From baade967ae004fa126219be5481501cd69a21b83 Mon Sep 17 00:00:00 2001
From: dan-klasson <dan-klasson@users.noreply.github.com>
Date: Mon, 2 Sep 2024 04:58:52 +0800
Subject: [PATCH] docs: Update docs to account for unconfirmed users (#775)

Ensure oauth users cannot login with unconfirmed account https://github.com/team-alembic/ash_authentication/issues/443
---
 documentation/tutorials/github.md | 11 +++++++++++
 documentation/tutorials/google.md | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/documentation/tutorials/github.md b/documentation/tutorials/github.md
index 286ef71..ef62fba 100644
--- a/documentation/tutorials/github.md
+++ b/documentation/tutorials/github.md
@@ -106,6 +106,7 @@ The register action takes two arguments, `user_info` and the `oauth_tokens`.
 
 ```elixir
 defmodule MyApp.Accounts.User do
+  require Ash.Resource.Change.Builtins
   use Ash.Resource,
     extensions: [AshAuthentication],
     domain: MyApp.Accounts
@@ -130,6 +131,16 @@ defmodule MyApp.Accounts.User do
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Required if you're using the password & confirmation strategies
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end
 
diff --git a/documentation/tutorials/google.md b/documentation/tutorials/google.md
index 349b78b..47296ce 100644
--- a/documentation/tutorials/google.md
+++ b/documentation/tutorials/google.md
@@ -38,6 +38,7 @@ Then we need to define an action that will handle the oauth2 flow, for the googl
 
 ```elixir
 defmodule MyApp.Accounts.User do
+  require Ash.Resource.Change.Builtins
   use Ash.Resource,
     extensions: [AshAuthentication],
     domain: MyApp.Accounts
@@ -60,6 +61,16 @@ defmodule MyApp.Accounts.User do
 
         Ash.Changeset.change_attributes(changeset, Map.take(user_info, ["email"]))
       end
+
+      # Required if you're using the password & confirmation strategies
+      upsert_fields []
+      change set_attribute(:confirmed_at, &DateTime.utc_now/0)
+      change after_action(fn _changeset, user, _context ->
+        case user.confirmed_at do
+          nil -> {:error, "Unconfirmed user exists already"}
+          _ -> {:ok, user}
+        end
+      end)
     end
   end