phoenix_passkeys/lib/phoenix_passkeys_web/controllers/user_session_controller.ex

30 lines
857 B
Elixir

defmodule PhoenixPasskeysWeb.UserSessionController do
use PhoenixPasskeysWeb, :controller
alias PhoenixPasskeys.Accounts
alias PhoenixPasskeysWeb.UserAuth
def new(conn, _params) do
render(conn, :new, error_message: nil)
end
def create(conn, %{"user" => user_params}) do
%{"email" => email, "password" => password} = user_params
if user = Accounts.get_user_by_email_and_password(email, password) do
conn
|> put_flash(:info, "Welcome back!")
|> UserAuth.log_in_user(user, user_params)
else
# In order to prevent user enumeration attacks, don't disclose whether the email is registered.
render(conn, :new, error_message: "Invalid email or password")
end
end
def delete(conn, _params) do
conn
|> put_flash(:info, "Logged out successfully.")
|> UserAuth.log_out_user()
end
end