mbski

mbski

Pow reset password - custom controller questions

Hi, for learning purposes I create API using Elixir/Phoenix. I’ve created whole custom authentication and after that I do the same using POW with custom controllers (just to learn how it works under the hood and have my boilerplates for next projects).

I stopped for a while doing custom controllers for Forgot password and reset password functions.

I read a lot of topics on forum but still i can’t pass through reset and update new password.

My function to forgot_password looks like that:

  @spec forgot_password(Conn.t(), map()) :: Conn.t()
  def forgot_password(conn, %{"user" => user_params}) do
    conn
    |> PowResetPassword.Plug.create_reset_token(user_params)
    |> case do
      {:ok, %{token: token, user: _user}, conn} ->
        #send email
        conn
        |> put_status(200)
        |> json(%{data: %{status: 200, message: "Email has been sent", token: token}})

      {:error, _changeset, conn} ->
        conn
        |> put_status(200)
        |> json(%{data: %{status: 200, message: "Email has been sent"}})
    end
  end

Its pretty straighforward. Always giving status 200 for security purposes, and token for passing it in POSTMAN during resetting password. I know that it should never go to production like that and Pow token is stored in cache. If You have some advices how to use Postman for authorization without passing tokens by hand in body I’d appreciate that (similar I have shown access tokens and renewal for register/login controllers)

For reset_password I wrote that function:

def reset_password(conn, %{"id" => token, "user" => user_params}) do

    with {:ok, conn} <- PowResetPassword.Plug.load_user_by_token(conn, token),
         {:ok, _user, conn}  <- PowResetPassword.Plug.update_user_password(conn, user_params) do
          conn
          |> put_status(:ok)
          |> json(%{status: "Password changed"})
    else
          {:error, changeset} ->
            {:error, changeset, conn}

          _ ->
            conn
            |> json(%{error: %{message: "Expired Token"}})
    end
end

The problem is like I found in docs and while testing, that update_user_password never returns an error when password and confirmation are not equal in this case (but in plug.ex its written that in should return {:error, changeset, conn}.
It returns “Password changed” and “Expired token”. Even if I put different passwords in body. Of course it doesnt change password then but I want to have two different errors if user makes mistake during writing password.

I found also on forum that function

  @spec reset_password(Conn.t(), map()) :: Conn.t()
  def reset_password(conn, %{"id" => token, "user" => user_params}) do
   conn
   |> PowResetPassword.Plug.load_user_by_token(token)
   |> case do
      {:ok, conn} ->
        PowResetPassword.Plug.update_user_password(conn, user_params)

      {:error, conn} ->
        json(conn, %{error: %{message: "Expired Token"}})
    end

  json(conn, %{status: "ok"})
  #end

It returns “ok” even if i put different password in body, but thankfully doesnt change it in DB. Expired token appears when loading user by token fails.

What comes to my mind is to put function for check password inputs if they are equal before updating password but I dont think if it is the best solution. Either nesting case statements looks awful.

Thanks for helping :slight_smile:

Most Liked

mbski

mbski

I read again docs and refactored a little function. Now it looks awful but works, I need to think prettier solution.

  @spec reset_password(Conn.t(), map()) :: Conn.t()
  def reset_password(conn, %{"id" => token, "user" => user_params}) do

    conn
      |> PowResetPassword.Plug.load_user_by_token(token)
      |> case do
          {:ok, conn} ->
            PowResetPassword.Plug.update_user_password(conn, user_params)
            |> case do
              {:error, _changeset, conn} ->
                json(conn, %{message: "Invalid passwords"})

              {:ok, _user, conn} ->
                json(conn, %{message: "Password changed"})
            end

          {:error, conn} ->
            json(conn, %{error: %{message: "Expired Token"}})
        end        
  end

OR

  @spec reset_password(Conn.t(), map()) :: Conn.t()
  def reset_password(conn, %{"id" => token, "user" => user_params}) do

    with {:ok, conn} <- PowResetPassword.Plug.load_user_by_token(conn, token),
         {:ok, _user, conn}  <- PowResetPassword.Plug.update_user_password(conn, user_params) do
          conn
          |> put_status(:ok)
          |> json(%{status: "Password changed"})
    else
          {:error, _changeset, conn} ->
            json(conn, %{error: %{message: "Passwords are not the same"}})

          _ ->
            json(conn, %{error: %{message: "Expired Token"}})
    end
  end

I mark as solution if it works well while testing but I’m still waiting for some advices about tokens cause I am elixir newbie :slight_smile:

Where Next?

Popular in Questions Top

nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New
JulienCorb
I am trying to implement my new.html.eex file to create new posts on my website. new.html.eex: &lt;h1&gt;Create Post&lt;/h1&gt; &lt;%= ...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
ycv005
I have followed this StackOverflow post to install the specific version of Erlang. And When I am running mix ecto.setup then getting fol...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New

Other popular topics Top

vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
dogweather
I wrote this comment on r/haskell, and it’s not popular there. :wink: But I think I’m on to something… Haskell reminds me of Java, and e...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New

We're in Beta

About us Mission Statement