Provides authentication/user management for all jobhub microservices. Uses JWT for authentication.
Each user has the following attributes:
id: A unique ID generated for each user.email: An email address used for login.password: The users password. All passwords are hashed using bcrypt.type: The type of user. Can be Applicant or Recruiter.verified: Whether the user has verfied their email after creating their account. Required to be able to login.
git clone https://github.com/scrum-gang/authentication.git
cd authentication
npm install
npm startBuilds are automated using Travis and deployed on Heroku.
There are two Heroku deployments:
- Staging: https://jobhub-authentication-staging.herokuapp.com/
- Production: https://jobhub-authentication.herokuapp.com/
The staging deployment should be used for all development/testing purposes, in order to keep production from being poluted with test data.
Please note that any new builds on the development branch will wipe the staging database.
- Create user using
/signup. - Verify new user by clicking link in email received.
- Login using
/login, keep JWT token. - Can get logged in user using
/users/selfand passing token in header.
Details all the fields in the User model.
- Get users :
GET /users - Get user by id :
GET /users/:id - Update user by id :
PUT /users/:id - Delete user by id :
DELETE /users/:id - Signup new user :
POST /signup - Login existing user :
POST /login - Logout user :
POST /logout - Get user from token :
GET /users/self - Update user from token :
PUT /users/self - Delete user from token :
DELETE /users/self - Resend verification email for unverified user :
POST /resend
All users endpoints except for /users/self are restricted to moderators only. Moderators have unrestricted access to all endpoints. Only a moderator can promote another user to a moderator role.
Note: Restrictions on endpoints can be bypassed by passing the secret header in the request. Ask someone on authentication for the secret or see pinned message on authentication channel on Discord.