Skip to content
This repository has been archived by the owner on Jun 29, 2021. It is now read-only.

A guest should be able to login and logout #37

Closed
josepostiga opened this issue Oct 7, 2020 · 3 comments · Fixed by #45
Closed

A guest should be able to login and logout #37

josepostiga opened this issue Oct 7, 2020 · 3 comments · Fixed by #45
Assignees
Labels
story New feature

Comments

@josepostiga
Copy link
Member

josepostiga commented Oct 7, 2020

Scenario

Given I'm a guest and have a registered account
When I send a POST request to /accounts/login with valid credentials
I expect to create a personal access token assigned to the device I'm login in from

Given I'm a guest and have a registered account
When I send a POST request to /accounts/login with invalid credentials
I expect to not be able to log in

Given I'm a guest
When I send more than 10 POST requests to /accounts/login with invalid credentials in the same minute
I expect to be blocked from doing more requests until the next minute (throttled)

Given I'm an authenticated user
When I send a GET request to /accounts/me
I expect to access my account information

Given I'm an authenticated user
When I send a POST request to /accounts/logout
I expect to revoke the used token

Description

With the implementation of #22, we now need to support authentication to allow users to have access to a personal access token that gives them access to their account's information as well as other protected resources in the application that requires a registered account.

Additional requirements

We should consider use Passport for this. It may come with a lot more than we need but the alternative of rolling out our own authentication system isn't ideal. Unfortunately, AFAIK, Sanctum isn't supported on Lumen. 🤷‍♂️

Update: during the development of this issue, we found out that Passport doesn't play well with Lumen, by default. We chose to go with another implementation: https://github.com/tymondesigns/jwt-auth.

@josepostiga josepostiga added the story New feature label Oct 7, 2020
@josepostiga josepostiga changed the title A guest should be able to login A guest should be able to login and logout Oct 7, 2020
@dleicam
Copy link
Contributor

dleicam commented Oct 14, 2020

I will take this one, ok?

@josepostiga
Copy link
Member Author

@dleicam and @tiagof we should probably discuss other approaches to authentication than using Passport. I originally thought that it would be a simple drop-in, but it's turning out to be a hassle to integrate it with Lumen.

Let's discuss this on our Discord server.

@josepostiga
Copy link
Member Author

FYI: I've updated this issue to reflect the current state of development and decisions made.

dleicam added a commit to dleicam/laravel-portugal-api that referenced this issue Oct 19, 2020
dleicam added a commit to dleicam/laravel-portugal-api that referenced this issue Oct 24, 2020
dleicam added a commit to dleicam/laravel-portugal-api that referenced this issue Oct 24, 2020
josepostiga pushed a commit that referenced this issue Oct 24, 2020
* Resolves #37 - A guest should be able to login and logout

* Resolves #37 - A guest should be able to login and logout (Request Changed)

* Resolves #37 - A guest should be able to login and logout (Request Changed)

* refactor(Accounts): minor cleanup and code style fixes

Co-authored-by: José Postiga <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.