Skip to content
This repository has been archived by the owner on Jan 19, 2022. It is now read-only.

What is Openmaize

Jump to bottom
David Whitlock edited this page Apr 16, 2017 · 11 revisions

Openmaize is a collection of functions which can be used to authenticate users in any Plug-based application. It aims to be secure, lightweight and well-documented.

Plug

Before going into more detail about what Openmaize is, it will be useful to look closer at what a Plug is.

In simple terms, a Plug is a function that takes a conn (connection) struct as input, modifies the struct or checks certain values within the struct, and then returns the struct. As Plugs are composable, it is very straightforward to chain many of them together into a pipeline. When the function (route) for a page / resource is called, the user can then be granted or denied access (or some other action can be taken) based on the information in the conn struct.

Openmaize Plugs

All of the Openmaize Plugs check values within the conn struct and then either set the current_user or add an openmaize_info or openmaize_error message to the conn struct.

The descriptions below give an overview of each Openmaize Plug. For more information, see the relevant module's documentation.

Openmaize.Authenticate

Set the current_user value based on the session information in the conn. If no session information is found, the current_user is set to nil.

In a Phoenix app, you would normally use Openmaize.Authenticate in the web/router.ex file.

If you want to only run Openmaize.Authenticate for specific routes, you need to create a separate pipeline and scope, which is then only called for the routes you want to be authenticated, as in the following example:

pipeline :authenticate do
  plug Openmaize.Authenticate
end

scope "/" do
  pipe_through :browser
end

scope "/users" do
  pipe_through [:browser, :authenticate]
end

Openmaize.Login

Attempt to login the user. If the login is successful, an openmaize_info message will be added to the conn. If the login is not successful, an openmaize_error message will be added to the conn.

Openmaize.OnetimePass

Attempt to login the user using a one-time password. As with Openmaize.Login, either an openmaize_info or an openmaize_error message will be added to the conn.

Openmaize.ConfirmEmail

Check the email confirmation link. For more information, see the email-confirmation page.

Openmaize.ResetPassword

Check the email confirmation link so that the user's password can be reset. For more information, see the email-confirmation page.

Openmaize.Remember

Set the current_user value based on a remember me cookie in the conn.

If the current_user is already set, this function will just return the conn unaltered. If the current_user is not set and there is a remember_me cookie present, the cookie is checked, and if it is valid, the current_user is set and the user is added to the session.

Openmaize???

The name Openmaize is a pun on the phrase "Open Sesame", which comes from the story of Alibaba and the Forty Thieves.

Clone this wiki locally