This repository has been archived by the owner on Jun 29, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 7
A guest should be able to login and logout #37
Labels
story
New feature
Comments
josepostiga
changed the title
A guest should be able to login
A guest should be able to login and logout
Oct 7, 2020
I will take this one, ok? |
FYI: I've updated this issue to reflect the current state of development and decisions made. |
dleicam
added a commit
to dleicam/laravel-portugal-api
that referenced
this issue
Oct 19, 2020
dleicam
added a commit
to dleicam/laravel-portugal-api
that referenced
this issue
Oct 24, 2020
…gout (Request Changed)
dleicam
added a commit
to dleicam/laravel-portugal-api
that referenced
this issue
Oct 24, 2020
…gout (Request Changed)
josepostiga
pushed a commit
that referenced
this issue
Oct 24, 2020
* Resolves #37 - A guest should be able to login and logout * Resolves #37 - A guest should be able to login and logout (Request Changed) * Resolves #37 - A guest should be able to login and logout (Request Changed) * refactor(Accounts): minor cleanup and code style fixes Co-authored-by: José Postiga <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Scenario
Given I'm a guest and have a registered account
When I send a POST request to /accounts/login with valid credentials
I expect to create a personal access token assigned to the device I'm login in from
Given I'm a guest and have a registered account
When I send a POST request to /accounts/login with invalid credentials
I expect to not be able to log in
Given I'm a guest
When I send more than 10 POST requests to /accounts/login with invalid credentials in the same minute
I expect to be blocked from doing more requests until the next minute (throttled)
Given I'm an authenticated user
When I send a GET request to /accounts/me
I expect to access my account information
Given I'm an authenticated user
When I send a POST request to /accounts/logout
I expect to revoke the used token
Description
With the implementation of #22, we now need to support authentication to allow users to have access to a personal access token that gives them access to their account's information as well as other protected resources in the application that requires a registered account.
Additional requirements
We should consider use Passport for this. It may come with a lot more than we need but the alternative of rolling out our own authentication system isn't ideal. Unfortunately, AFAIK, Sanctum isn't supported on Lumen.🤷♂️Update: during the development of this issue, we found out that Passport doesn't play well with Lumen, by default. We chose to go with another implementation: https://github.com/tymondesigns/jwt-auth.
The text was updated successfully, but these errors were encountered: