Add authentication logic

[jGleitz]

Branch: HelfenKannJeder/come2help-web: feature/authentication-logic

TODOs

• [x] Installation
• [x] Setup
• [x] Get clientId for Facebook, Google Plus, Instagram, etc. (optional. Does @valentinz have specific accounts? HowTo)
• [x] Add resolve to routes (RouteProvider doc, Example)
  • [x] skipIfLoggedIn
  • [x] loginRequired
• [x] Create login form (Example)
  • [x] Controller
  • [x] Partial
• [x] Send POST request on login form submit satellizer does that already
• [x] Receive JSON Web Token and save it to local storage
• [ ] Coordinate with backend regarding configuration of login with Email and Password (see below)
• [x] Logout Controller

Default configuration of satellizer for login with Email and Password

$authProvider.httpInterceptor = function() { return true; },
$authProvider.withCredentials = true;
$authProvider.tokenRoot = null;
$authProvider.cordova = false;
$authProvider.baseUrl = '/';
$authProvider.loginUrl = '/auth/login';
$authProvider.signupUrl = '/auth/signup';
$authProvider.unlinkUrl = '/auth/unlink/';
$authProvider.tokenName = 'token';
$authProvider.tokenPrefix = 'satellizer';
$authProvider.authHeader = 'Authorization';
$authProvider.authToken = 'Bearer';
$authProvider.storageType = 'localStorage';

[BassT]

The login data is submitted in plain text. Is that a problem?

{"email":"sebastian.max.richter@gmail.com","password":"asdasd"}

[jGleitz]

The login data is submitted in plain text. Is that a problem?

We’re using SSL, so I guess not. I thought about it and I’m pretty sure not security gain can be achieved by hashing the password on the client side.

Plus, if that puts your mind at ease, Facebook submits passwords in plain text too ;)