To create our user login experience, we'll need to start by creating a session controller that will be responsible for a few separate operations:
- Users must be able to log in through some form.
- Users must get logged in, set something in the user's session, and redirect out somewhere.
- Users must be able to log out.
The best way for us to accomplish this is to create a separate sessions resource, where create represents the posted login that sets the user session and redirects. We'll also want a way to log in and log out (although we'll want to handle those separately). We'll start out with a few simple basics. To start, we need to modify our routes to include these new methods, and we'll also probably want to create simple URLs for login and logout, so we'll tackle both of these as well. In lib/vocial_web/router.ex, add the following to the root scope:
resources "/sessions", SessionController, only: [:create]
get "/login", SessionController, :new
get "/logout", SessionController, :delete
Then, create lib/vocial_web/controllers/session_controller.ex to start working on our session controller:
defmodule VocialWeb.SessionController do
use VocialWeb, :controller
def new(conn, _) do
render(conn, "new.html")
end
def delete(conn, _) do
conn
|> delete_session(:user)
|> put_flash(:info, "Logged out successfully!")
|> redirect(to: "/")
end
def create(conn, _), do: conn
end
We're going to make a few assumptions here. First off, the new template should just be called new.html.eex, so we'll use the appropriate render call here for the new function. We don't care about what's passed in as params, so we can skip that. Second, our delete should just clear out the session (whichever key we choose to use to store the user information, which I've arbitrarily chosen as user). This also means that our inverse operation, create, should set the :user key in the session to something useful (generally a subset of the user's attributes). Finally, our create function will just be a dummy function for now; we'll get around to fleshing that out further a little bit later.
We'll also need to create a really quick login form under templates and a nearly empty session view. First, let's create the view at lib/vocial_web/views/session_view.ex:
defmodule VocialWeb.SessionView do
use VocialWeb, :view
end
Then, let's create our login form at lib/vocial_web/templates/session/new.html.eex:
<div>
<%= form_tag session_path(@conn, :create) do %>
<label>
Username:<br />
<input type="text" name="username">
</label>
<br />
<label>
Password:<br />
<input type="password" name="password">
</label>
<br />
<%= submit "Login" %>
<% end %>
</div>
We don't have a changeset that we're working with this time, so we can't just use the form_for function; we'll need to use form_tag to create the form with the appropriate CSRF protection. Then we'll just create the HTML inputs ourselves, and we should have an overall okay-looking login form:
