Authenticates the user by looking into the session and remember me token.

Logs the user in by creating a new session token.

Logs the user out.

It clears all session data for safety. See renew_session.

Assigns the token to a new session.

It renews the session ID and clears the whole session to avoid fixation attacks. See the renew_session function to customize this behaviour.

It also sets a :live_socket_id key in the session, so LiveView sessions are identified and automatically disconnected on log out. The line can be safely removed if you are not using LiveView.

Used for LiveView routes that require the user to be reauthenticated.

Reauthenticate the user by using the sudo token

Used for routes that require the user to not be authenticated.

Returns to or redirects to the dashboard and potentially set remember_me token.

Used for API routes that require the resource to be authenticated. A resource can be a User or a ProjectRepoConnection

Used for routes that require the user to be authenticated.

If you want to enforce the user email is confirmed before they use the application at all, here would be a good place.

Used for routes that require the user to be reauthenticated.

Require that the user has the superuser role