microapidev / auth-microapi Goto Github PK

Describe the bug
Bug report from Slack post

To Reproduce the bug
Steps to reproduce the behavior:

1. Create admin POST ​/api​/admin​/register
2. Generate admin token POST ​/api​/admin​/getkey
3. Using admin token, create user POST ​/api​/user​/register
4. Activate user from email link
5. Trigger user password reset POST ​/api​/user​/password​/reset
6. Change user password PATCH ​/api​/user​/password​/{token}
7. Notice user unable to login after password change, both old and new password no longer work

password is not encrypted upon change, thus server tries to decrypt a clear text password, leading to login failure

Screenshots

How do you intend to solve this bug?
use mongoose pre hooks for findOneAndUpdate

Desktop (please complete the following information):

Smartphone (please complete the following information):

Additional context

Is your feature request related to a problem? Please describe.
Different authentication routes for users

Describe how to intend to go about adding this feature
Use express routers

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.

The current implementation depends on the authentication providers API credentials that are stored internally. The user cannot enter their own credentials, provided to them when they registered with an authentication provider, to use with the authentication API.

For example, a user should be able to go to the Google API console and create credentials for use by the authentication MicroAPI. Passing the credentials to the authentication MicroAPI will enable Google as an active social sign in/up option. Then users can then use the endpoints (e.g. /api/auth/google) we expose to use the social sign in/up.

User Story 1: As a user, I would like to be able to select which authentication provider to activate for my specific use case.

Currently Available Authentication Providers:

• Twitter
• Facebook
• Github
• Google

User Story 2: As a user, I would like to be able to provide the credentials for my selected authentication providers' (e.g. Github Client ID and Secret) to the API during registration or an update any other time after.

• Twitter credentials:

{
    key: string,
    secret: string
}

• Facebook credentials:

{
    appId: string,
    appSecret: string
}

• Github credentials:

{
    clientId: string,
    clientSecret: string
}

• Google credentials:

{
    clientId: string,
    clientSecret: string
}

Describe how to intend to go about adding this feature

Credentials will be stored in a "Settings" model, which will be owned by an administrator.

The user model, will store the activation state of an authentication provider (e.g. { googleEnabled: true }).

When an inbound request hits one of the social authentication endpoints (e.g. /api/auth/google)

1. The user model will be checked to see if the relevant social authentication is enabled.
2. If enabled, the settings model would then be queried for the relevant social authentication provider credentials and make the request to the authentication provider with the queried credentials.
3. If disabled, the endpoint would respond with a error response that lets the user know that this authentication provider isn't enabled.

Additional context

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
The error is "ESLint: Failed to load config "airbnb-base" to extend from".This happens because the package "eslint-config-airbnb-base" has not yet been installed yet we have the line extends: ['airbnb-base']

To Reproduce the bug
Steps to reproduce the behavior:
Open the .eslintrc.js file,you'll see the error stated above immidiately.

Screenshots

How do you intend to solve this bug?
Install airbnb-base manually by doing npm instll --save-dev eslint-config-airbnb-base

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
Phone is needed for potential OTP

Describe how to intend to go about adding this feature
Redefine the User Schema to accomodate the new parameters. Write tests to ensure admin user registration route works

Additional context
None.

Describe the bug
Unclear documentation

To Reproduce the bug
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Screenshots
If applicable, add screenshots to help explain your problem.

How do you intend to solve this bug?
Describe in clear and concise manner how you intend to approach fixing this bug.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Give brief description of what documentation changes were made.
Use Swagger to create an open Api Documentation page

Is your feature request related to a problem? Please describe.
Users with unverified email shouldn't have access to login

Describe how to intend to go about adding this feature
Using a middleware function in login route

Additional context
none

###Rewrote documentation on how to use and contribute to repo.###

Is your feature request related to a problem? Please describe.
To make the onboarding process faster

Describe how to intend to go about adding this feature
Refactor code that allows for verification of admin users

Additional context
none

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Not found route handler
The route will take care of every route that returns 404 status code

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Brief description of tasks and objectives
There is not validation or sanitization going for any request, untrusted inputs are just fed to the database. This can lead to security problems like remote script execution and injection.
Additional resources for context

Acceptance criteria to qualify for completion

• 1. <Outline of task which is a part of chore checklist>

• Set up express validator
• Sanitize all input
• Validate input

• 2. <Outline of another task which is a part of chore checklist>

I will like to implement this
slack username: @Simeon979

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Secure routes for admin user to login and sign up users

Describe how to intend to go about adding this feature
Create middleware that authorizes users before request is passed to route

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Provide user with easier means of authentication using social auth.

Describe how to intend to go about adding this feature

• Use passport module or its equivalent

Additional context
None

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
A logout route for login user out from the app, can't perform any action unless he login again, and active user route for retrieving current or active user that's login

Describe the bug
Linting errors caused by poor code style

To Reproduce the bug
Steps to reproduce the behavior:

1. Install all npm packages with npm install
2. Install eslint extension for editor
3. Run npm run lint
4. Bugs reveal themselves

Screenshots
If applicable, add screenshots to help explain your problem.

How do you intend to solve this bug?
By refactoring the codebase to allow for eslint applicable style

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
To confirm the person signing up is not a robot or scammer there is need to confirm the user email address before letting the person carryout core activities on the platform this API will be used.

Describe how to intend to go about adding this feature
The pseudocode goes thus:

• User signed up with email and password
• Collect the email address of the user
• Write a logic that generates token and concatenate to a url
• Setup email protocol to transport the url to user mailbox
• That is all for this part

Additional context
This request is 1 of 3 that will handle the email verification.
We can talk about the others later.

Describe the bug
A clear and concise description of what the bug is.

To Reproduce the bug
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Screenshots
If applicable, add screenshots to help explain your problem.

How do you intend to solve this bug?
Describe in clear and concise manner how you intend to approach fixing this bug.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Fixing register route*
Fixing login route
Fixing active user route

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Response messaging. Use the format as described here https://docs.google.com/document/d/1YpMTCfLHFV-o9gwxovViF0GVJMHzPbhSvKGenPIEARk/edit

To Reproduce the bug
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Screenshots
If applicable, add screenshots to help explain your problem.

How do you intend to solve this bug?
Describe in clear and concise manner how you intend to approach fixing this bug.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
Api users with role admin should be authenticated via different routes to get API_KEY

Describe how to intend to go about adding this feature
Rename user routes to adminUser routes for easy differentiation.

Additional context
none

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Guest users should be associated with their respective admins/platforms.

Describe how to intend to go about adding this feature
This can be achieved by passing admin JWT with each guest user request.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
the route says that res.status is not a function.

To Reproduce
Steps to reproduce the behavior:

1. Send a GET request to /api/v1/auth/home

Expected behavior
A long text of error shows up

Is your feature request related to a problem? Please describe.
Users should be identified before allowing access to api

Describe how to intend to go about adding this feature
Create a middleware for routing where user authorization is needed

Additional context
None

Is your feature request related to a problem? Please describe.
The Session Management utility has no real need to be configured externally from Passport. Since some Passport strategies already manage the user session in their implementation of user authentication, I think it'll be wise to configure a passport-local strategy to follow suite and fully replace Session Management.

Describe how to intend to go about adding this feature

• Use the passport-local strategy to authenticate users locally
• Configure user session options argument for all passport strategies

Additional context
None

Is your feature request related to a problem? Please describe.
Provide user with easier means of authentication using social auth.

Describe how to intend to go about adding this feature
Use passport module or its equivalent

Additional context
None

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.
User Registers or logs in via Github

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
When a user visits a route that returns 404 status code, that's page does not belong to the app or page not found and it's will break the app.

Describe how to intend to go about adding this feature
I created an error handler middleware that will trigger any time and unknown routes visited and also any error that may occur like server error, Mongo error, and so on will be handle. And that also prevent my app to break

Additional context

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Login route for signing in user with his/her credentials that's already available in the DB

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Yes. User account needs be confirmed

Describe how to intend to go about adding this feature

• Creating a route that handles the get request from the client
• Retrieve the verification token from the request params
• Use the token to find the user and begin the verification process

Additional context
This is the second part to Email Verification. Third part can be implemented after the Signin api is tested and working fine.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
An admin user should have a specific database to work with on their registered platform.

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
A Mongo database needs to be provided for use. You'll also need to link the adminUser object schema to the created collection.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Register route for creating new user in the DB

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe how to intend to go about adding this feature
Describe the approach you will take in adding this feature.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.

• Upon signing in, a user who forgets his login credentials can seek for a password reset which a link would be sent to him via email to reset the password.
• The link has some tokens embedded in it for verification and this can also expire
• For a logged in user, he/she can decide to change password for a new one.This will be authenticated via a middleware

Additional context
This includes 3 features:

• User can forget password and ask for a password reset
• User can reset password
• User can change password when logged in

Is your feature request related to a problem? Please describe.
Customize errors to prevent 500: Internal Server Error being returned

Describe how to intend to go about adding this feature
Create errors that inherit from Error object

Additional context
Errors will be used in response messages where they are needed e.g ValidationError, JsonWebTokenError e.t.c

Is your feature request related to a problem? Please describe.
Required documentation for web page

Describe how to intend to go about adding this feature
Add a view for documentation which would be linked to home page route

Describe the bug
Route not implemented

To Reproduce the bug
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Screenshots
If applicable, add screenshots to help explain your problem.

How do you intend to solve this bug?
Describe in clear and concise manner how you intend to approach fixing this bug.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.