kmx.io/kmxgit/lib/kmxgit_web/controllers/user_session_controller.ex

Branch : - branch - master nif nif2 nif2_rebased nif3 nif4 nif4_rebased nif_rebased v0.1 v0.2 v0.3 v0.4 - tag - v0 v0.1.0 v0.1.1 v0.2.0 v0.3.0 v0.3.1 v0.3.2 v0.3.3 v0.4.0

• Show log

  Commit

• Author : Thomas de Grivel
  Date : 2021-12-28 21:56:04
  Hash : 8bfb8418
  Message : TOTP (Google Authenticator)

• lib/kmxgit_web/controllers/user_session_controller.ex

• defmodule KmxgitWeb.UserSessionController do
    use KmxgitWeb, :controller
  
    alias Kmxgit.UserManager
    alias KmxgitWeb.UserAuth
  
    def new(conn, _params) do
      render(conn, "new.html", error_message: nil)
    end
  
    def create(conn, %{"user" => user_params}) do
      %{"login" => login, "password" => password, "otp" => otp} = user_params
      if user = UserManager.get_user_by_login_and_password(login, password) do
        if user.otp_last == 0 || UserManager.verify_user_totp(user, otp) do
          UserAuth.log_in_user(conn, user, user_params)
        else
          conn
          |> assign(:error_message, "Invalid token")
          |> render("new.html")
        end
      else
        # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
        conn
        |> assign(:error_message, "Invalid email or password")
        |> render("new.html")
      end
    end
    def create(conn, _params) do
      not_found(conn)
    end
  
    def delete(conn, _params) do
      conn
      |> UserAuth.log_out_user()
      |> put_flash(:info, "Logged out successfully.")
    end
  end