scottbedard / rainlab-user-api Goto Github PK
View Code? Open in Web Editor NEWA simple and extendable HTTP API for RainLab.User plugin
License: MIT License
A simple and extendable HTTP API for RainLab.User plugin
License: MIT License
The response from creating a user should be the same as fetching the authenticated user. Right now we have inconsistent data being returned if the response is being extended.
Leaving this here as a reminder to future me, mail assertions can be cleaned up by using Alxy's mail fake.
https://gist.github.com/alxy/6e74d306be7bd0c9d1f134f34d547a44
Example usage:
public function testNewFakeMailer()
{
Mail::swap(new MailFake());
// These variables are available inside the message as Twig
$vars = ['name' => 'Joe', 'user' => 'Mary'];
Mail::send('backend::mail.invite', $vars, function($message) {
$message->to('[email protected]', 'Admin Person');
$message->subject('This is a reminder');
});
Mail::assertSent('backend::mail.invite', function (Mailable $mailable) use ($vars) {
return $mailable->viewData['name'] === 'Joe' &&
$mailable->viewData['user'] === 'Mary' &&
$mailable->hasTo('[email protected]');
});
}
We are currently returning a 500
status code when authenticating as a banned user. It is probably more appropriate to return a 405
, but there are issues with checking the throttled status of a user before authenticating them.
See this issue for more information
rainlab/user-plugin#413
Right now we're getting validation errors for account updates returned as a 500
, these should be a 422
See: https://github.com/rainlab/user-plugin/blob/master/components/Account.php#L419-L424
The password should be changed, and you should remain logged in.
The password changes, but you are not logged in.
The user should be auto activated.
The user is not activated.
The next releases will contain a breaking change to all endpoints, and will begin the official versioning of this plugin.
We are no longer going to catch our own exceptions.
In hind sight, this was never the best way to do things. Every application is going to need to handle errors for their own endpoints. Having our plugin catch its own errors forces the consuming applications to pick from the following options, both of which are pretty unappetizing.
They can adopt our exception handling strategy for consistency, giving up the ability to handle their own errors how they like.
Or they can have multiple error handling strategies. This is probably the worse of the two options, as now they would need to remember which endpoints respond which ways.
Applications should use October's default error responses. Uncaught exceptions already have explicit status codes and store necessary meta data in the headers.
As an added benefit we are opting into October's default error formatting, giving us nice stack traces in development.
Existing applications that wish to continue handling the exceptions as we previously did must now catch the exceptions themselves. As an example, adding this to your boot.php
file would catch all of our validation errors.
App::error(function(ValidationException $err) {
return [
// ...
];
});
Settings models do not fire model.getAttribute
events when the static get
method is called. Because of this, plugins are unable to define user configuration by listening for that event. For example, this would have no effect on the API.
UserSettings::extend(function($model) {
$model->bindEvent('model.getAttribute', function($attribute) {
if ($attribute === 'login_attribute') {
return UserSettings::LOGIN_USERNAME;
}
});
});
To side-step this issue, we should be able to use an instance of the settings model rather than the get
method.
// before
UserSettings::get('login_attribute', $default);
// after
UserSettings::instance()->login_attribute ?: $default;
A 422 status code should be returned with validation errors.
500 status code
Hi Scott,
I've found this repo which could be helpful in a project I'm currently working on where I need to share an auth session between a Laravel app and an OctoberCMS installation.
I've looked on the marketplace and didn't find it there so I'm asking why? Does it contain some kind of issue or that kind of stuff? Maybe I can help.
Also a little question: is it possible to disallow some routes? Basically I just want to be open the login/logout routes. I know I can prevent users to access it by creating a custom routes.php with the same routes and require it before you're but if it's directly possible in your package, it's nice!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.