New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a User Registration Login and Logout : Feature/register and login #13
Conversation
…ng error and sucess messages both
…ion plugin for authentication
…cess login page when he is already logged in
…direct him to login page
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Good job! 👍
Left some suggestion:
- We are not using refresh token, By default as per
wp-graphql-jwt-authentication
repo it will expire in 7 days so we can utilise refresh token to automatically relogin user. - Since we are storing token in Local storage, This assumes all of our script in page is secure. (If not script can access the token), Only other way to prevent that is http only secure cookie.
} | ||
} | ||
} | ||
`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is mutation from client we need to make sure it's not used to spam bots for account creation.
Do we have any other mechanism to prevent that?
Some ideas:
- Google captcha.
- One time nonce can be combined with captcha as well.
- Email verification on account creation with possibly point 1 and 2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @PatelUtkarsh ,
Sure, We can add these in the future versions.
Adds a register functionality
Allows user to register on register page.
When the user enters his/her username , email and password in the login form , we use a mutation query RegisterMyUser and send the request to the graphql server with his data. On success GraphQL returns the new user details .
On success we redirect the user to Login page to allow him/her to login.
If the user lands to register page route directly after he/she is already logged in ( validated ),we check if the localStorage already has the auth token , if yes we redirect him/her My Account page.
If user tries to access my-account page when not logged in it will redirect him to login page
Creates a login functionality using JWT token with
wp-graphql-jwt-authentication
plugin extends the wp-graphql plugin to provide authentication using JWT.
Adds Login, register and My Account Page
Adds nav menus.
When the user enters his username and password in the login form , we use a mutation query LoginUser and send the request to the graphql server with his credentials. On success GraphQL returns a token and user details like username, which we then save into localStorage.
We then redirect the user to My Account page
If the user lands to login route directly after he is already logged in ( validated ),we check if the localStorage already has the auth token , if yes we redirect him My Account page.
When the user clicks on Logout, we remove the auth token from localStorage and redirect user to Login page, so he is logged out.