hoodiehq / hoodie-account-client Goto Github PK
View Code? Open in Web Editor NEW:dog: Account client API for the browser
Home Page: https://hoodiehq.github.io/hoodie-account-client
License: Apache License 2.0
:dog: Account client API for the browser
Home Page: https://hoodiehq.github.io/hoodie-account-client
License: Apache License 2.0
filter
query string may be abstracted into the javascript api in order to to filter findAll
results on the server side by usernametests/integration/admin-*.js
according to the linked README.admin/lib/accounts/find-all.js
(if necessary) such that tests pass.for this issue, tests need not be complete spec coverage, but while making the edits described above, it might be a good time to get more complete spec coverage in integration tests for findAll
. an integration test for the filter by username usage is the bare minimum.
after these edits, make edits to the implementation of admin.sessions.add
according to the TODO
in admin/lib/sessions/add.js
, either as part of this or a new issue.
If a session gets invalidated, "unauthenticate" events get triggered, for example when account.fetch()
is called. Once unauthenticated, account.isUnauthenticated
shall return true, otherwise false. The unauthenticate state shall also be persisted in localStorage.
account.signIn
with the same username creates a new valid session and emits the reauthenticate
event
account.hasInvalidSession()
account.hasInvalidSession()
, and persist the unauthenticate state in localStorageaccount.hasInvalidSession
and remove issue reference in Events)When reproducing the Error from #54 a GET Request to http://127.0.0.1:8080/undefined/session/account
is send.
setting an empty String as a fallback in utils/get-state.js should fix that.
follow up for hoodiehq/hoodie#262
account.isSignedIn is document, but not listed in https://github.com/hoodiehq/hoodie-client-account#api
follow up for #6
maybe nock can to this today, otherwise we can try http://sinonjs.org/docs/#server
Before a new version of account-client gets released, docs are generated automatically from source code, which currently looks like this:
To make it look better, take https://github.com/hoodiehq/pouchdb-hoodie-api as example. We need to add JSDoc Comments like these: https://github.com/hoodiehq/pouchdb-hoodie-api/blob/master/find-or-add.js#L8-L16
in the signIn method, we miss a return
here:
https://github.com/hoodiehq/hoodie-client-account/blob/master/lib/signin.js#L11
At the moment the code execution is continued and the request to the server is sent, even when username & password is not passed.
Tricky one to test, but would be good if we could add that, too.
We need support a client-generated ID for our account for Hoodie, as the account ID will be set to hoodie.id
, and hoodie.id
gets generated upon first initialisation. JSON API explicitly supports client-generated resource IDs
So what we want is this
var account = new Account({
url: 'https://example.com/api'
id: 'abc4567'
})
account.signUp({
username: 'pat',
password: 'secret'
})
to send this request
### Sign Up [PUT /session/account]
+ Request (application/vnd.api+json)
+ Headers
Accept: application/vnd.api+json
+ Body
{
"data": {
"type": "account",
"id": "abc4567",
"attributes": {
"username": "john-doe",
"password": "secret"
}
}
}
current status: [](https://coveralls.io/github/hoodiehq/hoodie-client-account?branch=master)
npm run test:coverage
...
=============================== Coverage summary ===============================
Statements : 97.09% ( 400/412 )
Branches : 91.2% ( 114/125 )
Functions : 92.86% ( 65/70 )
Lines : 97.09% ( 400/412 )
================================================================================
npm test
npm run test:coverage
. That also creates a coverage
folder. Open coverage/lcov-report/index.html
for a nice UI that shows you exactly what lines / branches etc are not yet coveredWIP #66 coverage
Ping us in the Hoodie Chat or on Twitter if you have _any_ questions
follow up for hoodiehq/hoodie#357
follow up for https://github.com/hoodiehq/hoodie-account-client#accountsignin. This will need a change in account server
follow up for #7
accountAdmin.accounts.updateAll()
is a bit tricky, because at this point, our JSON API has no way to update multiple resources at once, so the only way to implement this would by sending a separate DELETE
request for each account. Which is doable, I'd prefer to think about how to provide a REST API for it. The JSON API Bulk Extension could be exactly what we need here
This is what we want
// given user is signed in as "pat"
account.signOut()
.then(function (properties) {
properties.username // should be "pat"
})
t.plan(10)
to t.plan(11)
. Test should fail nowPing us in the Hoodie Chat or on Twitter if you have any questions
This issue is reserved for participants of Welcome to Open Source, Atlanta.
If it’s still available after April 2nd, it’s all yours :)
Currently, testing section of this repository’s README has no instructions on how to setup it up locally for testing. The steps are the same as for hoodie-client, only the URL is different as it’s a different repository
If this is your first, welcome 🎉 😄 Here is a great tutorial on how to send a pull request
README.md
file.docs(README): setup instructions
closes #88
in the description of the pull requestPing us in the Hoodie Chat or on Twitter if you have any questions :)
If user is not signed in, account.get()
should return undefined. So should account.profile.get()
. I think this is already the case, but we don’t have a test for that yet.
Tests need to be added to https://github.com/hoodiehq/hoodie-client-account/blob/master/tests/specs/get.js & https://github.com/hoodiehq/hoodie-client-account/blob/master/tests/specs/get-profile.js. Pass in {}
as state, instead of the state
variable, and make sure the get
methods return undefined
follow up for #7
accountAdmin.accounts.updateAll()
is a bit tricky, because at this point, our JSON API has no way to update multiple resources at once, so the only way to implement this would by sending a separate PATCH
request for each account. Which is doable, I'd prefer to think about how to provide a REST API for it. The JSON API Bulk Extension could be exactly what we need here
similar to what we done here: hoodiehq/hoodie-client#14, but without the .trigger method, because there is currently no use case for it
account.update(options) is implemented, but does not yet emit an update
event.
update
event to README. Commit it with docs(README): update event
test: update event
& pushfeat: update event
& pushadmin.on()
admin.one()
admin.off()
admin.accounts.on()
admin.accounts.one()
admin.accounts.off()
admin.requests.on()
admin.requests.one()
admin.requests.off()
for admin
signin
signout
unauthenticate
reauthenticate
for admin.accounts
and admin.requests
change
(eventName, properties)add
(properties)update
(properties)remove
(properties)Note that these events are only triggered when calling the .add
/ .update
/ .updateAll
/ .remove
/ removeAll
methods. They are not triggered data gets changed on the server by someone else (see Remote Events below)
change
/add
/update
/remove
events for changes on remote (not caused by me)account.signIn({username: 'pat', password: 'secret'})
currently resolves iwth
{
sessionId: "287f3a64-df67-4384-a00d-35d0c257f798"
username: "pat"
}
But should resolve with
{
id: "287f3a64-df67-4384-a00d-35d0c257f798"
username: {
id: "account123",
username: "pat",
roles: []
}
}
As showin in the README: https://github.com/hoodiehq/hoodie-client-account#accountsignin
I guess the way we serialise at the moment is not up to date with the latest spec, so other methods / tests might be needed to be adapted as well
e.g. if I try to account.signIn(options)
I get the Error: Please include a JSON API response to deserialise
error
We assume that state.session
is an object here: https://github.com/hoodiehq/hoodie-client-account/blob/master/lib/fetch.js#L14
But when signed out, state.session
is undefined
depends on #56
If account.isUnauthenticated()
returns true
and the user signs in with the same username, then an reauthenticate
event should be triggered (instead of signin
)
Currently, a user can not sign up and pass profile properties. This will fail
account.signUp({
username: 'pat',
password: 'secret',
profile: {
fullname: 'Dr Pat Hook'
}
})
The reason is that JSON API currently does not allow for multiple actions in a single request
So we need to send a separate request to PATCH /session/account/profile
As signUp (creating account) is separated from signIn (creating session), we can't send a Authorization: Bearer ...
token. I would suggest we allow to authenticate traditionally with Authoriziation: Basic ...
as well, so we would send headers.authorization = 'Basic ' + base64encode('pat:secret')
Authentication with Basic ...
and also Token ...
will be required for the admin client, too: https://github.com/hoodiehq/hoodie-client-account/tree/master/admin
Only the valid session is required for authorization at this point.
account.destroy
(it is similar to account.signOut for now)signOut
and destroy
event is triggeredfollow up for #74 (comment)
Right now, we send an internal PUT /session
request after a PATCH /session/account
request which changed the account username and/or password.
Instead, we want the PATCH /session/account
response to optionally include a x-set-session
header which would include the new session id, so that it can be updated without sending an extra request
Working on your first Pull Request? You can learn how from this free series How to Contribute to an Open Source Project on GitHub
PATCH /session/account
response to include the x-set-session
header with a new session id.DELETE /session
request mock. Make sure the new session id is passed in the Authorization: bearer <new session id here>
header. Make sure test fails when you run npm test
test(update): session id
npm test
fix(update): session id
Ping us in the Hoodie Chat or on Twitter if you have any questions :)
followup for hoodiehq/hoodie#282
pass created at to the sign up request, so the server can store createdAt and a separate signedUpAt timestamp. Related server issue: hoodiehq/hoodie-account-server#154
in utils/request.js
, we expect response.body
to be an object with a errors
array property. In some circumstances there might be an issue with that, and we should add a check if response.body.errors
exists and if it doesn’t, response.body
can be a string like Not found: /hoodie/account/api/session/account
.
To simulate an unauthenticated state, replace session.id
in localStorage.account
with a bogus value, then reload the page and do account.fetch()
account.fetch()
. In the latter, make sure that an "unauthenticate" event gets triggeredaccount.update
, account.profile.fetch
and account.profile.update
The idea is that by default, account.validate()
always resolves. A custom validation method can be passed as options.validate
to the Account
constructor.
Find docs here: admin.sessions.add(options)
admin-sessions-test.js
here: https://github.com/hoodiehq/hoodie-client-account/tree/master/test/integration with a test for admin.sessions.add(options)
sessions.add
methodpart of hoodiehq/hoodie#458
hoodie-account-client
package.json
, set "name"
to "@hoodie/account-client"
, and add "publishConfig": {"access": "public"}
hoodie-account-client
and replace with hoodie-account-client
Once merged
hoodie-client-account
in the npm registryCOVERALLS_REPO_TOKEN=... npm run coverage
, then on coveralls.io require 100%
coverage for success)/cc @gr2m
account.update(options) is implemented, but the problem is that once the username and/or password changes, the session ID gets invalidated.
So what we need is to renew the session with the new username / password by doing a PUT /session
request, but without triggering any extra events.
account.get('session.id')
and account.username
has been updatedtest: renew session after username / password change
fix: renew session after username / password change
& pushAs described in https://github.com/hoodiehq/hoodie-client-account#accountusername
See how hoodie.id
is implemented in hoodie-client for comparison
account.username
account.username
admin.username
admin.username
Only username
and password
can be changed at this point, and only the valid session is required for authorization at this point.
account.update
(it is similar to account.profile.update for now)account.username
is set to the new username if it got changed, and sign out & back in with the new username / passwordcurrently we store the user session in _session
, it’s hardcoded here & here & here.
I'd like to make this configurable. My main reason is that I'd like to reuse code between the Account and AccountAdmin, and I'd like to prevent conflicts between the two.
follow up for discussion at hoodiehq/hoodie-client#42 (comment). It’s worth reading to get some background what we try to achieve and why.
so what we want is this
hoodie.account.on('signin', function (account, options) {
options.hooks.push(function () {
return Promise.reject(new Error ('foo'))
})
})
hoodie.account.signIn({username: 'pat', password: 'secert')
.catch(function (error) {
// fails with "foo" error
})
@danreeves came up with the idea and made a reference implementation of hooks
option here:
hoodiehq/hoodie-client@master...danreeves:hoodie-reset
before:signin
/ after:signin
eventsbefore:signin
/ after:signin
eventsbefore:signout
/ after:signout
eventsbefore:signout
/ after:signout
eventse.g. if a user tries to update profile, but the server responds with 403
We broke all the routes: https://github.com/hoodiehq/hapi-couchdb-account-api
It's now all JSON API, following the specification at http://docs.accountrestapi.apiary.io
We need to adapt the tests & implementation of the client accordingly
account.request(type/*, options*/) // returns promise
Examples
account.request('upgrade', {plan: 'pro', token: 'stripe123'})
.then(function () {
alert('Upgraded successfully!')
})
.catch(function (error) {
alert(error)
})
follow up for #78 (comment)
account.fetch('fullname').then(function (createdAt) {
alert('Hey there ' + fullname)
})
should be
account.fetch('fullname').then(function (fullname) {
alert('Hey there ' + fullname)
})
Please help free to turn this into a starter issue <3 Edit my issue description directly, or create a follow up issue so we can close this one :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.