LiveView using basic `Map` as session and not `Plug.Conn`

johnnyicon · November 10, 2020, 8:36pm

Hi all, working with LiveView and the code generated by phx.gen.live. I’m also working with code generated by phx_gen_auth for my authentication.

I’m trying to use the functions defined in UserAuth from phx_gen_auth to manage authentication on a LiveView. I looked through the code of UserAuth and saw that it expects sesions to be of type Plug.Conn.
However, it seems that LiveView is using a basic Map. In particular, I looked at the parameters of the function
def mount(_params, session, socket) of a LiveView and inspected the session parameter.

Should it be using Plug.Conn?

If not, how would I convert a Map to Plug.Conn so I can use the functions defined in UserAuth?

Cheers!

voughtdq · November 10, 2020, 9:39pm

What do you need to do?

In your router (router.ex) you should have something like this:

  scope "/", PayBillWeb do
    pipe_through [:browser, :require_authenticated_user]

    get "/users/settings", UserSettingsController, :edit
    put "/users/settings/update_password", UserSettingsController, :update_password
    put "/users/settings/update_email", UserSettingsController, :update_email
    get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email

    live "/sequences", SequenceLive.Index, :index
    live "/sequences/new", SequenceLive.Index, :new
    live "/sequences/:id/edit", SequenceLive.Index, :edit

    live "/sequences/:id", SequenceLive.Show, :show
    live "/sequences/:id/show/edit", SequenceLive.Show, :edit
  end

Here if someone tries to go to /sequences they will be redirected to the login controller if they aren’t already authenticated.

At this point if you’re inside a live view, you don’t need to use any of the UserAuth functions. The UserAuth functions are supposed to be used over HTTP because they are for setting cookies and renewing sessions.

Instead, when mounting, you get a map, like you mentioned, in the session argument. Here, you can pull out the user_token so you can find the user in the database:

  def mount(_params, %{"user_token" => user_token}, socket) do
    user = user_token && Accounts.get_user_by_session_token(user_token)
    ...
  end

Then you can do what you need to do as far as authorization is concerned.

johnnyicon · November 10, 2020, 9:46pm

I’m wanting to get access to the current user. To do that, I’m calling UserAuth.fetch_current_user(session, {}) within mount() When the code runs, the following error occurs:

Request: GET /contacts
** (exit) an exception was raised:
    ** (FunctionClauseError) no function clause matching in Plug.Conn.get_session/1
        (plug 1.10.4) lib/plug/conn.ex:1566: Plug.Conn.get_session(%{"_csrf_token" => "8QpsoNqphY4LSSZlcWRAgjjo", "live_socket_id" => "users_sessions:R8ARynE4Xr0R9XczxEJ7LYyPZlU0_K_Isj38GqlOCsU=", "user_token" => <<71, 192, 17, 202, 113, 56, 94, 189, 17, 245, 119, 51, 196, 66, 123, 45, 140, 143, 102, 85, 52, 252, 175, 200, 178, 61, 252, 26, 169, 78, 10, 197>>})
        (plug 1.10.4) lib/plug/conn.ex:1553: Plug.Conn.get_session/2
        (app 0.1.0) lib/app_web/controllers/user_auth.ex:101: AppWeb.UserAuth.ensure_user_token/1
        (app 0.1.0) lib/app_web/controllers/user_auth.ex:95: AppWeb.UserAuth.fetch_current_user/2
        lib/app_web/live/contact_live/index.ex:13: AppWeb.ContactLive.Index.mount/3

voughtdq · November 10, 2020, 9:53pm

Got it. So this code here:

  def mount(_params, %{"user_token" => user_token}, socket) do
    user = user_token && Accounts.get_user_by_session_token(user_token)
    ...
  end

Is actually a direct copy from UserAuth repurposed for the live view mount. If you want to create something that is more general purpose you might do this:

def get_current_user(%{"user_token" => user_token} = _session) do
  user_token && Accounts.get_user_by_session_token(user_token)
end

Then you can do this in any of your mounts:

  def mount(_params, session, socket) do
    user = get_current_user(session)
  end