Creating a login page is now a very trivial task since we have all functionality set up for our application. It will be looking similar to the register page.
Login store
Create a new store src/stores/login.js with the following content:...
Comments & Discussion
T
Current method of authenticating user has flaws. Like user can set access-token from browser manually and get access to the page. How can I avoid this ?
DL
A
Matthaus, if the user even enters on a page having an invalid access token, ANY operation that needs that token if performed will make the access token be removed from localStorage.
This happens because of the interceptor we've added to bootstrap.js file, which runs whenever we receive either success or failure from an axios call.
In case of failure with 401 error (that is thrown whenever we try to reach a route that needs the access token and we either don't have it or have one that is invalid, at least second to the api) the destroyTokenAndRedirectTo from auth store gets called.
Did I miss some steps? After registering a user, I'm still on the registration page, just with the password fields blanked out and the "Login" and "Register" links still in the corner.
After an
artisan migrate:fresh, Now registering takes me to the Login page, but it looks like I'm already logged in, because the link in the corner changes to "Logout". And if I try logging in anyway, it just keeps me on the Login page and blanks out the password field. Clicking that "Logout" link takes me to the Registration page, so I guess that's working?I feel like I've got my redirects incorrect, unless they will be fixed in an upcoming lesson.
it looks like you've missed something. everything should be working properly by this point.
As it turns out, I typo'd.
In the
/src/stores/auth.jsfile, I hadconst accessToken = useStorage("access-token", "");instead ofconst accessToken = useStorage("access_token", "");Egg on my face.