Given a request with valid user details (ie email, password), when the user registers, then the system should create a new user account with a 201 created status code.
Unique Email
Given a email that already exists, when the user tries to register, then the system should return a 400 bad request error status with an appropriate error message
Password Encryption
Given a user registration request, when the user registers, then the system should store the password in an encrypted form.
Given a request with valid email and password, when the user logs in, the system should authenticate the user and provide a token.
Given a request with invalid email or password, when the user logs in, then the system should return a 401 Unauthorized status.
Token Generation
Given valid login credentials, when the user logs in, the system should generate a JWT token.
Token Expiry
The generated token should have an expiry time configured - 1 hour.
Given an expired token, when the user tries to access a protected route, then the system should return a 401 Unauthorized status.
Request
POST /api/auth/login
{
"email": String,
"password": String,
}
Successful Response
{
"accessToken": String,
"expiresIn": Int,
}
Accessing Protected Routes
Authorization Header
Given a valid token in the Authorization header, when the user accesses a protected route, then the system should allow access and return the requested data.
Given a request without an Authorization header or with an invalid token, when the user accesses a protected route, then the system should return 401 Unauthorized status.
Role-based access control ?? (TBD: not sure if this is needed for boiler-plates)
Error Handling
Invalid Credentials
When the user logs in, then the system should return a 401 Unauthorized status with an appropriate error message.
Acceptance Criteria
User Registration [POST]
/api/auth/register
email
,password
), when the user registers, then the system should create a new user account with a 201 created status code.Request
Successful Response
Error Response
User Login [POST]
/api/login
Request
Successful Response
Accessing Protected Routes
Error Handling
Testing