GumptionWare

GumptionWare

Programming Phoenix LiveView B10.0: Confused about Protecting Sensitive Routes (pages 52 - 60)

On page 52, the topic of “Protecting Sensitive Routes” is introduced with this snippet from router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do 
     live "/users/settings", UserSettingsLive, :edit
     live "/users/settings/confirm_email/:token",
       UserSettingsLive, :confirm_email 
     live "/guess", WrongLive
   end
end

Then on page 60, the following snippet is shown for router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    # Specify the shared on_mount callback here
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
      live "/users/settings", UserSettingsLive, :edit
      live "/users/settings/confirm_email/:token",
        UserSettingsLive, :confirm_email 
      live "/guess", WrongLive
  end 
end

The only difference I can see is the addition of the # Specify the shared on_mount callback here comment.

So what I am confused by is what has changed that enables us to remove the user = Accounts.get_user_by_session_token(session["user_token"]), session_id: session["live_socket_id"], and current_user: user lines from wrong_live.ex per this guidance on page 60: “With this in place, we can remove the auth code from the WrongLive’s own mount function.”

I have re-read this section several times, but I am still not understanding what that comment (# Specify the shared on_mount callback here) means, since those two router.ex code snippets are otherwise identical.

Marked As Solved

SophieDeBenedetto

SophieDeBenedetto

Author of Programming Phoenix LiveView

Thanks for all the feedback! The upcoming beta release of the book should include the following:

  • An initial version of the mount function in GuessLive that looks up the current user and adds them to socket assigns
  • A clarification that the ‘guess’ live route will already be added to the live session that uses the generated ensure_authenticated on_mount function from the start

Where Next?

Popular Pragmatic Bookshelf topics Top

joepstender
The generated iex result below should list products instead of product for the metadata. (page 67) iex> product = %Product{} %Pento....
New
rmurray10127
Title: Intuitive Python: docker run… denied error (page 2) Attempted to run the docker command in both CLI and Powershell PS C:\Users\r...
New
leba0495
Hello! Thanks for the great book. I was attempting the Trie (chap 17) exercises and for number 4 the solution provided for the autocorre...
New
jgchristopher
“The ProductLive.Index template calls a helper function, live_component/3, that in turn calls on the modal component. ” Excerpt From: Br...
New
brunogirin
When I run the coverage example to report on missing lines, I get: pytest --cov=cards --report=term-missing ch7 ERROR: usage: pytest [op...
New
hazardco
On page 78 the following code appears: <%= link_to ‘Destroy’, product, class: ‘hover:underline’, method: :delete, data: { confirm...
New
taguniversalmachine
It seems the second code snippet is missing the code to set the current_user: current_user: Accounts.get_user_by_session_token(session["...
New
taguniversalmachine
Hi, I am getting an error I cannot figure out on my test. I have what I think is the exact code from the book, other than I changed “us...
New
creminology
Skimming ahead, much of the following is explained in Chapter 3, but new readers (like me!) will hit a roadblock in Chapter 2 with their ...
New
davetron5000
Hello faithful readers! If you have tried to follow along in the book, you are asked to start up the dev environment via dx/build and ar...
New

Other popular topics Top

ohm
Which, if any, games do you play? On what platform? I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
PragmaticBookshelf
Rust is an exciting new programming language combining the power of C with memory safety, fearless concurrency, and productivity boosters...
New
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
AstonJ
Biggest jackpot ever apparently! :upside_down_face: I don’t (usually) gamble/play the lottery, but working on a program to predict the...
New
Maartz
Hi folks, I don’t know if I saw this here but, here’s a new programming language, called Roc Reminds me a bit of Elm and thus Haskell. ...
New
AstonJ
We’ve talked about his book briefly here but it is quickly becoming obsolete - so he’s decided to create a series of 7 podcasts, the firs...
New
PragmaticBookshelf
Author Spotlight Mike Riley @mriley This month, we turn the spotlight on Mike Riley, author of Portable Python Projects. Mike’s book ...
New
First poster: bot
Large Language Models like ChatGPT say The Darnedest Things. The Errors They MakeWhy We Need to Document Them, and What We Have Decided ...
New
PragmaticBookshelf
Develop, deploy, and debug BEAM applications using BEAMOps: a new paradigm that focuses on scalability, fault tolerance, and owning each ...
New

Sub Categories: