Get rid of duplicated roundtrip to authenticate user.

[Fak3]

Right now we store jwt token in browser localstore after login. So our authentication process would look like this:

• User opens restricted url (for ex, private package)
• Server delivers some blank page with a js script
• Script is executed in the browser, retrieves token from localstore
• Script call the server again to fetch actual page content, but now adds retieved token to the request header.
• Server checks that token is valid, user exists and authorized to acceess the data.
• Server responds with actual restircted page content.

Not only this creates double reoundrip to the server and percieved slowness of the pageload, but also it is complicated to implement correctly and just a bad design.

We can get rid of extra roundtrip if we store the auth credentials in the cookies. We can store jwt there, but it will be much harder to implement than using ready solutions like flask-login or flask-security,

Acceptance criteria

• [ ] JWT is stored in cookies

Tasks

• [x] do analaysis

Analysis

Exploring the code history, this issue was fixed back in march in this commit https://github.com/frictionlessdata/dpr-api/commit/5fe695f131656c0bd87cc05537470ffe053c4251

To be exact adding the get_user_from_cookie() method to __init__.py.

Also see discussion here https://github.com/frictionlessdata/dpr-api/issues/292

[rufuspollock]

@subhankarb can you comment on this:

• Is this an issue?
• What are possible fixes?
• What is recommended approach?

[zelima]

FIXED / DUPLICATE was fixed with #292