Trying to implement force logging out a user when their account was disabled after they logged in. I’m using phx_gen_auth
for authentication.
I added an extra check called require_eligible_user/2
with this for handling the aforementioned.
# user_auth.ex
# In a cond expression
current_user.is_disabled ->
conn
|> put_flash(
:error,
"Your account is disabled. If you think this was a mistake, contact your administrator."
)
|> log_out_user() # phx_gen_auth's default `log_out_user/1`
Then I wrote the following test
# test file
# With `register_and_log_in` setup
test "ensures disabled accounts can't edit a resource", %{conn: conn, user: user} do
resource = resource_fixture(%{name: "Resource Name"})
# So the user is logged in before this.
Ecto.Changeset.change(user, is_disabled: true) |> Repo.update!()
{:ok, _, html} =
conn
|> live(Routes.resource_view_path(conn, :view, resource.id)) # Fails here
|> follow_redirect(conn)
assert html =~ "Your account is disabled. If you think this was a mistake, contact your administrator."
end
Error
** (Plug.Conn.AlreadySentError) the response was already sent
code: |> live(Routes.resource_view_path(conn, :view, resource.id))
I’ve tried using recycle
instead but I lose the assigns which isn’t something I want since I need the session, and whatnot. Plus doing so does not cause a redirect, which is supposedly expected with the log out behavior.