jarlah

jarlah

How to test live views with ash authentication plugs

I’m trying to find out how to test live views that are protected by Ash Authentication.

A straight forward way is to just fill in username and password and hit submit when visiting a protected page.

In my normal live view code I have this function in my conn_case.ex

  def log_in_user(conn, user) do
    token = ActivityPlanner.Accounts.generate_user_session_token(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session(:user_token, token)
  end

But this is using the custom auth stuff generated from gen.auth.

How can make something similar for Ash Authentication ? I think that’s maybe one of the problems with opaque code. Oh and yes I could probably peer into the source code, but currently I’m just whipping out some code and tries to avoid rabbit holes :slight_smile:

the ash project im working on is this GitHub - jarlah/ash-activity-planner · GitHub and the original project I worked on previously with normal live views is this one GitHub - jarlah/activity-planner: An example Phoenix application with foreign key multi tenancy · GitHub

Both of which are hobby projects with sole purpose to grind my way into getting familiar with all of Elixir :wink:

Marked As Solved

jarlah

jarlah

after a lot of trial and error, and inspecting the connection after login, I saw that a “user” was stored in the session in the form of

      "user" => "user?id=ef6f74a3-3795-4f0d-be4f-622db62f8c01"

so I made it all work in the tests by doing this:

  setup %{conn: conn} do
    user =
      AshActivityPlanner.Accounts.User
      |> Ash.Changeset.for_create(:register_with_password, %{
        email: "test@user.com",
        password: "password",
        password_confirmation: "password"
      })
      |> AshActivityPlanner.Accounts.create!()

    {:ok, %{conn: log_in_user_as_subject(conn, user)}}
  end

  # SNIP ...

  defp log_in_user_as_subject(conn, user) do
    subject = AshAuthentication.user_to_subject(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session("user", subject)
  end

Also Liked

brunoripa

brunoripa

Hi :wave: !

I have a slightly different implementation for my log_in_user:

    strategy = AshAuthentication.Info.strategy!(User, :password)

    assert {:ok, %User{} = user} =
             AshAuthentication.Strategy.action(strategy, :sign_in, %{
               email: email,
               password: password
             })

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> store_in_session(user)

I am leveraging the strategy so that I will be detecting any change in the resource if any, and also I am using the store_in_session function coming from AshAuthentication.Plug.Helpers, which will protect me from any eventual future change in the api.

Do you see any counterargument for such an implementation ?

Thanks :slight_smile:

zachdaniel

zachdaniel

Creator of Ash

I haven’t personally tested live views protected with AshAuthentication unfortunately. @jimsynz will probably be able to provide some more info after the weekend. You may have some luck looking at the test suite for AshAuthenticationPhoenix?

jimsynz

jimsynz

Ash Core Team

Hi there.

You can rewrite the log_in_user/2 function to use AshAuthentication in a few ways. Here I am assuming that your user resource is called User - if it is something else you will need to change current_user to current_X.

If your application is using retrieve_from_session/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_session/2) and has require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user_token", token)
end

If your application is using retrieve_from_session/2 and doesn’t have require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  subject = AshAuthentication.user_to_subject(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user", subject)
end

Lastly, if you’re using retrieve_from_bearer/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_bearer/2) you can do:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Plug.Conn.put_req_header("authorization", "Bearer #{token}")
end

All of this information is introspectable via AshAuthentication.Info - so I would welcome a PR that adds some test helpers to AshAuthentication.

Links:

  1. AshAuthentication.Plug.Helpers.retrieve_from_session/2
  2. AshAuthentication.Phoenix.Plug.load_from_session/2
  3. authentication.tokens.require_token_presence_for_authentication?
  4. AshAuthentication.Jwt.token_for_user/3
  5. AshAuthentication.user_to_subject/1
  6. AshAuthentication.Plug.Helpers.retrieve_from_bearer/2
  7. AshAuthentication.Phoenix.Plug.load_from_bearer/2
  8. AshAuthentication.Info

Where Next?

Popular in Questions Top

mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
vac
Hi, I’m quite new in Elixir and I’m trying to format a string to a PEM format. I have the certificate value like MIIDBTCCAe2...... and I...
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New

Other popular topics Top

sorentwo
Hello! tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability. After spen...
985 42920 311
New
Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
danschultzer
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch. This project took far...
548 29377 241
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New

We're in Beta

About us Mission Statement