Basic auth

[sibsmc]

Branch basic_auth demonstrates basic implementation of jwt token. Would appreciate feedback about controller for users.

[sibsmc]

In order to implement authentication I have made changes to the way routes and controllers behave. The main changes are:

1. New singular resource added called profile which shows the information for the user you are currently logged in as.
2. Routing has changed so changes to users can only be made via /profile
3. Route /api_user remains. Users are created via this route, all other actions are views.
4. Wishes and experiences controllers set_api_user method changed to handle case where user id is provided via /api_user/api_user_id or when called without a user id via /profile.

I would like to know if this is a sensible way to split up actions. Once we can decide on the way we handle authentication we can look at using Devise, Passwordless or Clearence

[sibsmc]

Request merge of pull request, I have overwritten current API version as we don't want an api version without any authentication.

[olleolleolle]

Hello, and thanks for the ping!

On this giant PR, I made a ton of (similar) comments.

Pick them off, figure them out, and deal with them at your own pace - ask for a follow-up if any of them seem weird.

👍 Thanks for building this!

[sibsmc]

Thanks for reviewing @olleolleolle :-)

[sibsmc]

Hi @olleolleolle thanks for going through and making your suggestions. I have made all the changes advised. Could the request be merged now?

[dennis]

Why do we need the api_user_id param? I would expect that api user, would be current_user.

If we do need it, i think that logic should be moved to application_controller, so this controller doesn't need to be aware of this.

But I might be missing something

[sibsmc]

Hi Dennis, if you are looking up a user other then the current user than you can pass in the parameter in the url, and that parameter will be used to set the api_user

[sibsmc]

If you are looking at profile the user will always be set to current_user, but if you are looking at api_user, wishes or experiences the parameter can be supplied, if not supplied it shows information for current user

[sibsmc]

@dennis is this ok or are changes required?

[dennis]

For experiences/wishes, there is always a API User provided in the URL?

mentor-mentee-platform/server/config/routes.rb

Lines 15 to 18 in e2e790e

	resources :api_users, only: [:index, :create, :show] do
	resources :wishes, only: [:index, :show]
	resources :experiences, only: [:index, :show]
	end

Or can you leave it blank in order to use current_user?

[sibsmc]

Hi Dennis, you don't access experiences or wishes directly, it is always through a user.
profile/wishes/id_wish - returns wishes of the current user
api_users/id/wishes - returns wishes of user 'id'.
You can only create, change and delete wishes via profile.
The same goes for the experiences.

[dennis]

I have nothing else to add :)

[sibsmc]

Thanks alot for reviewing Dennis