feat: add convention-named Phoenix strategy tasks for auth integration#719
Merged
feat: add convention-named Phoenix strategy tasks for auth integration#719
Conversation
Add new igniter tasks that own Phoenix-specific integration for each authentication strategy, following the convention-routed composition pattern from `phx_install`. This complements the AA changes that strip Phoenix code from AA's igniters. New tasks: - `ash_authentication_phoenix.add_strategy` — orchestrator that composes both AA resource tasks and AAP Phoenix tasks - `ash_authentication_phoenix.add_strategy.totp` — controller mods, TOTP route insertion, `eqrcode` dependency - `ash_authentication_phoenix.add_strategy.password` — Swoosh sender upgrade for password reset emails - `ash_authentication_phoenix.add_strategy.magic_link` — Swoosh sender upgrade for magic link emails - `ash_authentication_phoenix.add_add_on.confirmation` — Swoosh sender upgrade for confirmation emails Installer changes: - Restructure ordering: create controller before composing AA install - Compose AAP strategy tasks after AA install based on `--auth-strategy` - Fix `auth_strategy: :string` -> `:csv` option type bug - Add `plug :set_actor, :user` to browser pipeline - Remove redundant `import AshAuthentication.Plug.Helpers` (was causing ambiguous `set_actor/2` function error) Bug fixes: - `TokenRevocationNotifier`: use `Map.delete(data, :__struct__)` to handle struct data in `live_socket_id_template` - `SetupForm`: conditional compilation when `eqrcode` is not available - `Verify2faForm`: validate code format directly instead of relying on `form.valid?` which fails on the `:user` struct argument - Generated TOTP sign-in clause: `store_in_session` before redirecting to `/totp-verify` so the verify plug can find the user via `get_actor`
- Fix `last_totp_at` type: `:utc_datetime` -> `:datetime` - Replace incorrect "Hard-Required 2FA" section with accurate description of the generated auth controller clauses - Add `plug :set_actor, :user` to browser pipeline examples - Add `auth_routes_prefix: "/auth"` to all route macro examples - Explain why `store_in_session` is called before TOTP verify redirect - Note automatic route insertion by the igniter task
On fresh installs, `warn_on_missing_modules` was running before `maybe_compose_aa_install`, so accounts/user/token modules didn't exist yet. This caused `handle_missing_module/5` to call `Igniter.add_issue/2` (fatal) before AA install had a chance to create them. Also removes incorrect comments about AA strategy tasks needing the controller to exist — AA's tasks don't reference AAP or the controller.
The TOTP strategy installer task generated `totp_2fa_route` and `totp_setup_route` without the `overrides` option, causing them to fall back to `Overrides.Default` which has no styling. All other auth routes (sign_in, reset, confirm, magic_sign_in) included overrides in their generated code. Now the TOTP task computes the overrides the same way the install task does.
jimsynz
force-pushed
the
phoenix-strategy-tasks
branch
from
9554a9b to
a998988
Compare
Previously the setup form would trigger the form POST to the controller on any validly-formatted code. If the code was incorrect, the controller's failure callback would redirect the user away with no opportunity to retry. Now the confirm handler pre-validates the code against the TOTP secret (parsed from the otpauth URL) using NimbleTOTP. Invalid codes show an inline error and the user can retry. Valid codes trigger the form action so the auth controller handles session setup as expected.
jimsynz
force-pushed
the
phoenix-strategy-tasks
branch
from
a998988 to
db40951
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add new igniter tasks that own Phoenix-specific integration for each authentication strategy, following the convention-routed composition pattern from
phx_install. AA's igniters now generate only resource-level code; AAP's new strategy tasks handle senders, controller mods, and routes.New tasks
ash_authentication_phoenix.add_strategy— orchestrator composing both AA and AAP strategy tasksash_authentication_phoenix.add_strategy.totp— controller clause insertion, TOTP route auto-insertion,eqrcodedepash_authentication_phoenix.add_strategy.password— Swoosh sender upgrade for password resetash_authentication_phoenix.add_strategy.magic_link— Swoosh sender upgrade for magic linkash_authentication_phoenix.add_add_on.confirmation— Swoosh sender upgrade for confirmationInstaller changes
--auth-strategyauth_strategy: :string→:csvoption typeplug :set_actor, :userto browser pipeline (required for TOTP verify flow)import AshAuthentication.Plug.Helpers(caused ambiguousset_actor/2)Bug fixes
TokenRevocationNotifier: handle struct data inlive_socket_id_templateSetupForm: conditional compilation wheneqrcodenot availableVerify2faForm: validate code format directly (:userstruct arg can't be validated from form params)store_in_sessionbefore verify redirectCompanion PR
team-alembic/ash_authentication#1145
Test plan
mix check --no-retrypasses (all 12 checks green including dialyzer)nietflixtest app:--auth-strategy magic_link,totp