Authentication library for Phoenix, and other Plug-based, web applications.
Phauxth is designed with Phoenix 1.3 in mind, but it can also be used with older versions of Phoenix and any other Plug-based application.
Phauxth uses the user context module (normally MyApp.Accounts) to communicate
with the underlying database. This module needs to have the get(id)
and
get_by(attrs)
functions defined (see the examples below).
def get(id), do: Repo.get(User, id)
def get_by(%{"email" => email}) do
Repo.get_by(User, email: email)
end
In addition, if you are using tokens, for an api or for user confirmation,
you need to add token_salt
and endpoint
to the Phauxth config. You can generate a
suitably secure random salt by running the Phauxth.Config.gen_token_salt
command.
Run the following commands (replace alibaba with the name of your project):
mix phx.new alibaba
cd alibaba
To create an api, change the mix phx.new
command to:
mix phx.new alibaba --no-html --no-brunch
N.B. if you are not using Erlang 20, you might have to build the installer yourself. You can find the instructions in the README in the installer/new directory.
Download and install the phauxth_new installer.
mix archive.install https://github.com/riverrun/phauxth/raw/master/installer/archives/phauxth_new.ez
For a basic setup, run the following command:
mix phauxth.new
If you want to add email / phone confirmation and password resetting, add the --confirm
option:
mix phauxth.new --confirm
If you want to create authentication files for an api, use the --api
option:
mix phauxth.new --api
And for api with user confirmation:
mix phauxth.new --api --confirm
-
Make sure you are using Elixir 1.4 or above.
-
Add phauxth and the password hashing algorithm you want to use (argon2_elixir, bcrypt_elixir or pbkdf2_elixir) to your
mix.exs
dependencies.
defp deps do
[
{:phauxth, "~> 1.1"},
{:argon2_elixir, "~> 1.2"},
]
end
If you are using bcrypt_elixir, go to 3. If you are using argon2_elixir or pbkdf2_elixir to hash passwords, you also need to edit the user.ex file, in the accounts directory, and the session_controller.ex file.
In the user.ex file, change the Comeonin.Bcrypt.add_hash function to Comeonin.Argon2.add_hash or Comeonin.Pbkdf2.add_hash.
In the session_controller.ex file, add the crypto option to the Login.verify call, as in the following example:
Phauxth.Login.verify(params, MyApp.Accounts, crypto: Comeonin.Argon2)
-
Run
mix deps.get
. -
Add the
get(id)
andget_by(attrs)
functions to your user Accounts module. -
If you are using tokens, or user confirmation, add the
token_salt
andendpoint
values to the config.
See the wiki for more information about Phauxth.
BSD