Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly authenticate endpoints #50

Open
rynoV opened this issue Apr 9, 2021 · 1 comment
Open

Properly authenticate endpoints #50

rynoV opened this issue Apr 9, 2021 · 1 comment
Assignees
@sm20

Comments

@rynoV
Copy link
Owner

rynoV commented Apr 9, 2021
edited
Loading

There's most likely more than this, we need to go through and check.
@sm20
Copy link
Collaborator

sm20 commented Apr 11, 2021
edited
Loading

If this related to fulfilling the constraint: The user making the request should be the authenticated user?

If that is the case, I skimped on the authentication intentionally because I don't see it being something rigourously tested for in our demo (via postman). Also from the perspective of the average user of our app (so, assuming there are no adversaries trying to attack our app), only the user that is logged in can CRUD their own rating.

If you deem that authentication is still required, then I could implement it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sm20 sm20

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rynoV @sm20