Auth from code not via form submission

riverrun / openmaize

No longer maintained - was an Authentication library for Plug-based applications in Elixir

Other

206 stars 30 forks source link

Auth from code not via form submission #57

Closed noma4i closed 8 years ago

noma4i commented 8 years ago

Any ability to login as any user right from controller?

noma4i commented 8 years ago

Real world example: I need to auth as other users to get same experience.

riverrun commented 8 years ago

I'm not sure that I know what you mean. Do you want to be authenticated as any user without logging in? And is this in development or production?

noma4i commented 8 years ago

It's usual behaviour in web apps when you been admin auth as someone else or make immediate auth of just signed up user. Generally used in controller like: Openmaze.authenticate(conn, user) where user is record from db.

Right now set_session is a part of Plug based module and I can't invoke it in a way described above.

riverrun commented 8 years ago

For the immediate auth of just signed up user, you should be able to add a call to put_session(conn, :user_id, user_id) to the signup logic (if there are no errors, or course). As for viewing a resource as if you are another user, it depends a lot on the nature of your app. To be able to help you, I need the answer to the following questions:

How are you authorizing user resources - using roles, id, something else?
Do you always want to access certain pages as a certain user?
How do you want to access a page as another user - are you going to use an admin control panel or some other way?

noma4i commented 8 years ago

put_session works fine for just signed up user. All other stuff is more about my crazy app ;) Thanx a lot!