indigotech / onboard-hugo-cruz

0 stars 0 forks source link

[Track 5/7] Create user mutation #13

Open taki-tiler-server[bot] opened 4 years ago

taki-tiler-server[bot] commented 4 years ago

In this track, you will implement a CreateUser mutation. This mutation allows authenticated users to create other users.

Step 1/3 - The authentication

Estimated time: 2 hours

Let's start by exploring the authentication. This mutation is considered an authenticated one, which means that the whoever uses it must be allowed to. The permission is granted by the token we were talking about on last track.

Create the CreateUser mutation prototype and check client authentication (again: without integrating with database, for now). Follow the steps:

  1. The prototype: it can be something like this.
mutation CreateUser($user: CreateUserInput!) {
  CreateUser(user: $user) {
    // Your return
  }
}
  1. The input. It can be something like this:
{
  "name": "User Name",
  "email": "User e-mail",
  "birthDate": "04-25-1990",
  "cpf": "XXXXXXXXXXX",
  "password": "1234qwer"
}
  1. The response: you can return either the created user or only a success message.
  2. The first thing your mutation should do after called is checking user authentication. Check the Authorization header: the client must have sent a JWT token and it should be a valid one. It's important to check if:
    • It is a JWT token
    • It has all the payload data you designed earlier
    • It's not expired
    • Its signature is correct.

NOTE: have in mind that anyone can create a JWT token with any payload data they want (remember jwt.io?), but only those who have the secret can generate the right signature. Only the server should know this secret.

  1. If the JWT token has any problem, you should return an authentication error with a message.

If everything is ok with the authentication, you can return a mocked user and go to next step to integrate with database.

hmartinsc commented 4 years ago

next

taki-tiler-server[bot] commented 4 years ago

Step 2/3 - Integrate with the database

Estimated time: 4 hours

After checking the authentication, it's time to fully integrate your mutation with the database. If provided token is valid, the server should validate the given input, and if everything is right, create a user on database. Wait, validate what? 🧐

  1. The system should not allow two or more users with the same e-mail
  2. The system should not allow a very weak password. Follow these rules:
    • It should have at least 7 characters
    • It should have at least 1 letter and 1 digit.

You can add some validations if you want. For example, minimum and maximum birth date. But the most importants are those two above.

NOTE: as we discussed, remember not to save the password as plain text on database. Use at least a good hash algorithm (with salt system, optionally).

hmartinsc commented 4 years ago

next

taki-tiler-server[bot] commented 4 years ago

Step 3/3 - Tests

Estimated time: 3 hours

Now it's time to write some tests for the new mutation. it should be easier now that you have everything setup. Remember to test every single scenario you have in mind.

Just to remember another important thing to test that didn't happen on the previous track (login): the database changes. You should not only test if the return of the mutation is the expected, but also if the database was updated as it should be. For example, if you have 4 users on the database, and you add one more, you should check on your test if there are 5 users after the mutation is called, as well as if all the new user info were properly inserted.

After you write all tests and they are running properly, you can open a PR and go to next track.

hmartinsc commented 4 years ago

next

taki-tiler-server[bot] commented 4 years ago

Click here for your next track