Add API route to register a new user #27
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The main added feature is the `POST /api/users` route. Additionally: * The backend now has a generic mechanism to send emails (see development guide). * In addition to what is required for registration, columns have been added to the `users` table to identify the authentication provider. Currently there is only the local provider, but in the future there may be Facebook, Twitter, etc. * When a new user registers, the email is reserved until the registration process has been completed. However, after the expiration of the last generated OTP (the lifespan defaults to 2 hours), new registration requests will be accepted for the same email, replacing the incomplete registration (i.e. user) in the database. * JWTs now have authorization scopes (see development guide). This is used in the context of user registration: a registration OTP is retrieved from the link sent in the registration email. This OTP allows a user to obtain a JWT with a special `register` scope. This JWT will allow to mark the user's email as verified (in the next PR). * JWTs with infinite validity can now be generated (see `POST /api/auth` documentation). The following code changes and refactorings have been made: * The ECMAScript version in `.eslintrc.json` has been increased to ECMAScript 2018 to support the object spread operator. * All mentions of "e-mail" have been replaced by "email". * All `getExpected*` functions (e.g. `getExpectedUser`) that were in `server/spec/utils.js` have been moved to the respective `server/spec/expectations/<model>.js` file. This makes more sense as they are expectation-related. * The file `server/spec/utils.js` has been split into several files in the new `server/spec/utils` directory. This was necessary to avoid a circular dependency. * Test coverage for the files in `server/api/auth` and `server/api/users` has been brought to 100% excluding parts that will be completed when implementing `PATCH /api/users/:id`, as those features are critical to security. The following changes have been made to the dependencies: * https://www.npmjs.com/package/fast-glob replaces `glob` as it has a Promise-based API. * `fs-extra` and `handlebars` are now production dependencies instead of development dependencies because they are used to load and parse email templates when starting the server. * https://www.npmjs.com/package/js-yaml has been added to parse the YAML front matter of emails (see development guide). * https://www.npmjs.com/package/query-string and https://www.npmjs.com/package/url-join have been added to facilitate building URLs (used in this PR to build the registration link). Stories: TG-1, TG-2
Co-Authored-By: saraheig <sarah.composto@heig-vd.ch>
Co-Authored-By: saraheig <sarah.composto@heig-vd.ch>
Co-Authored-By: saraheig <sarah.composto@heig-vd.ch>
Co-Authored-By: saraheig <sarah.composto@heig-vd.ch>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The main added feature is the
POST /api/usersroute. Additionally:development guide).
added to the
userstable to identify the authentication provider.Currently there is only the local provider, but in the future there
may be Facebook, Twitter, etc.
registration process has been completed. However, after the expiration
of the last generated OTP (the lifespan defaults to 2 hours), new
registration requests will be accepted for the same email, replacing the
incomplete registration (i.e. user) in the database.
used in the context of user registration: a registration OTP is
retrieved from the link sent in the registration email. This OTP allows
a user to obtain a JWT with a special
registerscope. This JWT willallow to mark the user's email as verified (in the next PR).
POST /api/authdocumentation).
The following code changes and refactorings have been made:
.eslintrc.jsonhas been increased toECMAScript 2018 to support the object spread operator.
getExpected*functions (e.g.getExpectedUser) that were inserver/spec/utils.jshave been moved to the respectiveserver/spec/expectations/<model>.jsfile. This makes more sense asthey are expectation-related.
server/spec/utils.jshas been split into several files inthe new
server/spec/utilsdirectory. This was necessary to avoid acircular dependency.
server/api/authandserver/api/usershas been brought to 100% excluding parts that willbe completed when implementing
PATCH /api/users/:id, as thosefeatures are critical to security.
The following changes have been made to the dependencies:
globas it has aPromise-based API.
fs-extraandhandlebarsare now production dependencies instead ofdevelopment dependencies because they are used to load and parse email
templates when starting the server.
front matter of emails (see development guide).
https://www.npmjs.com/package/url-join have been added to facilitate
building URLs (used in this PR to build the registration link).
Stories: TG-1, TG-2