As @Oliversw pointed out this morning, our authentication methods are actually pretty shaky.
Whether protected pages are rendered is just dependent on a boolean value in our state (which is updated after checking the login details against the Airtable API).
All it takes to access these pages, therefore, is just switching isAuthenticated to true in React dev tools :scream: :scream:
We're now researching how to remedy this. Likely gonna need JWT, bcrypt etc.! Also looking into auth0.
As @Oliversw pointed out this morning, our authentication methods are actually pretty shaky.
Whether protected pages are rendered is just dependent on a boolean value in our state (which is updated after checking the login details against the Airtable API).
All it takes to access these pages, therefore, is just switching
isAuthenticatedtotruein React dev tools :scream: :scream:We're now researching how to remedy this. Likely gonna need JWT, bcrypt etc.! Also looking into auth0.
Article: https://medium.com/@romanchvalbo/how-i-set-up-react-and-node-with-json-web-token-for-authentication-259ec1a90352