Login authentication via login API route
Closed this issue · 2 comments
It should be possible for the user to make the following POST request:
POST ./api/login username password
and to determine whether:
- The user
username
exists (is registered) - The password provided for
username
matches the decrypted password stored on the database.
If the username
does not exist, return a 400 status error. If the passwords do not match, return a 500 status error. Otherwise, if the username exists and the passwords match, let the user know that authentication has been successful.
@vprusso The intent of the user story process is to encapsulate this in the context of some end-to-end user story, not make a one-off issue for every route, though I understand the natural inclination. I might have missed this, but we should frame it in the form of a user story, so that we understand the end-to-end user interface steps that app users will go through involving this route. Let me try to frame this as a user story for you, if you give me a few minutes.
@vprusso Please refer to unitaryfund/metriq-app#18.