Closed FengBryan closed 2 years ago
@MiffyLiye I will patch a commit for issues
@MiffyLiye I will patch a commit for issues
it's OK to propose a plan or analyze the root cause in comments, not necessary to implement.
@MiffyLiye PTAL
@FengBryan The implementation looks OK. Can you choose one open question below and provide some thoughts? Just share some thoughts, doesn't need to be perfect.
@FengBryan The implementation looks OK. Can you choose one open question below and provide some thoughts? Just share some thoughts, doesn't need to be perfect.
- Can you suggest how to know if API document is up to date?
- Can you find the root cause why password verification is skipped? How to help other team members avoid this in the future?
Can you suggest how to know if API document is up to date?
Reflect
, so the swagger doc will be up to date. This is automatic, no need to change manuallyv1 => v2
. If previous version will be deprecated, should note the doc item to deprecateCan you find the root cause why password verification is skipped? How to help other team members avoid this in the future?
bcrypt
module for password validate, but i forgot it behavior. I thought it will throw error when compared fail. But it returned a boolean to sign success or fail. I just use compare but missed the return value, so it will login successfully when given invalid user info.Thanks guys, very thorough discussion here, pretty good enough for our evaluation. I'm closing this PR, we will get back to you soon @FengBryan
Hello, I'm Tao from Wiredcraft, I will review the code and ask some questions.
userName
field name, while login API usesusername
field name, while in API document, they both useuserName
. Can you suggest how to know if API document is up to date?userId
, but doesn't use same password, and login can also get 201 status code. Can you find the root cause why password verification is skipped?