Add basic authenticating APIs with register and login #4
Conversation
| [ | ||
| 'name' => 'required', | ||
| 'email' => 'required|email', | ||
| 'password' => 'required', |
There was a problem hiding this comment.
No pattern ? min/max length, lower/upper ? number etc. ?
There was a problem hiding this comment.
Laravel match automatically with Model and no need pattern for email as the validator takes charge of it.
There was a problem hiding this comment.
Dumb question why email has 'required|email ?
There was a problem hiding this comment.
To validate against an email pattern actually 😛
| ); | ||
|
|
||
| if ($validator->fails()) { | ||
| return response()->json(['error' => $validator->errors()], 401); |
There was a problem hiding this comment.
errors ?
return response()->json(['errors' => $validator->errors()], 401);There was a problem hiding this comment.
What response structure would you like ?
There was a problem hiding this comment.
{
'errors' : '404 error',
'payload': { 'id': 'zrt' }
}payload and errors can be an object, array, array of objects, a string w/e
| $modifiedInput['password'] = bcrypt($input['password']); | ||
| $user = User::create($modifiedInput); | ||
|
|
||
| $request = Request::create('/api/login', 'POST', $input); |
There was a problem hiding this comment.
'/api/login' shoud be a constant
| $response = App::handle($request); | ||
|
|
||
| if ($response->getStatusCode() >= 400) { | ||
|
|
| if ($response->getStatusCode() >= 400) { | ||
|
|
||
| throw new HttpResponseException($response); | ||
|
|
app/Services/Api/LoginProxy.php
Outdated
| if ($response->getStatusCode() >= 400) { | ||
|
|
||
| throw new HttpResponseException($response); | ||
|
|
routes/api.php
Outdated
|
|
||
| Route::group(['middleware' => 'auth:api'], function(){ | ||
| Route::post('/logout', 'Api\Auth\LoginController@logout'); | ||
| ROute::get('/user', 'Api\UserController@index'); | ||
| }); |
There was a problem hiding this comment.
Use constant for route URI ?
There was a problem hiding this comment.
Apparently this is not the way things are done in Laravel world but that would make sense to me.
| @@ -37,6 +37,8 @@ docker-compose exec fpm bash | |||
| composer install # this is inside container | |||
| cp .env.example .env | |||
| php artisan key:generate # copy and paste this key in the APP_KEY section of the .env file | |||
| php artisan migrate | |||
| php artisan passport:install # copy credentials into .env at PERSONAL_CLIENT_SECRET and PASSWORD_CLIENT_SECRET | |||
| ``` | |||
There was a problem hiding this comment.
Note for the futur automate this in the container ?
There was a problem hiding this comment.
Yeah ideally I would like to make an installer in the future (graphic one) that would make all of this to avoid any errors from PEBKAC
| -H 'postman-token: 091fabe4-1f4f-149d-afb8-ee03b97e23f6' \ | ||
| -d '{ | ||
| "email": "mail@domain.co", | ||
| "password": "1234", |
| # API | ||
|
|
||
| API authentication is based on OAuth2 protocol. You'll have to send username/email and password against a token that will used later. | ||
| Token has 10 minutes of lifetime and refreshToken 30 days of lifetime. |
There was a problem hiding this comment.
Why not hours/days of lifetime. Is it a good practice to refresh the access_token regularly ?
There was a problem hiding this comment.
Apparently this a good practice to refresh the token every 10 minutes.
There was a problem hiding this comment.
Alright i didn't know that thx
|
You should add unit/integration test, time to learn Behat (maybe) 😛 |
|
For behavioral testing, I don't feel like to do it right so early stage. |
This adds basic routing to authenticating + a dummy endpoint to verify that everything is working as expected.
Todo : send confirmation mail before really creating a user.