Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authentication logic #41

Open
12 of 13 tasks
jGleitz opened this issue Nov 22, 2015 · 2 comments
Open
12 of 13 tasks

Add authentication logic #41

jGleitz opened this issue Nov 22, 2015 · 2 comments
Milestone
Phase 1

Comments

@jGleitz
Copy link

jGleitz commented Nov 22, 2015

Branch: HelfenKannJeder/come2help-web: feature/authentication-logic

TODOs

  • Installation
  • Setup
  • Get clientId for Facebook, Google Plus, Instagram, etc. (optional. Does @valentinz have specific accounts? HowTo)
  • Add resolve to routes (RouteProvider doc, Example)
    • skipIfLoggedIn
    • loginRequired
  • Create login form (Example)
    • Controller
    • Partial
  • Send POST request on login form submit satellizer does that already
  • Receive JSON Web Token and save it to local storage
  • Coordinate with backend regarding configuration of login with Email and Password (see below)
  • Logout Controller

Default configuration of satellizer for login with Email and Password

$authProvider.httpInterceptor = function() { return true; },
$authProvider.withCredentials = true;
$authProvider.tokenRoot = null;
$authProvider.cordova = false;
$authProvider.baseUrl = '/';
$authProvider.loginUrl = '/auth/login';
$authProvider.signupUrl = '/auth/signup';
$authProvider.unlinkUrl = '/auth/unlink/';
$authProvider.tokenName = 'token';
$authProvider.tokenPrefix = 'satellizer';
$authProvider.authHeader = 'Authorization';
$authProvider.authToken = 'Bearer';
$authProvider.storageType = 'localStorage';
@vzickner vzickner added this to the Phase 1 milestone Nov 24, 2015
@BassT BassT self-assigned this Nov 26, 2015
@BassT
Copy link
Contributor

BassT commented Nov 27, 2015

The login data is submitted in plain text. Is that a problem?

{"email":"[email protected]","password":"asdasd"}

@jGleitz
Copy link
Author

jGleitz commented Nov 27, 2015

The login data is submitted in plain text. Is that a problem?

We’re using SSL, so I guess not. I thought about it and I’m pretty sure not security gain can be achieved by hashing the password on the client side.

Plus, if that puts your mind at ease, Facebook submits passwords in plain text too ;)

@jGleitz jGleitz assigned jGleitz and unassigned BassT and jGleitz Nov 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Phase 1
Development

No branches or pull requests
3 participants
@vzickner @jGleitz @BassT