DEV Community

Elixir API and Elm SPA - Part 2

Miguel Cobá on June 16, 2018

Part 2: Adding Guardian Authentication Now we're going to add authentication to our app. As this is going to be a JSON REST API we are g...

Read full post

Michael • Jun 24 '18

This is great. Thanks to the github repo I got all tests validated. One thing: the seeded user token never seems to successfully delete:

curl --request DELETE \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer ...'

passing in the token on the seeded user always fails(401). However, if I create a new user with:

curl --request POST \
  --url http://localhost:4000/api/users \
  --header 'authorization: Bearer ' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'email=miguel%40toltec&password=miguel%40toltec&name=Miguel%20Coba'

and then I call DELETE /api/sessions whilst passing in the correct token, I get 204. So it appears ok on new users.

Miguel Cobá • Jun 25 '18

Hi Michael, I just tried and I had no problems at all loggin in the seeded user and then loggin it out.


curl --request POST \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer ' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'email=user%40toltec&password=user%40toltec'
{"meta":{"token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw"},"data":{"name":"some user","id":1,"email":"user@toltec"}}%



curl --request DELETE \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw' --verbose
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4000 (#0)
> DELETE /api/sessions HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
> authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw
>
< HTTP/1.1 204 No Content
< server: Cowboy
< date: Mon, 25 Jun 2018 21:14:48 GMT
< content-length: 11
< content-type: application/json; charset=utf-8
< cache-control: max-age=0, private, must-revalidate
< x-request-id: 2kto7btq4eeicq8l4o000731
< access-control-allow-origin: *
< access-control-expose-headers:
< access-control-allow-credentials: true
<
* Excess found in a non pipelined read: excess = 11 url = /api/sessions (zero-length body)
* Connection #0 to host localhost left intact

Are you sure that in the delete curl command, you used a valid token that you got from the loggin cur action. Maybe you used the one from my example?

Cheers

Michael • Nov 30 '18

Finally got back to this. Yes, that was the problem.

Aislan Maia • Oct 22 '18

I'm trying to execute the tests for session_controller but in my terminal is loggin out: undefined function create_user/1

I think this is because the statement setup["create_user"] in somehow is not found out by the test engine. How can I fix it?

Yokujin Yokosuka • Jun 26 '18

Is it really good idea to allow anyone to create new real users?

Miguel Cobá • Jun 26 '18

This feature allows users to signup to the app. Ideally we would offer also the option to signup with google/facebook/etc.

Yokujin Yokosuka • Jun 26 '18

Or provide some kind of user-assisted account confirmation.

Miguel Cobá • Jun 26 '18

Yes, that's correct. For this tutorial an email confirmation or any other type of user signup improvement is out of scope.

Yokujin Yokosuka • Jun 26 '18

Ok. I agree.
Maybe just add a notice about such an assumption? Just for clarification.

Miguel Cobá • Jun 26 '18

Sure