Authentication Shopping Cart App #12
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MVP
Add OAuth2 Security to the application
Add the necessary dependencies
Update User model as appropriate
Add findByName to the User Service with associated repository entry
Add the necessary helper functions
Add the SecurityUserService service
Add and update the necessary configuration files
The initial endpoints are affected by security as follows
Only admins can access routes /roles/**
Only admins can access routes /products/**
Only admins can access routes
POST /users/user
DELETE /users/user/{id}
PUT /users/user/{id}
GET /users/user/name/{userName}
GET /users/user/name/like/{userName}
GET /users/user
For the following routes, admins can access them and a user can access only their own data
PATCH /users/user/{id}
GET /users/user/{userId}
For the routes /carts/**
Remove the user/{userid} path variable from all the routes
Use the authenticated as the user to work with
Add new endpoints
http://localhost:2019/users/myinfo
Any authenticated user can access this endpoint and it will return the authenticated users information
http://localhost:2019/logout
Allows a user to logout of the system by removing their access token from the token store
Address CORS
Stretch Goals
When working with Cart Items, give the client the option of sending a comment