MarcusCemes

MarcusCemes

Custom authentication logic, add "account disabled" to default sign-in page

Hi,

I’m very new to Ash (Authentication) and evaluating it for a client project, amazing work so far!

My project requires the ability to disable accounts, Ash Authentication does so much out of the box, which is godsent after implementing it myself, but I’m struggling a little to customise it and ensure it works correctly. I don’t need any SSO providers.

With my current understanding, the simplest place for this seems to be in user.ex as an additional policy that checks the User resource active boolean attribute, before the AshAuthenticationInteraction bypass.

policy action_type(:read) do
  authorize_if expr(active == true)
end

bypass AshAuthentication.Checks.AshAuthenticationInteraction do
  authorize_if always()
end

This seems to work as intended… However the sign-in page displays “invalid email or password” for disabled accounts.

  1. Is there a way to display a custom error/flash message (with policies, or other), or does this need a custom sign-in page implementation?
  2. Would a validate or prepare in the sign_in_with_password action work better?
  3. In the case of wanting an audit trail for this or something similar, is there a way to retrieve the last resource of a one-to-many relation in an action (such as sign-in) and check an attribute (one user ↔ many disable change event)?

Thank you in advance!
Marcus

Marked As Solved

zachdaniel

zachdaniel

Creator of Ash

It’s often a security problem to display reasons for authentication failure, bit f you want to have a custom error, you should add a preparation with an after action hook to the sign in action, which checks if the user is active and returns a custom error if it is. Then you can react to that in your auth controller.

For having a relationship like you described, you can do:

has_one :something, Something do
  sort inserted_at: :desc
end

Where Next?

Popular in Questions Top

Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
qwerescape
Is there a way to get the call stack or stack trace at any point in the code? Not from exceptions, but an expression that returns how the...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
ycv005
I have followed this StackOverflow post to install the specific version of Erlang. And When I am running mix ecto.setup then getting fol...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
chensan
I have a User schema with a :from_id field set to type :string: defmodule TweetBot.Repo.Migrations.CreateUsers do use Ecto.Migration ...
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New

Other popular topics Top

WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
chrismccord
Phoenix 1.4.0 released Phoenix 1.4 is out! This release ships with exciting new features, most notably with HTTP2 support, improved deve...
688 31194 112
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New

We're in Beta

About us Mission Statement