Add authentication #30
Conversation
cjoudrey
force-pushed
the
add-authentication
branch
from
bb6d98f to
f188fc0
Compare
There was a problem hiding this comment.
probably dont want to differentiate invalid user vs password?
There was a problem hiding this comment.
I used to think the same until I read a UX article about this.
It's easy to know if a username is valid or not by attempting to register with that username, so by returning Invalid username or password we're not really making it any more secure, we're just making the UX worse.
app/models/graph/types/query.rb
Outdated
There was a problem hiding this comment.
why this check exactly? instead of just returning ctx[:user] ?
There was a problem hiding this comment.
Maybe I should change this code a bit.
When someone is not logged in, I store GuestUser.new in ctx[:user], but in this specific case I think we want to resolve to nil when the person is not logged in.
Maybe a better approach would be to define def logged_in? in GuestUser and User such that we can simply do ctx[:user] if ctx[:user].logged_in?.
We can use the same logic in our mutations.
There was a problem hiding this comment.
Do we need GuestUser if we just return nil in these cases ? I guess eventually you want to show certain fields under viewer even when youre a guest ?
I think i like the second approach better yep!
|
Going to do what's simplest for now, We'll see if we need |
cjoudrey
force-pushed
the
add-authentication
branch
from
d9b2979 to
e354ae2
Compare
cjoudrey
force-pushed
the
add-authentication
branch
from
e354ae2 to
ec7a337
Compare
fyi @xuorig this will impact your mutation.