zachdaniel
commented
9 hours ago So, I've been thinking about this, and I think there is a design flaw. This was actually pointed out by a customer of Alembic's as well. These senders are "web-aware". In phx.gen.auth, that is not the case. They pass down a url which the internals then use to send.
The reason this isn't great for us is because we define the controllers. Certain setups get factually more difficult because of this choice (like if the URL is not static but dependent on a subdomain for tenancy, for example).
@jimsynz had originally used route helpers for this, which allowed it to be derived from the routes in the router. But that was soft deprecated in Phoenix in favor of verified routes, but in this case verified routes is actually crossing the boundary of app -> web in the wrong direction.
We probably need to come up with a backwards compatible idiomatic solution. Probably some kind of additional callback in the auth controller, and if that is defined we pass that down to the senders. like
def url_for(conn, :password, {:reset, token}) do
~p"/reset_password/#{token}"
end
def url_for(_, _, _), do: :defaultWhere default will just be the current host + a standard route for that thing.
Then, when calling actions with senders, they look for a context that is set called ash_authentication: %{url: <url>}, then pass that into the senders.
It sounds a bit involved, but I think phx.gen.auth has the right of it in going through the hoops that avoid this dependency.
@jimsynz what do you think?
When not using Phoenix, igniters such as
ash_authentication.add_strategy passwordwill generate email sender modules like this:This is invalid because the
urlfunction andpsigil are both provided byPhoenix.VerifiedRoutes.The
psigil can be removed for the non-Phoenix version of the module, leaving a plain string, but how to fully-qualify the URL properly?