Update sample.http to support user creation then token generation from the new users #15
Conversation
TodoBasicWithAuth/CreateUser.cs
Outdated
| [Required] | ||
| public string Password { get; set; } | ||
|
|
||
| public bool IsAdmin { get; set; } |
There was a problem hiding this comment.
I'm not comfortable with this. I think the IsAdmin logic should stay server side. Even though this is a demo app 😄
There was a problem hiding this comment.
Ah no worries, I could revert the CreateUser back to LoginInfo so users can only be created as a regular user via the API then seed the Admin user on startup? Or is that overkill for this project?
There was a problem hiding this comment.
Either that or the first user is admin with a comment describing that.
There was a problem hiding this comment.
Reverted the insecure user creation back to the original implementation and seeded admin on startup. sample.http now works with the new approach
|
Was the resolution to this ok or should I close? Didn't want to bump as you will have plenty on but seen you had made a few commits recently and maybe missed this or thought it was still pending on my side. |
Updated the sample.http to support the creation of a regular and admin user, authenticate using each of these users, then use their tokens for the requests. The original implementation had a hard coded token that wouldn't work on a fresh run.
The change required some small changes to the AuthApi file to handle setting IsAdmin during the user creation request.
The sample.http file can now have each request run in sequence to create users, login, add, view then finally delete (as admin) an item.