Installed guardian

create authentication/password verification method

lib/phoenix_api_template/accounts.ex

@@ -37,6 +37,25 @@ defmodule PhoenixApiTemplate.Accounts do
   """
   def get_user!(id), do: Repo.get!(User, id)
 
+  @doc """
+  Gets a single user by email
+
+  Returns `nil` if the account does not exist
+
+  ## Examples
+
+    iex> get_user_by_email(test@email.com)
+    %User{}
+
+    iex> get_user_by_email(nope@email.com)
+    nil
+  """
+  def get_user_by_email(email) do
+    User
+    |> where(email: ^email)
+    |> Repo.one()
+  end
+
   @doc """
   Creates a user.
 

lib/phoenix_api_template/accounts/user.ex

@@ -17,8 +17,17 @@ defmodule PhoenixApiTemplate.Accounts.User do
     user
     |> cast(attrs, [:email, :hashed_password])
     |> validate_required([:email, :hashed_password])
-    |> unique_constraint(:email)
     |> validate_format(:email, ~r/^[^\s]+@[^\s]+$/, message: "must have the @ sign and no spaces")
     |> validate_length(:email, max: 250)
+    |> unique_constraint(:email)
+    |> put_password_hash()
   end
+
+  defp put_password_hash(
+         %Ecto.Changeset{valid?: true, changes: %{hashed_password: hashed_password}} = changeset
+       ) do
+    change(changeset, hashed_password: Bcrypt.hash_pwd_salt(hashed_password))
+  end
+
+  defp put_password_hash(changeset), do: changeset
 end

lib/phoenix_api_template_web/auth/guardian.ex

@@ -0,0 +1,46 @@
+defmodule PhoenixApiTemplateWeb.Auth.Guardian do
+  use Guardian, otp_app: :phoenix_api_template
+  alias PhoenixApiTemplate.Accounts
+
+  def subject_for_token(%{id: id}, _claims) do
+    sub = to_string(id)
+    {:ok, sub}
+  end
+
+  def subject_for_token(_, _) do
+    {:error, :no_id_provided}
+  end
+
+  def resource_from_claims(%{"sub" => id}) do
+    case Accounts.get_user!(id) do
+      nil -> {:error, :not_found}
+      resource -> {:ok, resource}
+    end
+  end
+
+  def resource_from_claims(_claims) do
+    {:error, :no_id_provided}
+  end
+
+  def authenticate(email, password) do
+    case Accounts.get_user_by_email(email) do
+      nil ->
+        {:error, :unauthorized}
+
+      user ->
+        case validate_password(password, user.hashed_password) do
+          true -> create_token(user)
+          false -> {:error, :unauthorized}
+        end
+    end
+  end
+
+  defp validate_password(password, hashed_password) do
+    Bcrypt.verify_pass(password, hashed_password)
+  end
+
+  defp create_token(user) do
+    {:ok, token, _claims} = encode_and_sign(user)
+    {:ok, user, token}
+  end
+end