auth

Author: danielabar

README.md

@@ -34,6 +34,10 @@
     - [Lazy Loading](#lazy-loading)
   - [API Communication](#api-communication)
     - [Receiving Data](#receiving-data)
+    - [JWT](#jwt)
+    - [Authentication Call](#authentication-call)
+    - [Authentication Status](#authentication-status)
+    - [Intercept Requests](#intercept-requests)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -703,3 +707,72 @@ Note Vue automatically sanitizes html. If html is being returned from an api and
 <h3 slot="title" v-html="post.title.rendered"></h3>
 <span slot="content" v-html="post.excerpt.rendered"></span>
 ```
+
+### JWT
+
+Will add login feature so (authenticated) users can post data to the server. Will use JWT (json web token).
+
+User sends username and password to server, which if valid, responds with tokenExpiration and a token.
+
+User then sends this token along with every subsequent request.
+
+Server generates token with a secret key. i.e. user an only read data sent, but cannot create own token or edit it because doesn't know the secret key.
+
+Add login method to service layer than will resolve or reject.
+
+### Authentication Call
+
+In script of Login component, import appService.
+
+Bind data to template using `v-model` directive, so that every time input values change (from user typing in form), the corresponding parameters in the Vue data will be updated.
+
+```javascript
+import appService from '../app-service.js'
+export default {
+  data() {
+    return {
+      username: '',
+      password: ''
+    }
+  }
+}
+```
+
+```html
+<input v-model="username" class="input" type="text" placeholder="Your username">
+<input v-model="password" class="input" type="password" placeholder="Your password">
+```
+
+When user clicks login button, run the component's login method, using `v-on:` directive and the `click` parameter:
+
+```html
+<button v-on:click="login" class="button is-primary">Login</button>
+```
+
+```javascript
+methods: {
+  login () {
+    appService.login({username: this.username, password: this.password})
+      .then((data) => {
+        window.localStorage.setItem('token', data.token)
+        window.localStorage.setItem('tokenExpiration', data.expiration)
+      })
+      .catch(() => window.alert('Could not login!'))
+  }
+}
+```
+
+Test with `bill/vuejs`
+
+### Authentication Status
+
+Add another property to data section of Login `isAuthenticated`. Populate it in `created` method, setting to true if expiration token exists in local storage and its in the future relative to current date.
+
+Then in template, use `v-if` directive to only display a welcome message if user is authenticated.
+
+For better security, add CSRF token and captcha to discourage bots (not covered in this course).
+
+
+### Intercept Requests
+
+Add `getProfile` method to service layer, and watcher for `isAuthenticated` in Login.vue. When `isAuthenticated` becomes true, run `getProfile` method. However, will get 401 from server because the jwt token was not included as a request header. Add axios request interceptor to always add it.

src/app.service.js

@@ -2,6 +2,18 @@ import axios from 'axios'
 
 axios.defaults.baseURL = 'https://api.fullstackweekly.com'
 
+axios.interceptors.request.use(function (config) {
+  // future server side rendering - will not have window object so exit early
+  if (typeof window === 'undefined') {
+    return config
+  }
+  const token = window.localStorage.getItem('token')
+  if (token) {
+    config.headers.Authorization = `Bearer ${window.localStorage.getItem('token')}`
+  }
+  return config
+})
+
 const appService = {
   getPosts (categoryId) {
     return new Promise((resolve) => {
@@ -10,6 +22,24 @@ const appService = {
           resolve(response.data)
         })
     })
+  },
+  login (credentials) {
+    return new Promise((resolve, reject) => {
+      axios.post('/services/auth.php', credentials)
+        .then(response => {
+          resolve(response.data)
+        }).catch(response => {
+          reject(response.status)
+        })
+    })
+  },
+  getProfile () {
+    return new Promise((resolve) => {
+      axios.get('/services/profile.php')
+        .then(response => {
+          resolve(response.data)
+        })
+    })
   }
 }
 

src/theme/Login.vue

@@ -1,41 +1,101 @@
 <template>
   <div class="content">
-  	<h2>Login</h2>
-  	<div class="field is-horizontal">
-  		<div class="field-label is-normal">
-  		  <label class="label">Username</label>
-  		</div>
-  		<div class="field-body">
-  		  <div class="field">
-  			<div class="control">
-  			  <input class="input" type="text" placeholder="Your username">
-  			</div>
-  		  </div>
-  		</div>
-  	</div>
-  	<div class="field is-horizontal">
-  		<div class="field-label is-normal">
-  		  <label class="label">Password</label>
-  		</div>
-  		<div class="field-body">
-  		  <div class="field">
-  			<div class="control">
-  			  <input class="input" type="password" placeholder="Your password">
-  			</div>
-  		  </div>
-  		</div>
-  	</div>
-  	<div class="field is-horizontal">
-  		<div class="field-label">
-  		  <!-- Left empty for spacing -->
-  		</div>
-  		<div class="field-body">
-  		  <div class="field">
-  			<div class="control">
-  			  <button class="button is-primary">Login</button>
-  			</div>
-  		  </div>
-  		</div>
-  	</div>
+    <div v-if="isAuthenticated">
+      Hello authenticated user!
+      <p>Name: {{profile.firstName}}</p>
+      <p>Favorite Sandwich: {{profile.favoriteSandwich}}</p>
+      <button v-on:click="logout" class="button is-primary">Logout</button>
+    </div>
+    <div v-else>
+      <h2>Login</h2>
+      <div class="field is-horizontal">
+        <div class="field-label is-normal">
+          <label class="label">Username</label>
+        </div>
+        <div class="field-body">
+          <div class="field">
+            <div class="control">
+              <input v-model="username" class="input" type="text" placeholder="Your username">
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="field is-horizontal">
+        <div class="field-label is-normal">
+          <label class="label">Password</label>
+        </div>
+        <div class="field-body">
+          <div class="field">
+            <div class="control">
+              <input v-model="password" class="input" type="password" placeholder="Your password">
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="field is-horizontal">
+        <div class="field-label">
+          <!-- Left empty for spacing -->
+        </div>
+        <div class="field-body">
+          <div class="field">
+            <div class="control">
+              <button v-on:click="login" class="button is-primary">Login</button>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
   </div>
 </template>
+
+<script>
+  import appService from '../app.service.js'
+  export default {
+    data () {
+      return {
+        username: '',
+        password: '',
+        isAuthenticated: false,
+        profile: {}
+      }
+    },
+    watch: {
+      isAuthenticated: function (val) {
+        if (val) {
+          appService.getProfile()
+            .then(profile => {
+              this.profile = profile
+            })
+        } else {
+          this.profile = {}
+        }
+      }
+    },
+    methods: {
+      login () {
+        appService.login({username: this.username, password: this.password})
+          .then((data) => {
+            window.localStorage.setItem('token', data.token)
+            window.localStorage.setItem('tokenExpiration', data.expiration)
+            this.isAuthenticated = true
+            // make sure login form will be empty if user wants to log in again
+            this.username = ''
+            this.password = ''
+          })
+          .catch(() => window.alert('Could not login!'))
+      },
+      logout () {
+        window.localStorage.setItem('token', null)
+        window.localStorage.setItem('tokenExpiration', null)
+        this.isAuthenticated = false
+      }
+    },
+    created () {
+      let expiration = window.localStorage.getItem('tokenExpiration')
+      let unixTimestamp = new Date().getTime() / 1000
+      if (expiration !== null && parseInt(expiration) - unixTimestamp > 0) {
+        this.isAuthenticated = true
+      }
+    }
+  }
+</script>