- Users authentification with cookie session and JWT (Json Web Token )
Before when user want to be connected to the database he passed normal authenitification with personnal email and password and then we get user information to the database and we store it in the localstorage but this is not the rigth way to do because we introduce major security issues and we don't respect GDPR : General Data Protection Regulation. GDRP demand that user information must be securely stored
Now we use JWT token, When the user send his email and password, we first check if its a good password that he have send and the with the userId we generate a token available for 24h that the user will use in the cookie when he send http request. we also send a x-xrsf-token which is a random UID store in the session storage of the user. After his connection, each time when the user want to be connected he must send his sessionId that correspond to his token and the x-xrsf-token to prevent crsf attack Cross-Site Request Forgery
- Manage user access to some administrator page
For all routes in other to don't give access to user that don't have role, when the user access to some route, we check his role by verifying personnal informations
So for this we create 4 stores that make async http request which either returns the user role or check if the user exist and if the user is not authentificated, we clear all user session and cookie and redirect user to the database
- Fix Bug in relation user_response when user complete flashcard game
BUG: When the user completes a game, we will normally have to store his answers in this table but since the user's answer is linked to the level of the game he is playing, we must also store his level in the column corresponding to the level gambling was present in the entity. But at the time of insertion it was not sent.
So we first store the level id of the game in the current level store and when the user complete the game, the level id is also send in other to complet all column of the entity.
- Refactor code to respect camelCase convention
In the workflow we decide to respect some convention(camelCase) But in certain part of the code I have found some variable that didn't respect it!