Powered by AppSignal & Oban Pro
Would you like to see your link here? Contact us

Blog: Authentication

blog_authentication.livemd

Blog: Authentication

Mix.install([
  {:jason, "~> 1.4"},
  {:kino, "~> 0.9", override: true},
  {:youtube, github: "brooklinjazz/youtube"},
  {:hidden_cell, github: "brooklinjazz/hidden_cell"}
])

Navigation

Home Report An Issue Phoenix AuthenticationMany-To-Many Relationships

Blog: Authentication

You’re going to add authentication and authorization to your existing Blog project, and modify posts and comments so that they belong to a single user.

Use the mix phx.gen.auth command to generate the initial authentication system.

mix phx.gen.auth Accounts User users

Requirements

erDiagram

Post {
  string title
  text content
  date published_on
  boolean visibility
  id user_id
}

Comment {
  text content
  id post_id
  id user_id
}

User {
  string username
  string email
  string password
  string hashed_password
  naive_datetime confirmed_at
}

User ||--O{ Post : "owns"
User ||--O{ Comment : "owns"
Post ||--O{ Comment : "has many"

Requirements

  • Migration & Schema
    • Add a username field to the user that is between 4-20 characters.
    • Associate a user with posts and comments. Enforce that a post or comment must belong to a user. A post or comment cannot exist without an associated user.
  • Functionality
    • Associate comments with the currently signed in user upon creation.
    • Associate posts with the currently signed in user upon creation.
    • Display user’s username on each post.
    • Display user’s username on each comment.
  • Authorization
    • Ensure Users can only edit and delete their own posts
    • Ensure Users can only edit and delete their own comments
    • Ensure only signed in users can create posts
    • Ensure only signed in users can create comments
  • Tests
    • Write Context and Controller tests to ensure posts are created with a user.
    • Write Context and Controller tests to ensure comments are created with a user.
    • All tests should pass. You may need to modify old tests to ensure they continue to pass.

All users should be able to view all blogs, however only authorized users should be able to create, edit, and update their own blogs.

Authorization Requirements

Ensure you:

  • Associate blogs with a user. Blogs should belong to a user.
  • Allow all clients to access the :index and :show actions for blogs.
  • Allow only authenticated users to access the :new, and :create actions.
  • Allow only authorized users to access the :edit, :update, and :delete actions only for their own blogs.

Bonus: Authorized Comments

Add the same authorization for comments.

Ensure you:

  • Associate comments with a user. Comments should belong to a user and a blog.
  • Allow all clients to read all comments.
  • Allow only authenticated users to create comments.
  • Allow only authorized users to edit and delete their own comments.

Commit Your Progress

DockYard Academy now recommends you use the latest Release rather than forking or cloning our repository.

Run git status to ensure there are no undesirable changes. Then run the following in your command line from the curriculum folder to commit your progress.

$ git add .
$ git commit -m "finish Blog: Authentication exercise"
$ git push

We’re proud to offer our open-source curriculum free of charge for anyone to learn from at their own pace.

We also offer a paid course where you can learn from an instructor alongside a cohort of your peers. We will accept applications for the June-August 2023 cohort soon.

Navigation

Home Report An Issue Phoenix AuthenticationMany-To-Many Relationships