lmendelowski

lmendelowski

Ash Framework: A brief detour into LiveView process shenanigans (page 236)

Hello!
I’m neither an Elixir nor Phoenix or Ash expert, but I believe I found misinformation in the A brief detour into LiveView process shenanigans section in the book. The paragraph describes the authentication process for the LiveView process with Ash.Authentication as follows:

The page liveviews, such as TunezWeb.Artists.ShowLive, get the current user via an on_mount callback set up in your app’s router with ash_authentication_live_session. This callback will read the authentication token stored in the session, load the correct user record, and store it in socket.assigns.

I believe this information is not correct. According to ash_authentication_live_session docs:

Generate a live session wherein all subject assigns are copied from the conn into the socket.

Basically, this function copies all assigns from the conn object. The process of getting user_id from the session and loading it into conn.current_user happens in TunezWeb.Router via plug :load_from_session for the browser pipeline. This function comes from AshAuthentication.Plug.Helpers and is described in the documentation as:

Attempt to retrieve all actors from the connections’ session.

A wrapper around AshAuthentication.Plug.Helpers.retrieve_from_session/2 with the otp_app as extracted from the endpoint.

And if we look at mentioned AshAuthentication.Plug.Helpers.retrieve_from_session/2 function:

Attempt to retrieve all users from the connections’ session.

Iterates through all configured authentication resources for otp_app and retrieves any users stored in the session, loads them and stores them in the assigns under their subject name (with the prefix current_).

If there is no user present for a resource then the assign is set to nil.

PS. Thank you for the book. It’s an excellent resource on Ash Framework!

Most Liked

jamesharton

jamesharton

Hi :waving_hand:

As both a technical reviewer for the book and the author of Ash Authentication this section didn’t jump out at me as wrong - mainly, I suspect, because the memory of all the hoops LiveView forces us to jump through have been suppressed as a self-protection measure.

That said, let’s look at the code:

    # From lib/ash_authentication_phoenix/live_session.ex
    otp_app
    |> AshAuthentication.authenticated_resources()
    |> Stream.map(&{to_string(Info.authentication_subject_name!(&1)), &1})
    |> Enum.reduce(acc, fn {subject_name, resource}, session ->
      case Map.fetch(
             conn.assigns,
             String.to_existing_atom("current_#{subject_name}")
           ) do
        {:ok, user} when is_struct(user, resource) ->
          session
          |> Map.put(subject_name, AshAuthentication.user_to_subject(user))
          |> Map.put("tenant", Ash.PlugHelpers.get_tenant(conn))
          |> Map.put("context", Ash.PlugHelpers.get_context(conn))

        _ ->
          session
          |> Map.put("tenant", Ash.PlugHelpers.get_tenant(conn))
          |> Map.put("context", Ash.PlugHelpers.get_context(conn))
      end
    end)

So you’re right that if there is a current_X assign in the conn then it should be copied into the live session. It also copies what we call the subject (eg user?id=1234) into the session along with the tenant and any extra context.

I think where the confusion comes from is when working with nested live views the session is passed in, but not any of the assigns. This required us to add AshAuthentication.Phoenix.assign_new_resources/2 which can have the side-effect of loading the assigned users from the database if require_token_presence_for_authentication? is set to true.

I guess my answer is “:person_shrugging: you’re both right”

Where Next?

Popular Pragmatic Bookshelf topics Top

jdufour
Hello! On page xix of the preface, it says there is a community forum "… for help if your’re stuck on one of the exercises in this book… ...
New
JohnS
I can’t setup the Rails source code. This happens in a working directory containing multiple (postgres) Rails apps. With: ruby-3.0.0 s...
New
raul
Page 28: It implements io.ReaderAt on the store type. Sorry if it’s a dumb question but was the io.ReaderAt supposed to be io.ReadAt? ...
New
AleksandrKudashkin
On the page xv there is an instruction to run bin/setup from the main folder. I downloaded the source code today (12/03/21) and can’t see...
New
alanq
This isn’t directly about the book contents so maybe not the right forum…but in some of the code apps (e.g. turbo/06) it sends a TURBO_ST...
New
adamwoolhether
I’m not quite sure what’s going on here, but I’m unable to have to containers successfully complete the Readiness/Liveness checks. I’m im...
New
brunogirin
When trying to run tox in parallel as explained on page 151, I got the following error: tox: error: argument -p/–parallel: expected one...
New
dachristenson
@mfazio23 Android Studio will not accept anything I do when trying to use the Transformations class, as described on pp. 140-141. Googl...
New
roadbike
From page 13: On Python 3.7, you can install the libraries with pip by running these commands inside a Python venv using Visual Studio ...
New
dachristenson
I’ve got to the end of Ch. 11, and the app runs, with all tabs displaying what they should – at first. After switching around between St...
New

Other popular topics Top

ohm
Which, if any, games do you play? On what platform? I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
siddhant3030
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
New
PragmaticBookshelf
Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...
New
AstonJ
In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first: asdf plugin-upd...
New
PragmaticBookshelf
“A Mystical Experience” Hero’s Journey with Paolo Perrotta @nusco Ever wonder how authoring books compares to writing articles?...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
New
New
sir.laksmana_wenk
I’m able to do the “artistic” part of game-development; character designing/modeling, music, environment modeling, etc. However, I don’t...
New
AnfaengerAlex
Hello, I’m a beginner in Android development and I’m facing an issue with my project setup. In my build.gradle.kts file, I have the foll...
New

Sub Categories: