Mockup static data needed sent and received from the front end and devise a testing solution and the code.

See #11 for more details on the front end requirements for this issue.

The routes file should correctly pull in a single routes file per app. Each routes file should then correctly list each sub route as a child route and do any code splitting afterwords.

• clean up routes
• on enter

I was getting error while setting up the project . Please , update about .env file in the readme and nodejs version in dependency file.

Before diving any further into the auth I'd like to build out the bare minimum example of testing the graphql endpoints.

EG google auth fb auth etc

facebook/react#1159

Should return errors for

• email exists
• incorrect email or password

• django tests need to listen on environment variables for selenium docker
• use docker-compose
• run ango container
• run selenium chrome browser

This causes issues when using selenium in remote container docker
--liveserver is deprecated

https://docs.djangoproject.com/en/1.11/releases/1.11.2/
https://docs.djangoproject.com/en/1.11/releases/1.11/#liveservertestcase-port-zero-change

User Auth

Posted to GraphQL endpoint to check if user is logged out and grab the viewer object.

If someone wouldn't mind further splitting these off into separate issues/branches that would be great.

This project can provide a url for grabbing auth token.
https://github.com/jpadilla/django-jwt-auth

AuthenticatedQuery

Happens when ever auth is required on a page or to load the viewer object and data

• user ID,
• username
• token

Sign Up

• username
• email
• password
• password confirmation

Login

• username or email
• password

Log out

Viewer object

• user account
• todos

At the moment if you attempt to curl the graphql endpoint you will see a response indicating a missing CSRF issue.

curl -X POST -H "Content-Type: application/json" -d '{"query": "{ hello }"}' http://localhost:8000/graphql

<div id="summary">
  <h1>Forbidden <span>(403)</span></h1>
  <p>CSRF verification failed. Request aborted.</p>


  <p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
  <p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for &#39;same-origin&#39; requests.</p>

</div>

This stackover flow post talks about the issue not being relevent to api usage, I'd like to use it if only for the sake of securing the admin section.

http://stackoverflow.com/questions/10741339/do-csrf-attacks-apply-to-apis

Dockerfile will be useful for those who would rather not use heroku. I personally have lots of projects using docker and it will make deploying in unison with Reango easier.

Client
Should check token is valid, a method to request new tokens should be set up.

Server
A function that validates the graphql context and reads the jwt token in the headers.

It should then return the user.id in the jwt token payload if it's valid.

Check nav bar for logged in user and routes

Sign up should work and redirect
Sign out should work and redirect
Login shouldn't work with non existent account
Login should redirect

Should allow users to reset password

will need to test email

Do the permissions have to be modified to make it public?

Lets work on it!
@saayani