Hi,
I have installed PowEmailConfirmation by following the documentation at: https://hexdocs.pm/pow/pow_email_confirmation.html so that user won’t be signed in when they register, and can’t be sing in until e-mail has been confirmed. But in my app every time I register a new user, the user gets signed in. How to resolve it.
Here is the server log which I got after registration:
[debug] Processing with MyAppWeb.RegistrationController.create/2
Parameters: %{"_csrf_token" => "P1AVSTEvLDYDGhsDMwo9CGQ9OTQBejYorb_-XLsuLbxfQCsz7Yfmf7_g", "_utf8" => "✓", "user" => %{"confirm_password" => "[FILTERED]", "email" => "test@example.com", "name" => "peter7", "password" => "[FILTERED]"}}
Pipelines: [:browser, :not_authenticated]
[debug] QUERY OK db=94.6ms decode=10.8ms queue=52.9ms
INSERT INTO "users" ("email","email_confirmation_token","name","password_hash","role","status","inserted_at","updated_at") VALUES ($1,$2,$3,$4,$5,$6,$7,$8) RETURNING "id" ["test@example.com", "c48215bc-e2e1-4b2f-b764-2d6c007c1650", "peter7", "$pbkdf2-sha512$100000$IMKQ6y4pirCN2W6vvLchvg==$jO7tao1Wzr9EBgQ3DzwxD5SdTai32UVEhDrCWKI+3DRbYzCygwWjNgLbqBoLi+pJw8P7BWdYe9C41UyN3BmX1A==", "user", 1, ~N[2019-10-14 11:02:31], ~N[2019-10-14 11:02:31]]
[debug] QUERY OK source="users" db=1.0ms queue=1.2ms
SELECT u0."id", u0."name", u0."role", u0."status", u0."unconfirmed_email", u0."email_confirmed_at", u0."email_confirmation_token", u0."password_hash", u0."email", u0."inserted_at", u0."updated_at" FROM "users" AS u0 WHERE (u0."id" = $1) [8]
[info] Sent 302 in 1088ms
[info] GET /gamerule
[debug] Processing with MyAppWeb.GameController.index/2
Parameters: %{}
Pipelines: [:browser, :game_layout, :protected]
my website route:
signup_path GET / MyAppWeb.RegistrationController :new
signup_path POST / MyAppWeb.RegistrationController :create
login_path GET /login MyAppWeb.SessionController :new
login_path POST /login MyAppWeb.SessionController :create
reset_password_path GET /reset-password/new MyAppWeb.ResetPasswordController :new
reset_password_path POST /reset-password MyAppWeb.ResetPasswordController :create
reset_password_path PATCH /reset-password/:id MyAppWeb.ResetPasswordController :update
PUT /reset-password/:id MyAppWeb.ResetPasswordController :update
reset_password_path GET /reset-password/:id MyAppWeb.ResetPasswordController :edit
logout_path DELETE /logout MyAppWeb.SessionController :delete
game_path GET /gamerule MyAppWeb.GameController :index
playgame_path GET /playgame MyAppWeb.GameController :playgame
websocket WS /socket/websocket MyAppWeb.UserSocket
Please suggest how can I prevent a user from signed-in without e-mail confirmation