-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement /auth in REST API #33
Conversation
Pull Request Test Coverage Report for Build 236
💛 - Coveralls |
end | ||
else | ||
conn | ||
|> send_resp(404, "Missing parameters") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why 404 should be Bad Request
|
||
def create(conn, _params) do | ||
conn | ||
|> send_resp(404, "Missing parameters") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for one function call we shouldn't use pipe syntax, what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Maybe we can base our code styling on this guideline: https://github.com/christopheradams/elixir_style_guide? @sreycodes
|> send_resp(404, "Missing parameter(s)") | ||
end | ||
|
||
def logout(conn, %{"refresh_token" => refresh_token}) do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm why does logout need to pass the refresh token? After authenticating user you should simply delete the user entry in GuardianDB
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, about that: we still haven't integrated guardiandb. Will integrate soon.
|
||
swagger_path :create do | ||
post("/auth") | ||
summary("Obtain access and refresh tokens to authenticate user") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is API documentation, this should be more descriptive so the frontend team knows what to do just by reading API docs. For instance, I think you should specify which HTTP header to put the token in, the token expiry time, etc
lib/cadet_web/router.ex
Outdated
} | ||
end | ||
|
||
scope "/api/swagger" do | ||
scope "/v1/swagger" do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typically we don't scope the swagger doc with API version because it's supposed to cover all versions.
@evansb Re: logout needing to pass Alternatively, I can add a field to user to store his/her |
@evansb Fixed this according to your code review, should be ready for merging. |
* Remove frontend stuffs * Remove frontend config * Change router * Remove failing tests * Remove frontend stuffs * Remove frontend config * Change router * Remove failing tests * Remove unnecessary plugs in router * Revert wrongfully removed conflict resolution * Remove failing test * Run mix format * Implement auth get token * Complete implementation of AuthController * Remove more front-end junk * Mix format * Wrote some preliminary tests * Write tests for AuthController#create * Add tests for AuthController#refresh * Complete testing and add slight change to handle error more gracefully * Remove yet another frontend junk * Mix format * Add comment: to integrate with GuardianDb in the future * Correct one missed conflict * Add instruction in README on API documentation * Change 404 error code to 400 * Change swagger route * Modify auth controller test to conform to 400 bad request * Remove single function call pipe syntax * Change status code to its atom equivalent * Add guardian_db and setup * Add securityDefinitions in swagger * Add more descriptive swagger summary * Fix logout to accept access_token instead * Mix format * Clean-up swagger documentation
* Remove frontend stuffs * Remove frontend config * Change router * Remove failing tests * Remove frontend stuffs * Remove frontend config * Change router * Remove failing tests * Remove unnecessary plugs in router * Revert wrongfully removed conflict resolution * Remove failing test * Run mix format * Implement auth get token * Complete implementation of AuthController * Remove more front-end junk * Mix format * Wrote some preliminary tests * Write tests for AuthController#create * Add tests for AuthController#refresh * Complete testing and add slight change to handle error more gracefully * Remove yet another frontend junk * Mix format * Add comment: to integrate with GuardianDb in the future * Correct one missed conflict * Add instruction in README on API documentation * Change 404 error code to 400 * Change swagger route * Modify auth controller test to conform to 400 bad request * Remove single function call pipe syntax * Change status code to its atom equivalent * Add guardian_db and setup * Add securityDefinitions in swagger * Add more descriptive swagger summary * Fix logout to accept access_token instead * Mix format * Clean-up swagger documentation
Based on #32, once that PR is merged, the no of files changed in this PR will be reduced significantly