shadowfacts
/
phoenix_passkeys
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
phoenix_passkeys/lib/phoenix_passkeys_web/controllers/user_reset_password_control...

67 lines
1.8 KiB
Elixir
Raw Blame History

defmodule PhoenixPasskeysWeb.UserResetPasswordController do
use PhoenixPasskeysWeb, :controller
alias PhoenixPasskeys.Accounts
plug :get_user_by_reset_password_token when action in [:edit, :update]
def new(conn, _params) do
render(conn, :new)
end
def create(conn, %{"user" => %{"email" => email}}) do
if user = Accounts.get_user_by_email(email) do
Accounts.deliver_user_reset_password_instructions(
user,
&url(~p"/users/reset_password/#{&1}")
)
end
conn
|> put_flash(
:info,
"If your email is in our system, you will receive instructions to reset your passkey shortly."
)
|> redirect(to: ~p"/")
end
def edit(conn, _params) do
render(conn, :edit, email: conn.assigns.user.email)
end
# Do not log in the user after reset password to avoid a
# leaked token giving the user access to the account.
def update(conn, %{
"credential_id" => credential_id,
"public_key_spki" => public_key_spki
}) do
credential_id = Base.decode64!(credential_id)
public_key_spki = Base.decode64!(public_key_spki)
case Accounts.reset_user_credentials(conn.assigns.user, credential_id, public_key_spki) do
:ok ->
conn
|> put_flash(:info, "Passkey reset successfully.")
|> json(%{status: :ok})
{:error, _} ->
conn
|> put_flash(:error, "Error resetting passkey")
|> json(%{status: :error})
end
end
defp get_user_by_reset_password_token(conn, _opts) do
%{"token" => token} = conn.params
if user = Accounts.get_user_by_reset_password_token(token) do
conn |> assign(:user, user) |> assign(:token, token)
else
conn
|> put_flash(:error, "Reset password link is invalid or it has expired.")
|> redirect(to: ~p"/")
|> halt()
end
end
end
Reference in New Issue View Git Blame Copy Permalink