, %{"token" => token}) do | |
case Accounts.update_user_email(conn.assigns.current_user, token) do | |
:ok -> | |
conn | |
|> put_flash(:info, "Email changed successfully.") | |
|> redirect(to: Routes.user_settings_path(conn, :edit)) | |
:error -> | |
conn | |
|> put_flash(:error, "Email change link is invalid or it has expired.") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def update(conn, %{"action" => "update_password"} = params) do | |
%{"current_password" => password, "user" => user_params} = params | |
user = conn.assigns.current_user | |
case Accounts.update_user_password(user, password, user_params) do | |
{:ok, user} -> | |
conn | |
|> put_flash(:info, "Password updated successfully.") | |
|> put_session(:user_return_to, Routes.user_settings_path(conn, :edit)) | |
|> UserAuth.log_in_user(user) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def update(conn, %{"action" => "update_email"} = params) do | |
%{"current_password" => password, "user" => user_params} = params | |
user = conn.assigns.current_user | |
case Accounts.apply_user_email(user, password, user_params) do | |
{:ok, applied_user} -> | |
Accounts.deliver_update_email_instructions( | |
applied_user, | |
user.email, | |
&Routes.user_settings_url(conn, :confirm_email, &1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Do not log in the user after confirmation to avoid a | |
# leaked token giving the user access to the account. | |
def confirm(conn, %{"token" => token}) do | |
case Accounts.confirm_user(token) do | |
{:ok, _} -> | |
conn | |
|> put_flash(:info, "Account confirmed successfully.") | |
|> redirect(to: "/") | |
:error -> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def create(conn, %{"user" => %{"email" => email}}) do | |
if user = Accounts.get_user_by_email(email) do | |
Accounts.deliver_user_confirmation_instructions( | |
user, | |
&Routes.user_confirmation_url(conn, :confirm, &1) | |
) | |
end | |
# Regardless of the outcome, show an impartial success/error message. | |
conn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def reset_user_password(user, attrs) do | |
Ecto.Multi.new() | |
|> Ecto.Multi.update(:user, User.password_changeset(user, attrs)) | |
|> Ecto.Multi.delete_all(:tokens, UserToken.user_and_contexts_query(user, :all)) | |
|> Repo.transaction() | |
|> case do | |
{:ok, %{user: user}} -> {:ok, user} | |
{:error, :user, changeset, _} -> {:error, changeset} | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Do not log in the user after reset password to avoid a | |
# leaked token giving the user access to the account. | |
def update(conn, %{"user" => user_params}) do | |
case Accounts.reset_user_password(conn.assigns.user, user_params) do | |
{:ok, _} -> | |
conn | |
|> put_flash(:info, "Password reset successfully.") | |
|> redirect(to: Routes.user_session_path(conn, :new)) | |
{:error, changeset} -> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
... | |
plug :get_user_by_reset_password_token when action in [:edit, :update] | |
... | |
def edit(conn, _params) do | |
render(conn, "edit.html", changeset: Accounts.change_user_password(conn.assigns.user)) | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def create(conn, %{"user" => %{"email" => email}}) do | |
if user = Accounts.get_user_by_email(email) do | |
Accounts.deliver_user_reset_password_instructions( | |
user, | |
&Routes.user_reset_password_url(conn, :edit, &1) | |
) | |
end | |
# Regardless of the outcome, show an impartial success/error message. | |
conn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def verify_email_token_query(token, context) do | |
case Base.url_decode64(token, padding: false) do | |
{:ok, decoded_token} -> | |
hashed_token = :crypto.hash(@hash_algorithm, decoded_token) | |
days = days_for_context(context) | |
query = | |
from token in token_and_context_query(hashed_token, context), | |
join: user in assoc(token, :user), | |
where: token.inserted_at > ago(^days, "day") and token.sent_to == user.email, |
NewerOlder