Skip to content
This repository has been archived by the owner on Sep 5, 2024. It is now read-only.

feat(auth): Initialize authentication API #85

Merged
merged 16 commits into from
Feb 11, 2024
Merged

feat(auth): Initialize authentication API #85

merged 16 commits into from
Feb 11, 2024

Conversation

feryardiant
Copy link
Contributor

@feryardiant feryardiant commented Feb 10, 2024
edited
Loading

Essentially this PR is an extraction of what's already implemented in our skeleton with the exception of UI.

Method End-point Name Purpose
GET HEAD /auth base.verify Verify that the authentication token is valid
DELETE /auth base.logout Destroy current login session and auth token
POST /auth/login base.login Create new login session and auth token
POST /auth/refresh base.refresh Creat new auth token using existing valid refresh token
POST /auth/register base.register Register new credential account
POST /auth/forgot-password base.password.forgot Request new credential password
GET HEAD /auth/reset-password/{token} base.password.reset Email link for user who forgot their password
PUT /auth/reset-password base.password.update Update user' password
POST /auth/email/verification-send base.verification.send Request new email verification
GET HEAD /auth/email/verify/{id}/{hash} base.verification.verify Email link to verify user' email

base.verify

End-point: GET {APP_URL}/auth

Headers:

Key Value
Authorization Bearer {ACCESS_TOKEN}
Accept application/json

Response:

  • Success

    Status: 200 Ok 
    {
    "data": {
        "id": 1,
        "name": "creasi",
        "email": "[email protected]",
        "email_verified_at": null,
        "created_at": "2024-02-10T10:38:46.000000Z",
        "updated_at": "2024-02-10T10:38:46.000000Z"
    }
}

  • Invalid Access Token

    Status: 401 Unauthorized 
    {
    "message": "Unauthenticated"
}

base.logout

End-point: DELETE {APP_URL}/auth

Headers:

Key Value
Authorization Bearer {ACCESS_TOKEN}
Accept application/json

Response:

  • Success Status: 204 No Content

  • Invalid Access Token

    Status: 401 Unauthorized 
    {
    "message": "Unauthenticated"
}

base.login

End-point: POST {APP_URL}/auth/login

Headers:

Key Value
Accept application/json
Content-Type application/json

Body:

Field Rule Option Description
credential string required -
password string required -
remember boolean optional -
device_token string optional -

Response:

  • Success

    Status: 201 Created 
    {
    "data": {
        "id": 1,
        "name": "creasi",
        "email": "[email protected]",
        "email_verified_at": null,
        "created_at": "2024-02-10T10:38:46.000000Z",
        "updated_at": "2024-02-10T10:38:46.000000Z"
    },
    "auth": {
        "access_token": "random-string",
        "expires_at": "timestamp",
        "refresh_token": "random-string"
    }
}

  • Invalid Inputs

    Status: 422 Unprocessable Content 
    {
    "message": "These credentials do not match our records.",
    "errors": {
        "credential": [
            "These credentials do not match our records."
        ]
    }
}

base.refresh

End-point: POST {APP_URL}/auth/refresh

Headers:

Key Value
Authorization Bearer {REFRESH_TOKEN}
Accept application/json

Response:

  • Success

    Status: 201 Created 
    {
    "data": {
        "id": 1,
        "name": "creasi",
        "email": "[email protected]",
        "email_verified_at": null,
        "created_at": "2024-02-10T10:38:46.000000Z",
        "updated_at": "2024-02-10T10:38:46.000000Z"
    },
    "auth": {
        "access_token": "1|abcdef123qAeVTkCdfzXSpU5SWDneKD0f6aNAeQ2a5b48f5",
        "expires_at": "2024-02-10T17:34:05.000000Z",
        "refresh_token": "2|abcdef1235Q8tMs2npYxMsXmH7YpLVwFE6qktI0f3ef274b"
    }
}

  • Invalid Access Token

    Status: 401 Unauthorized 
    {
    "message": "Unauthenticated"
}

base.register

End-point: POST {APP_URL}/auth/register

Headers:

Key Value
Accept application/json
Content-Type application/json

Body:

Field Rule Option Description
name string min:2 max:150 required -
email string unique email required -
password string min:8 required -
password_confirmation string equals:password required -

Response:

  • Success

    Status: 201 Created 
    {
    // Based on `creasico::auth.registered-no-verify` or `creasico::auth.registered-needs-verify` translation
    "message": "You have successfully registered. Don\'t forget to verify your email address."
}

  • Invalid Inputs

    Status: 422 Unprocessable Content 
    {
    "message": "The name has already been taken. (and 1 more error)",
    "errors": {
        "name": [
            "The name has already been taken."
        ],
        "email": [
            "The email has already been taken."
        ]
    }
}

base.password.forgot

End-point: POST {APP_URL}/auth/forgot-password

Headers:

Key Value
Accept application/json
Content-Type application/json

Body:

Field Rule Option Description
email string exists email required -

Response:

  • Success

    Status: 200 Ok 
    {
    // Based on `passwords.send` translation
    "message": "We have emailed your password reset link!"
}

  • Invalid Inputs

    Status: 422 Unprocessable Content 
    {
    "message": "The selected email is invalid.",
    "errors": {
        "email": [
            "The selected email is invalid."
        ]
    }
}

base.password.reset

End-point: GET {APP_URL}/auth/reset-password/{token}

Route Params:

Field Rule Option Description
token string required Random string

Response:

Note
Not yet implemented! This should be a page that user can put their new password before send it to base.password.update, or it could be redirection so the front-end can handle it.

base.password.update

End-point: PUT {APP_URL}/auth/reset-password

Headers:

Key Value
Accept application/json
Content-Type application/json

Body:

Field Rule Option Description
token string required The token that user receive in their email, or see base.password.reset route
email string exists email required -
password string required -
password_confirmation string required -

Response:

  • Success

    Status: 200 Ok 
    {
    // Based on `passwords.reset` translation
    "message": "Your password has been reset!"
}

base.verification.send

End-point: POST {APP_URL}/auth/email/verification-send

Headers:

Key Value
Authorization Bearer {ACCESS_TOKEN}
Accept application/json

Response:

  • Success

    Status: 200 Ok 
    {
    // Based on `creasico::auth.email-verification-sent` translation
    "message": "A new verification link has been sent to your email address."
}

  • Invalid Access Token

    Status: 401 Unauthorized 
    {
    "message": "Unauthenticated"
}

base.verification.verify

End-point: GET {APP_URL}/auth/email/verify/{id}/{hash}

Route Params:

Field Rule Option Description
id string required User ID
hash string required Random string

Response:

Note
Not yet implemented! This should be a page that user can put their new password before send it to base.password.update, or it could be redirection so the front-end can handle it.

@feryardiant feryardiant self-assigned this Feb 10, 2024
@feryardiant feryardiant requested a review from a team February 10, 2024 11:36
@github-actions github-actions bot added enhancement New feature or request api labels Feb 10, 2024
@feryardiant
chore(model): update workbench user model to comply the common uses o…
bf4ffdd 
…f it

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(test): get rid of workbench config due to it seems not in use
26d27a5 
Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(test): make use of workbench service provider to customize defa…
f424476 
…ult configs

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(i18n): update missing translation files
f94afff 
Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(auth): set token expiration fallback to session.lifetime when…
6dccd5a 
… `sanctum.expiration` is null

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore: retrieve personal access token model from tokens relation
aacf3fe 
instead of hard-coded the model name, it's prevent error when user actually
customize the model via `Sanctum::usePersonalAccessTokenModel()` method

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(db): add table constrain between sessions and users table
046dc4e 
Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
feat(auth): add ability for sanctum to retrieve access token from que…
ec7fd20 
…ry string

only for `GET` and `HEAD` request method, otherwise we'll keep using Bearer headers

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
feat(auth): add ability for the app configure the way it' users to be…
5db2349 
… authenticated

Previously the `base.login` end-point only supports `username` field which is
represent the `name` field in `users` table. In some circumstances we might needs
to be authenticated via `email` field instead.

This way we could configure the way our project is authenticating it' users via
`creasi.base.credentials` config key. The option supports array of strings that
represents the field on `users` table that we want to use as user' credential

Signed-off-by: Fery Wardiyanto <[email protected]>
@feryardiant
chore(docs): update readme
2691db0 
Signed-off-by: Fery Wardiyanto <[email protected]>
@github-actions github-actions bot added the docs Improvements or additions to documentation label Feb 11, 2024
@feryardiant
chore: clean up my stupidity
28a9d1f 
Signed-off-by: Fery Wardiyanto <[email protected]>
creasi
creasi approved these changes Feb 11, 2024
View reviewed changes
Copy link
Contributor

@creasi creasi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementasi saat ini memang masih belum bisa meng-cover semua case yang umumnya kita butuhkan, tapi setidaknya sudah cukup untuk dijadikan pondasi feature apa saja yang perlu kita sediakan berikutnya.

src/Http/Controllers/Auth/RegisteredUserController.php Show resolved Hide resolved
src/Http/Controllers/Auth/EmailVerificationController.php Show resolved Hide resolved
src/Http/Controllers/Auth/ResetPasswordController.php Show resolved Hide resolved
src/Http/Resources/UserResource.php Show resolved Hide resolved
@creasi creasi merged commit d929b67 into main Feb 11, 2024
6 of 7 checks passed
@creasi creasi deleted the init-auth branch February 11, 2024 20:14
@creasi creasi mentioned this pull request Feb 16, 2024
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@creasi creasi creasi approved these changes

Assignees

@feryardiant feryardiant

Labels
api db: schema docs Improvements or additions to documentation enhancement New feature or request localization
Projects
Shared Repositories
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@feryardiant @creasi