Closed christopherdbull closed 6 years ago
The Authenticate plug just handles authentication, and so it is only responsible for checking if there is a current user (either by checking the session or checking the headers for a valid token) and adding the current_user information to the conn. As for authorization / access control, the Authorization page on the wiki provides more information.
If you have set up your project with the phauxth installer - see the getting started page for details - the authorize.ex file in the controllers directory contains examples of functions / plugs to handle access control.
If you have any other questions, feel free to ask.
Thanks for the quick response! That all makes sense now. I actually have one more question, which is unrelated so can raise another issue if this is atypical. I'm on a 2013 15in rMBP. I normally find elixir runs quite fast, but since bootstrapping a project with the installer, it takes 13seconds to run the tests, logging in takes 400ms, all much slower than any other phoenix and elixir code, and a lot of rails code. Is this normal for the phauxth installer performance in a dev environment? This is with elixir 1.5.2 and phoenix 1.3.
Thanks for pointing that out. You need to add test configuration values (for the password hashing algorithm you are using) to the config/test.exs file, as in this example.
I've opened this issue, so future versions of phauxth_installer will automatically add these values to the config/test.exs file.
Thanks for that, works much better now (0.5s) :)
I've started using this and, firstly, just want to say it's a very nice library. I have one question though: I would've expected that the
Authenticate
plug would return a 401 status when a current_user wasn't found. Is there a way to easily extend the plug to do this? Or do I just need to write another plug function to check ifcurrent_user
is nil?Thanks again for the library!