Open taki-tiler-server[bot] opened 4 years ago
next
After checking the authentication, it's time to fully integrate your mutation with the database. If provided token is valid, the server should validate the given input, and if everything is right, create a user on database. Wait, validate what? 🧐
You can add some validations if you want. For example, minimum and maximum birth date. But the most importants are those two above.
NOTE: as we discussed, remember not to save the password as plain text on database. Use at least a good hash algorithm (with salt system, optionally).
next
Now it's time to write some tests for the new mutation. it should be easier now that you have everything setup. Remember to test every single scenario you have in mind.
Just to remember another important thing to test that didn't happen on the previous track (login): the database changes. You should not only test if the return of the mutation is the expected, but also if the database was updated as it should be. For example, if you have 4 users on the database, and you add one more, you should check on your test if there are 5 users after the mutation is called, as well as if all the new user info were properly inserted.
After you write all tests and they are running properly, you can open a PR and go to next track.
next
Click here for your next track
In this track, you will implement a
CreateUser
mutation. This mutation allows authenticated users to create other users.Step 1/3 - The authentication
Estimated time: 2 hours
Let's start by exploring the authentication. This mutation is considered an authenticated one, which means that the whoever uses it must be allowed to. The permission is granted by the token we were talking about on last track.
Create the
CreateUser
mutation prototype and check client authentication (again: without integrating with database, for now). Follow the steps:Authorization
header: the client must have sent a JWT token and it should be a valid one. It's important to check if:NOTE: have in mind that anyone can create a JWT token with any payload data they want (remember jwt.io?), but only those who have the secret can generate the right signature. Only the server should know this secret.
If everything is ok with the authentication, you can return a mocked user and go to next step to integrate with database.