Add a User Registration Login and Logout : Feature/register and login #13
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ng error and sucess messages both
…ion plugin for authentication
…cess login page when he is already logged in
…direct him to login page
This was referenced Oct 16, 2019
PatelUtkarsh
approved these changes
Oct 27, 2019
There was a problem hiding this comment.
LGTM, Good job! 👍
Left some suggestion:
- We are not using refresh token, By default as per
wp-graphql-jwt-authenticationrepo it will expire in 7 days so we can utilise refresh token to automatically relogin user. - Since we are storing token in Local storage, This assumes all of our script in page is secure. (If not script can access the token), Only other way to prevent that is http only secure cookie.
| } | ||
| } | ||
| } | ||
| `; |
There was a problem hiding this comment.
Since this is mutation from client we need to make sure it's not used to spam bots for account creation.
Do we have any other mechanism to prevent that?
Some ideas:
- Google captcha.
- One time nonce can be combined with captcha as well.
- Email verification on account creation with possibly point 1 and 2.
There was a problem hiding this comment.
Thank you @PatelUtkarsh ,
Sure, We can add these in the future versions.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a register functionality
Allows user to register on register page.
When the user enters his/her username , email and password in the login form , we use a mutation query RegisterMyUser and send the request to the graphql server with his data. On success GraphQL returns the new user details .
On success we redirect the user to Login page to allow him/her to login.
If the user lands to register page route directly after he/she is already logged in ( validated ),we check if the localStorage already has the auth token , if yes we redirect him/her My Account page.
If user tries to access my-account page when not logged in it will redirect him to login page
Creates a login functionality using JWT token with
wp-graphql-jwt-authenticationplugin extends the wp-graphql plugin to provide authentication using JWT.
Adds Login, register and My Account Page
Adds nav menus.
When the user enters his username and password in the login form , we use a mutation query LoginUser and send the request to the graphql server with his credentials. On success GraphQL returns a token and user details like username, which we then save into localStorage.
We then redirect the user to My Account page
If the user lands to login route directly after he is already logged in ( validated ),we check if the localStorage already has the auth token , if yes we redirect him My Account page.
When the user clicks on Logout, we remove the auth token from localStorage and redirect user to Login page, so he is logged out.