lcabrini
How to create accounts without self-registration?
I’m fairly new to both Elixir and Phoenix, although I have quite a bit of experience with other languages and frameworks and I’m usually able to figure things out.
I’m working with Phoenix 1.7, liveview and gen.auth. I don’t want users to be able to register. Instead, when you staff members join, an administrator would set up user accounts for them. I would have thought this would be a farily common use case, but maybe I’m wrong, because I haven’t found much searching.
I get that I can remove/comment out the registration endpoint. And I need to create endpoints for an admin to manage users. What I’m now sure about is how to go about the confirmation. Looking at the code, removing confirmed_at from the model doesn’t seem like the right way forward. Or is it?
I’m guessing somebody else has been in the same situation and solved it. How did you go about it? What would be the most straight-forward way to disable self-registration and not require user confirmation?
Most Liked
sodapopcan
Hello and welcome!
phx_gen_auth is meant to give you the bare-minimum needed to get going with auth. If you are looking for more fully-featured auth, you can look at Pow although its LiveView support isn’t all there yet but it’s coming.
Otherwise, I recently did what you’re describing in phx_gen_auth by repurposing the reset password form and the confirmation token. I did the following:
- Removed the registration form and anything related to it
- Added a user creation form to my admin area which:
- sets a long random password with
:crypto.strong_rand_bytes/1 - sends the user their confirmation email with the token link
- sets a long random password with
- Changed the confirmation page to display the reset password form and only mark the user as confirmed when they have set their new password.
- Ensure users can’t login until they have been confirmed (this is not done by default by the generator)
One gotcha is that if you are generated auth using LiveView and you want to auto-login the user after they have set their new password, the confirmation page should use a controller, not a LiveView. This is because you can’t set session data over websockets.
I know other people around here have done something similar approaches if you search around. If you choose to go this route then I’d be happy to try and answer any questions!
LostKobrakai
Yeah. If the invitation already works via email, then another confirmation is not needed. But that’s not always the case for systems, where “admins” create accounts.
Edit: Even in the former case you still want to retain the fact that confirmation happened.
LostKobrakai
I’d also add that it’s not meant to be the end of it all. It’s meant to give you a staring point and you can customize from there.
As for the confirmation. I’d still keep confirmation logic around. Doesn’t hurt to confirm that whomever owns the email is actually the intended person to be invited.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








