Security Updates - Githubissues

ne0fite commented 7 years ago

For Issue #73:

The back end no longer uses any cookies. All authentication / authorization is based on a JWT token in the Authorization header.

Updated login, register, and reset password to generate and return new JWT API token
Updated the login, register, and reset password front-end controllers to store the API token in browser session storage
Updated the logout front-end function to remove the API token from storage
Added authentication HTTP interceptor that adds the API token to every request, if present in session storage
Updated auth model to validate a JWT Authorization token
Removed all cookie code from API

For Issue #75:

Changed the user query to lookup by email with ILIKE instead of equals for case insensitivity.

Also refactored security functions into a Security class.

zero-degrees commented 7 years ago

angular-local-storage might be a better choice than ngStorage.

ne0fite commented 7 years ago

Agreed on angular-local-storage. It has more functionality that could be useful down the road.

ne0fite / GigKeeper