Elixir API and Elm SPA - Part 2

Miguel Cobá on June 16, 2018

Part 2: Adding Guardian Authentication Now we're going to add authentication to our app. As this is going to be a JSON REST API we are... [Read Full]
markdown guide

This is great. Thanks to the github repo I got all tests validated. One thing: the seeded user token never seems to successfully delete:

curl --request DELETE \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer ...'

passing in the token on the seeded user always fails(401). However, if I create a new user with:

curl --request POST \
  --url http://localhost:4000/api/users \
  --header 'authorization: Bearer ' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'email=miguel%40toltec&password=miguel%40toltec&name=Miguel%20Coba'

and then I call DELETE /api/sessions whilst passing in the correct token, I get 204. So it appears ok on new users.


Hi Michael, I just tried and I had no problems at all loggin in the seeded user and then loggin it out.

curl --request POST \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer ' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'email=user%40toltec&password=user%40toltec'
{"meta":{"token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw"},"data":{"name":"some user","id":1,"email":"user@toltec"}}%

curl --request DELETE \
  --url http://localhost:4000/api/sessions \
  --header 'authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw' --verbose
*   Trying
* Connected to localhost ( port 4000 (#0)
> DELETE /api/sessions HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
> authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0b2x0ZWMiLCJleHAiOjE1MzIzODA0NDQsImlhdCI6MTUyOTk2MTI0NCwiaXNzIjoidG9sdGVjIiwianRpIjoiYzgyNTE3YzctYWUwNS00MDI1LTkzODYtODBkOGU3Yzc0NWUxIiwibmJmIjoxNTI5OTYxMjQzLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.XG9BjARniT_uh4txCRiTFucJ1f4b70hJwUjbIqBYZIXw12guLpWgHASDNmd6-kM44MTMZQcDm96nYGB2X3dAvw
< HTTP/1.1 204 No Content
< server: Cowboy
< date: Mon, 25 Jun 2018 21:14:48 GMT
< content-length: 11
< content-type: application/json; charset=utf-8
< cache-control: max-age=0, private, must-revalidate
< x-request-id: 2kto7btq4eeicq8l4o000731
< access-control-allow-origin: *
< access-control-expose-headers:
< access-control-allow-credentials: true
* Excess found in a non pipelined read: excess = 11 url = /api/sessions (zero-length body)
* Connection #0 to host localhost left intact

Are you sure that in the delete curl command, you used a valid token that you got from the loggin cur action. Maybe you used the one from my example?



Finally got back to this. Yes, that was the problem.


I'm trying to execute the tests for session_controller but in my terminal is loggin out: undefined function create_user/1

I think this is because the statement setup["create_user"] in somehow is not found out by the test engine. How can I fix it?


Is it really good idea to allow anyone to create new real users?


This feature allows users to signup to the app. Ideally we would offer also the option to signup with google/facebook/etc.


Or provide some kind of user-assisted account confirmation.

Yes, that's correct. For this tutorial an email confirmation or any other type of user signup improvement is out of scope.

code of conduct - report abuse