Description:
Currently not authenticating users or ensuring the userID is correct. This can allow unauthorised access as there is no verification of the user's identity for each request.
Fix:
Add JWT authentication to secure endpoints. The JWT containing the user ID (created at login) must be included for each protected route.
Priority: High
Status: To-Do
Expected time required to fix: 3 days
Description: Currently not authenticating users or ensuring the userID is correct. This can allow unauthorised access as there is no verification of the user's identity for each request.
Fix: Add JWT authentication to secure endpoints. The JWT containing the user ID (created at login) must be included for each protected route.
Priority: High Status: To-Do Expected time required to fix: 3 days