Returns true if an account associated with the session is hard-locked. Uses cached property.

Authentication helper. Used by other controllers. Short-circuits on certain conditions and may emit a redirect (if a go-to was detected) or set the :response/status in the returned request map (but not in the response map!).

In case of successful authentication it will set :auth/ok to true and :response-status to :auth/ok.

In case of session prolongation and successful authentication it will set :auth/ok? to true and :response/status to :auth/prolonged-ok.

The last, auth-only-mode argument, when set to true (default is false when not given) causes session creation and prolongation to be skipped if the authentication is successful.

Logs user in when user e-mail and password are given, or checks if the session is valid to serve a current page.

Takes a request map and obtains database connection, client IP address and authentication configuration from it. Also login and password strings. Calls auth-user-with-password! to get a result or a redirect if authentication was not successful.

If there is no e-mail or password given (the value is nil, false or an empty string) then authentication is not performed but instead validity of a session is tested. If the session is invalid, the redirect to a login page is performed. The destination URL is obtained via a route name taken from the :auth/info key of a route data, or from :login route identifier (as default). If the session is valid then the given request map is returned as-is.

Check password using authentication configuration.

Gets go-to map from a session variable even if the session is not valid.

Gets go-to map from session variable if the session is valid (and not expired).

Obtains go-to URI from req if am/goto form parameter is present and session is soft-expired. Used to get the destination URI from a session variable when user is authenticated to be redirected into a page where session expiration has been encountered a moment ago.

Generic coercion error handler. Takes an exception object e and two functions: respond which will receive the response and should pre-process it (defaults to clojure.core/identity if falsy), raise which should handle the exception if its type is unusual and (possibly) re-throw it (defaults to throw).

Returns true if the session is hard-expired and we are not on the hard-expired login page. Uses the given, previously collected session data. Does not connect to a database.

Returns true if authentication is about prolonging session with HTMX request.

Requires session sess to be soft-expired and HX-Target request header taken from req (under :headers key) to indicate the same target as configured :auth/prolongate target value for :status/targets map of a route data (given as route-data).

Invalidates user sessions if id-type is an e-mail.

Changes form data keys into keywords by calling ring.middleware.keyword-params/keyword-params-request on a specially crafted map.

Returns the time of the remaining minutes of a soft account lock when the visited page ID is :login/account-soft-locked. Otherwise it returns nil. Uses cached user properties.

Returns true if user visited the prolongation page after submitting credentials to the authentication page is being authenticated to prolongate the soft-expired session.

Returns true if the given session sess is expired (but not hard expired), current user is not logged in, there is no login data present, and we are not authenticating any user. In other words: returns true when we are good with redirecting a user to a session prolongation page (a form of login page).

Returns true if user is being authenticated.

Sets user password for the given user ID. Returns :pwd/created if operation succeeded. May return error statuses: :pwd/bad-user, :pwd/db-error, :pwd/bad-password. User must have account type assigned for this operation to succeed.

Generates bad parameter exception which should trigger coercion error. The value of param-type must be a valid schema.

Default error processor for asynchronous e-mail or SMS sending.

Default confirmation request ID field updater for asynchronous identity confirmation.