GumptionWare

Programming Phoenix LiveView B10.0: Confused about Protecting Sensitive Routes (pages 52 - 60)

On page 52, the topic of “Protecting Sensitive Routes” is introduced with this snippet from router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do 
     live "/users/settings", UserSettingsLive, :edit
     live "/users/settings/confirm_email/:token",
       UserSettingsLive, :confirm_email 
     live "/guess", WrongLive
   end
end

Then on page 60, the following snippet is shown for router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    # Specify the shared on_mount callback here
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
      live "/users/settings", UserSettingsLive, :edit
      live "/users/settings/confirm_email/:token",
        UserSettingsLive, :confirm_email 
      live "/guess", WrongLive
  end 
end

The only difference I can see is the addition of the # Specify the shared on_mount callback here comment.

So what I am confused by is what has changed that enables us to remove the user = Accounts.get_user_by_session_token(session["user_token"]), session_id: session["live_socket_id"], and current_user: user lines from wrong_live.ex per this guidance on page 60: “With this in place, we can remove the auth code from the WrongLive’s own mount function.”

I have re-read this section several times, but I am still not understanding what that comment (# Specify the shared on_mount callback here) means, since those two router.ex code snippets are otherwise identical.

3 comments

#question /book-programming-phoenix-liveview

0 341 3

2024-12-10 16:12:35 UTC

Marked As Solved

SophieDeBenedetto

Author of Programming Phoenix LiveView

Thanks for all the feedback! The upcoming beta release of the book should include the following:

An initial version of the mount function in GuessLive that looks up the current user and adds them to socket assigns
A clarification that the ‘guess’ live route will already be added to the live session that uses the generated ensure_authenticated on_mount function from the start

Post #4

Where Next?

View thread on forum

View Programming Phoenix Liveview's book portal

Post errata for this book

Post a suggestion for this book

Post a question about this book

Post a review about this book

question

Home PragProg Customers

#question /book-programming-phoenix-liveview

0 341 3

Last post

Popular Pragmatic Bookshelf topics

PragProg Customers

The Pragmatic Programmer, 20th Anniversary Edition errata

Some minor things in the paper edition that says “3 2020” on the title page verso, not mentioned in the book’s errata online: p. 186 But...

#errata /book-the-pragmatic-programmer-20th-anniversary-edition

10 2636 9

2024-09-02 13:34:40 UTC

New

PragProg Customers

Python Testing with pytest - Chapter 5 example c AttributeError: 'module' object has no attribute 'config'

Running the examples in chapter 5 c under pytest 5.4.1 causes an AttributeError: ‘module’ object has no attribute ‘config’. In particula...

#errata /book-python-testing-with-pytest

5 3582 1

2020-07-14 20:43:55 UTC

New

PragProg Customers

Programming Machine Learning: Incorrect formula

Hi everyone! There is an error on the page 71 in the book “Programming machine learning from coding to depp learning” P. Perrotta. You c...

#errata /book-programming-machine-learning

5 1341 4

2022-04-06 12:03:54 UTC

New

PragProg Customers

Hands-on Rust: Build depending on bracket-lib fails

Hi, build fails on: bracket-lib = “~0.8.1” when running on Mac Mini M1 Rust version 1.5.0: Compiling winit v0.22.2 error[E0308]: mi...

#question /book-hands-on-rust

1 1218 1

2021-02-14 14:34:19 UTC

New

PragProg Customers

Programming Kotlin: Difference between SupervisorJob() and supervisorScope (324, 325)

Hi @venkats, It has been mentioned in the description of ‘Supervisory Job’ title that 2 things as mentioned below result in the same eff...

#question /book-programming-kotlin

0 2242 2

2021-03-16 11:28:51 UTC

New

PragProg Customers

Programming Phoenix LiveView: errata and remarks Version B2.0

The generated iex result below should list products instead of product for the metadata. (page 67) iex> product = %Product{} %Pento....

#errata /book-programming-phoenix-liveview

0 1800 20

2021-03-23 10:33:03 UTC

New

PragProg Customers

A Common-Sense Guide to Data Structures and Algorithms, Second Edition: (pg460)

Hello! Thanks for the great book. I was attempting the Trie (chap 17) exercises and for number 4 the solution provided for the autocorre...

#errata /book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition

0 1157 3

2023-03-10 05:02:03 UTC

New

PragProg Customers

Distributed Services With Go: Unable to pass readiness/liveness checks. (page 210, 215)

I’m not quite sure what’s going on here, but I’m unable to have to containers successfully complete the Readiness/Liveness checks. I’m im...

/book-distributed-services-with-go

5 1420 5

2022-08-31 00:14:29 UTC

New

PragProg Customers

The Ray Tracer Challenge: cannot pass scaling test (page 69-70)

The test is as follows: Scenario: Intersecting a scaled sphere with a ray Given r ← ray(point(0, 0, -5), vector(0, 0, 1)) And s ← sphere...

#question /book-the-ray-tracer-challenge

1 1093 4

2022-07-27 09:47:44 UTC

New

PragProg Customers

iOS Unit Testing by Example: 54 Don't seem to be getting the print out on tests (Xcode 13.2)

Hey there, I’m enjoying this book and have learned a few things alredayd. However, in Chapter 4 I believe we are meant to see the “>...

#question /book-ios-unit-testing-by-example

0 1963 3

2022-01-24 15:18:41 UTC

New

Other popular topics

Backend>Learning Resources

Web Development with Clojure, Third Edition

Stop developing web apps with yesterday’s tools. Today, developers are increasingly adopting Clojure as a web-development platform. See f...

pragprog.com

#pragprog #web-development /clojure #published-book /book-web-development-with-clojure-third-edition

5 4584 1

2022-01-06 05:27:09 UTC

New

Game Dev>Learning Resources

The Ray Tracer Challenge

Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...

pragprog.com

#pragprog #published-book /book-the-ray-tracer-challenge #algorithms

3 6115 0

2020-09-22 14:26:56 UTC

New

Backend>Questions

Can someone explain the -t option/flag in docker run command?

I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...

#docker

7 10261 2

2020-09-01 07:19:16 UTC

New

General Dev>Hardware

Keyboard thock (sound)

I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...

/keyboards #mechanical-keyboards

14 11197 8

2020-11-11 11:59:23 UTC

New

Backend>Questions

Erlang's not installing on macOS Big Sur "You are natively building Erlang/OTP for a later version of MacOSX than current version"

Just done a fresh install of macOS Big Sur and on installing Erlang I am getting: asdf install erlang 23.1.2 Configure failed. checking ...

#macos /erlang #big-sur #asdf

10 6212 8

2021-01-16 12:33:23 UTC

New

Linux>Questions

What is the most minimalist Linux server distro?

I am asking for any distro that only has the bare-bones to be able to get a shell in the server and then just install the packages as we ...

#linux #servers

66 25846 24

2022-04-13 13:30:03 UTC

New

Backend>Learning Resources