Get User Id with Pow from session for Live View?

I’m in the process of switching from Guardian to Pow. Now I’m trying to figure out how to get the current user in my Live View. I’ve figured out what my :session_key is - so I’m passing that via the live view route:

live "/tasks", TaskLive.Index, session: [ :zoinks_auth ], as: :task_live

And here’s what I want to do in my mount:

  def mount( session, socket) do
    socket = assign_new( socket, :current_user, fn -> Pow.Plug.current_user(session.zoinks_auth) end )

    {:ok, socket}
  end

Though current_user expects a conn. Is there a way to retrieve the current user in Pow with just the :session_key (and no Connection)?

2 Likes

I’m going to set up a website with LiveView very soon, and will look into this then.

One caveat with LiveView is that the session won’t be reloaded or renewed like with the REST endpoints. It may make sense to get the socket to keep the session alive, but not sure if session can be updated through LiveView.

Pow.Plug.current_user/1 pulls the :current_user assigns from the conn, after the conn has been through the Pow.Plug.Session plug. It’s required to pass a conn.

In the LiveView docs, the user id is passed in the session and then loading it in mount/2. So you could set up a plug in your pipeline that updates a session value with the current user id, and then load from the DB in mount/2.

You can also pull the credentials directly by using the :zoinks_auth value. You have to call Pow.Store.CredentialsCache.get([backend: Pow.Store.Backend.EtsCache], session_key), but be warned that you’ll be working with the internals of Pow. It’ll return a tuple with the user being the first element {user, _ inserted_at}, and a :not_found atom is returned if there is no user stored.

I’ll have to work with LiveView to see what can be the best approach to deal with short lived sessions, and retrieving session data.

If anybody has ideas for how this could work, please do reply as I’m just scratching the surface of LiveView :smile:

7 Likes

I’ve build a small helper module, which at an interval checks if the user is still authenticated. There are a few hardcoded assumptions in there, but might be helpful:

5 Likes

This is great, thanks @LostKobrakai! I’ve refactored the code here to make it work in most cases: https://github.com/danschultzer/pow/issues/271#issuecomment-534687467

And some thoughts on keeping session alive at the end:

There’s still an issue with sessions expiring after 30 minutes. The above doesn’t keep sessions alive after that. The session id will also be rotated every 15 minutes. It’s triggered if the user is visiting other pages while the socket is open.

The session could have a fingerprint, and that fingerprint can be used to look up the session info no matter if it has been rotated or not. This would make it possible to keep the socket open even after the session has been rotated.

If the cookie somehow can be updated in the session, then we can also prevent expiration after 30 min (since we’ll then rotate within the socket).

FYI: Phoenix LiveView 0.9.0 allows you to pass a function for the session option of live/4 and live_render/3.

Relevant docs: https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.Router.html#live/4

The docs don’t quite make it clear, but the args list passed in the MFA has the Plug.Conn struct (associated with the current request) prepended to it. The function should return a map with String keys, which is passed as the session (second) arg to the mount/3 function.

1 Like

I’m pretty new to elixir. Can you please show an example of the correct syntax for the MFA?

Edit:

To answer my own question, it looks like this works:

live "/test", TestWeb.TestLive, session: {__MODULE__, :with_session, []}

def with_session(conn) do
  %{"current_user" => conn.assigns.current_user.id}
end
4 Likes

MFA is always {Module, FunctionName, ArgList}. So to call MyModule.blah() then it would be {MyModule, :blah, []}, or to call Something.vreep(1, 2, 3) then it would be {Something, :vreep, [1, 2, 3]}. :slight_smile:

Now when a callback is done with extra arguments, they are traditionally always prepended (since that’s the fast operation), so when the conn is prepended then to call something like Module.blah(conn, 1, 2) you’d encode it as {Module, :blah, [1, 2]} and the caller will prepend the conn. :slight_smile:

4 Likes

Is there a clearer example as I am also having trouble with using a session with a live view.

In the test setup I authenticate as per my other tests, but in the actual test I have this so far:

      setup %{conn: conn} do
      user = insert(:user)
      conn = Pow.Plug.assign_current_user(conn, user, otp_app: :myapp)
    
      {:ok, conn: conn}
    end

    test "created task will show up on the view", %{conn: conn}  do
      {:ok, view, html} = live(conn, Routes.tasks_path(conn, :index),       
        [session: {__MODULE__, :with_session, []}]
      )
    end

and just taken from above:

  def with_session(conn) do
    %{"current_user" => conn.assigns.current_user.id}
  end

Any help would be appreciated.

@danschultzer, any new features in POW for 1.5 phoenix version, especially on the liveview part.
how to get current_user in Phoenix.LiveView?, registering users in liveview.

1 Like

@tenzil check out this discussion happening over at the Pow GH repo: https://github.com/danschultzer/pow/issues/271

1 Like

Thank you! I was struggling with :not_found when calling Pow.Store.CredentialsCache.get and the solution was in that issue. :tada:

I’ve been terribly busy lately, but starting to have some breathing room again. The GH issue that @glennr links to is the best option ATM, but I’m working on a helper module for Phoenix.Socket and Phoenix.LiveView. I’ve somewhat of a roadmap here that I hope to get back to ASAP: How will Pow adapt to the Auth initiative? · Issue #508 · pow-auth/pow · GitHub

1 Like