flmel
Pow Controllers and LiveView
Hello Everyone,
I’m trying to make Pow register form validation trough LiveView which I more or less succeeded at. However, upon user creation pow normally would log the user trough the plug:
from pow docs
def create(conn, %{"user" => user_params}) do
conn
|> Pow.Plug.create_user(user_params)
|> case do
{:ok, user, conn} ->
conn
|> put_flash(:info, "Welcome!")
|> redirect(to: Routes.page_path(conn, :index))
...
end
My LiveView event currently looks like this (i had to create a custom function create_user in order to escape the conn needed for the Plug but now Im trying to figure out how to log in the user on creation…
def handle_event("save", %{"user" => user_params}, socket) do
case Accounts.create_user(user_params) do
{:ok, _user} ->
# Form is valid
{:stop,
socket
|> put_flash(:info, "user created")
|> redirect(to: Routes.live_path(socket, MyApp.SearchLive))}
..
So basically is there a way to pass the conn trough my liveview or i shall copy/write the entire functionality myself.
@danschultzer somewhere in the forum you’ve mentioned that you would put a demo with liveview did you ever get around to do that ?
Thanks for your time
Marked As Solved
chrismccord
This is one of the usecases I have highlighted all along for where LV shines. Imagine a registration form where you necessarily want to improve UX because it directly increases conversions. You want to give the user feedback as soon as possible when they are trying to sign up, so realtime validations are essential, but LV allows you to add it without bringing int a client side solution and all the baggage that comes with it. The outstanding issues with a full LiveView signin or registration form is the cookie session writing on login or sign up. This can’t happen over websockts so folks have two options.
- Use phx-change on the form, but allow the regular form post to hit a controller that performs
put_session - Use LV for phx-change and phx-submit, and perform a redirect to a session controller, with a signed token which is used to call
put_sessionto write the session
So LV is can be used here without any of the mentioned security issues. You are of course free to use regular controllers if that’s a better fit ![]()
Also Liked
danschultzer
You can’t set cookies in a WebSocket. You have to pass the session id value to the client and set up some custom JS client side that will set it as a cookie. There’s some security issues too. I would recommend that you only deal with auth in HTTP.
Haven’t gotten to it yet. I’m trying out a Pow implementation with Phoenix.Socket though, hopefully can take what I learn from that and add it to the Pow docs/code ![]()
andreaseriksson
Thanks.
I can’t say for sure its a bad idea to have a live validation on the registration (or login) form but it seems overly complicated and could be a security risk. Especially if you check for if email is already used. I just can’t see the upside other than learning how it works behind the scenes.
Schultzer
I don’t want to ruin your learning experience but take a look at the pow/lib/pow/phoenix/controllers/registration_controller.ex at main · pow-auth/pow · GitHub
I would also go through this issue Instructions for WebSocket usage (e.g. Phoenix Channels and LiveView) · Issue #271 · pow-auth/pow · GitHub
The last thing you want to figure out is the differences between session and token based authentications and how to handle session based authentication in a LiveView socket.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









