How to stop automatic sign-in after registration with Pow?

Phoenix Forum Questions / Help
,
1

Hi,
I have installed PowEmailConfirmation by following the documentation at: https://hexdocs.pm/pow/pow_email_confirmation.html so that user won’t be signed in when they register, and can’t be sing in until e-mail has been confirmed. But in my app every time I register a new user, the user gets signed in. How to resolve it.

Here is the server log which I got after registration:

[debug] Processing with MyAppWeb.RegistrationController.create/2
  Parameters: %{"_csrf_token" => "P1AVSTEvLDYDGhsDMwo9CGQ9OTQBejYorb_-XLsuLbxfQCsz7Yfmf7_g", "_utf8" => "✓", "user" => %{"confirm_password" => "[FILTERED]", "email" => "test@example.com", "name" => "peter7", "password" => "[FILTERED]"}}
  Pipelines: [:browser, :not_authenticated]
[debug] QUERY OK db=94.6ms decode=10.8ms queue=52.9ms
INSERT INTO "users" ("email","email_confirmation_token","name","password_hash","role","status","inserted_at","updated_at") VALUES ($1,$2,$3,$4,$5,$6,$7,$8) RETURNING "id" ["test@example.com", "c48215bc-e2e1-4b2f-b764-2d6c007c1650", "peter7", "$pbkdf2-sha512$100000$IMKQ6y4pirCN2W6vvLchvg==$jO7tao1Wzr9EBgQ3DzwxD5SdTai32UVEhDrCWKI+3DRbYzCygwWjNgLbqBoLi+pJw8P7BWdYe9C41UyN3BmX1A==", "user", 1, ~N[2019-10-14 11:02:31], ~N[2019-10-14 11:02:31]]
[debug] QUERY OK source="users" db=1.0ms queue=1.2ms
SELECT u0."id", u0."name", u0."role", u0."status", u0."unconfirmed_email", u0."email_confirmed_at", u0."email_confirmation_token", u0."password_hash", u0."email", u0."inserted_at", u0."updated_at" FROM "users" AS u0 WHERE (u0."id" = $1) [8]
[info] Sent 302 in 1088ms
[info] GET /gamerule
[debug] Processing with MyAppWeb.GameController.index/2
  Parameters: %{}
  Pipelines: [:browser, :game_layout, :protected]

my website route:

signup_path  GET     /                                      MyAppWeb.RegistrationController :new
        signup_path  POST    /                                      MyAppWeb.RegistrationController :create
         login_path  GET     /login                                 MyAppWeb.SessionController :new
         login_path  POST    /login                                 MyAppWeb.SessionController :create
reset_password_path  GET     /reset-password/new                    MyAppWeb.ResetPasswordController :new
reset_password_path  POST    /reset-password                        MyAppWeb.ResetPasswordController :create
reset_password_path  PATCH   /reset-password/:id                    MyAppWeb.ResetPasswordController :update
                     PUT     /reset-password/:id                    MyAppWeb.ResetPasswordController :update
reset_password_path  GET     /reset-password/:id                    MyAppWeb.ResetPasswordController :edit
        logout_path  DELETE  /logout                                MyAppWeb.SessionController :delete
          game_path  GET     /gamerule                              MyAppWeb.GameController :index
      playgame_path  GET     /playgame                              MyAppWeb.GameController :playgame
          websocket  WS      /socket/websocket                      MyAppWeb.UserSocket

Please suggest how can I prevent a user from signed-in without e-mail confirmation

2

Pow example can be found here.

2 Likes
3

Well I see that you’re using only custom controllers. I’m using the default ones (including default controller for email_confirmation extension) in a project and users are not signed in after registration. Only my templates are customized since I need to add more fields and show them in French.

When you’re using custom controllers, you’ll have a lot of logic to take care of by yourself. Maybe you’ll have to write also custom controllers for all the extensions that you’re including in your project. Take a look at this.

Further customization


You may want to utilize some of the extensions, but since you have created a custom controller, it’s highly recommended that you do not rely on any controller methods in the extensions. Instead, you should implement the logic yourself to keep your controllers as explicit as possible.

So unless you’re very sure of what you’re doing, you should try to go with the default controllers first. they can handle most of the use cases. Why complicate life? :slight_smile:

2 Likes