I’m in the process of switching from Guardian to Pow. Now I’m trying to figure out how to get the current user in my Live View. I’ve figured out what my :session_key is - so I’m passing that via the live view route:
live "/tasks", TaskLive.Index, session: [ :zoinks_auth ], as: :task_live
And here’s what I want to do in my mount:
def mount( session, socket) do
socket = assign_new( socket, :current_user, fn -> Pow.Plug.current_user(session.zoinks_auth) end )
{:ok, socket}
end
Though current_user expects a conn. Is there a way to retrieve the current user in Pow with just the :session_key (and no Connection)?
I’m going to set up a website with LiveView very soon, and will look into this then.
One caveat with LiveView is that the session won’t be reloaded or renewed like with the REST endpoints. It may make sense to get the socket to keep the session alive, but not sure if session can be updated through LiveView.
Pow.Plug.current_user/1 pulls the :current_user assigns from the conn, after the conn has been through the Pow.Plug.Session plug. It’s required to pass a conn.
In the LiveView docs, the user id is passed in the session and then loading it in mount/2. So you could set up a plug in your pipeline that updates a session value with the current user id, and then load from the DB in mount/2.
You can also pull the credentials directly by using the :zoinks_auth value. You have to call Pow.Store.CredentialsCache.get([backend: Pow.Store.Backend.EtsCache], session_key), but be warned that you’ll be working with the internals of Pow. It’ll return a tuple with the user being the first element {user, _ inserted_at}, and a :not_found atom is returned if there is no user stored.
I’ll have to work with LiveView to see what can be the best approach to deal with short lived sessions, and retrieving session data.
If anybody has ideas for how this could work, please do reply as I’m just scratching the surface of LiveView
I’ve build a small helper module, which at an interval checks if the user is still authenticated. There are a few hardcoded assumptions in there, but might be helpful:
And some thoughts on keeping session alive at the end:
There’s still an issue with sessions expiring after 30 minutes. The above doesn’t keep sessions alive after that. The session id will also be rotated every 15 minutes. It’s triggered if the user is visiting other pages while the socket is open.
The session could have a fingerprint, and that fingerprint can be used to look up the session info no matter if it has been rotated or not. This would make it possible to keep the socket open even after the session has been rotated.
If the cookie somehow can be updated in the session, then we can also prevent expiration after 30 min (since we’ll then rotate within the socket).
The docs don’t quite make it clear, but the args list passed in the MFA has the Plug.Conn struct (associated with the current request) prepended to it. The function should return a map with String keys, which is passed as the session (second) arg to the mount/3 function.
I’m pretty new to elixir. Can you please show an example of the correct syntax for the MFA?
Edit:
To answer my own question, it looks like this works:
live "/test", TestWeb.TestLive, session: {__MODULE__, :with_session, []}
def with_session(conn) do
%{"current_user" => conn.assigns.current_user.id}
end
MFA is always {Module, FunctionName, ArgList}. So to call MyModule.blah() then it would be {MyModule, :blah, []}, or to call Something.vreep(1, 2, 3) then it would be {Something, :vreep, [1, 2, 3]}.
Now when a callback is done with extra arguments, they are traditionally always prepended (since that’s the fast operation), so when the conn is prepended then to call something like Module.blah(conn, 1, 2) you’d encode it as {Module, :blah, [1, 2]} and the caller will prepend the conn.
Is there a clearer example as I am also having trouble with using a session with a live view.
In the test setup I authenticate as per my other tests, but in the actual test I have this so far:
setup %{conn: conn} do
user = insert(:user)
conn = Pow.Plug.assign_current_user(conn, user, otp_app: :myapp)
{:ok, conn: conn}
end
test "created task will show up on the view", %{conn: conn} do
{:ok, view, html} = live(conn, Routes.tasks_path(conn, :index),
[session: {__MODULE__, :with_session, []}]
)
end
and just taken from above:
def with_session(conn) do
%{"current_user" => conn.assigns.current_user.id}
end
@danschultzer, any new features in POW for 1.5 phoenix version, especially on the liveview part.
how to get current_user in Phoenix.LiveView?, registering users in liveview.
I’ve been terribly busy lately, but starting to have some breathing room again. The GH issue that @glennr links to is the best option ATM, but I’m working on a helper module for Phoenix.Socket and Phoenix.LiveView. I’ve somewhat of a roadmap here that I hope to get back to ASAP: How will Pow adapt to the Auth initiative? · Issue #508 · pow-auth/pow · GitHub
