#953 Frontpage 500 + #963 gracefully logout participant

core/frameworks/green_light/_live_hook.ex

@@ -27,7 +27,7 @@ defmodule Frameworks.GreenLight.LiveHook do
           live_view_module
         )
 
-      Logger.notice("User #{user.id} can_access? #{live_view_module}: #{can_access?}")
+      user && Logger.notice("User #{user.id} can_access? #{live_view_module}: #{can_access?}")
       can_access?
     else
       auth_module().can_access?(user, live_view_module)

core/lib/core/authorization.ex

@@ -220,6 +220,8 @@ defmodule Core.Authorization do
     can?(principal, permission)
   end
 
+  def can_access?(nil, _entity, _module), do: false
+
   def can_access?(_principal, nil, _module), do: false
 
   def can_access?(principal, entity, module) when is_atom(module) do

core/lib/core_web/routes.ex

@@ -12,6 +12,8 @@ defmodule CoreWeb.Routes do
         plug(:accepts, ["html"])
         plug(:fetch_session)
 
+        plug(Systems.Account.Plug)
+
         plug(Cldr.Plug.PutLocale,
           apps: [
             cldr: CoreWeb.Cldr,

core/systems/account/_plug.ex

@@ -0,0 +1,41 @@
+defmodule Systems.Account.Plug do
+  @behaviour Plug
+
+  import Plug.Conn
+  alias Systems.Account
+
+  @valid_participant_path ~r"^\/assignment\/\d.*$"
+
+  @impl true
+  def init(opts), do: opts
+
+  @impl true
+  def call(conn, _opts) do
+    case current_user(conn) do
+      {:ok, %{} = user} ->
+        external? = Account.Public.external?(user)
+        signof_if_needed(conn, external?)
+
+      _ ->
+        conn
+    end
+  end
+
+  defp current_user(conn) do
+    if user_token = get_session(conn, :user_token) do
+      {:ok, Account.Public.get_user_by_session_token(user_token)}
+    else
+      {:error, :no_user_token}
+    end
+  end
+
+  defp signof_if_needed(%{request_path: request_path} = conn, true) do
+    if Regex.match?(@valid_participant_path, request_path) do
+      conn
+    else
+      Account.UserAuth.forget_user(conn)
+    end
+  end
+
+  defp signof_if_needed(conn, _), do: conn
+end

core/systems/account/user_auth.ex

@@ -83,19 +83,25 @@ defmodule Systems.Account.UserAuth do
   It clears all session data for safety. See renew_session.
   """
   def log_out_user(conn) do
-    user_token = get_session(conn, :user_token)
-    user_token && Account.Public.delete_session_token(user_token)
-
     if live_socket_id = get_session(conn, :live_socket_id) do
       CoreWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
     end
 
     conn
+    |> forget_user()
     |> renew_session()
-    |> delete_resp_cookie(@remember_me_cookie)
     |> redirect(to: ~p"/user/signin")
   end
 
+  @doc """
+    Removes user token and cookie
+  """
+  def forget_user(conn) do
+    user_token = get_session(conn, :user_token)
+    user_token && Account.Public.delete_session_token(user_token)
+    delete_resp_cookie(conn, @remember_me_cookie)
+  end
+
   @doc """
   Authenticates the user by looking into the session
   and remember me token.

core/systems/home/page_builder.ex

@@ -16,6 +16,20 @@ defmodule Systems.Home.PageBuilder do
   alias Systems.Pool
   alias Systems.Crew
 
+  def view_model(_, %{current_user: nil}) do
+    %{
+      hero: %{
+        type: :illustration2,
+        params: %{
+          title: dgettext("eyra-home", "member.title")
+        }
+      },
+      active_menu_item: :home,
+      next_best_action: nil,
+      blocks: []
+    }
+  end
+
   def view_model(_, %{current_user: user} = assigns) do
     panl? = panl_participant?(user)
     put_locale(user, panl?)