Frontend is currently storing JWT token in localStorage. We should use cookies with HttpOnly, Secure and SameSite at least Lax, and maybe something more (domain etc.) idk everything about cookies hardening, will need to check mdn again.
Also, currently Auth page (login and register) do not have tests for interactions which check:
- redirects when attempted to be open when user is already registered
- that for bad input requests are not made (e.g. missing password or mismatching passwords in register)
- for good inputs requests are made (mocked) and page correctly adapts to response:
- redirects on success to account page
- displays proper error and highlights proper form parts on error (username taken, server unavailable, etc.)
So... After implementing JWT with cookies on backend, adapt frontend to use those cookies instead of localStorage and then adapt existing tests and add missing ones listed above.
Frontend is currently storing JWT token in localStorage. We should use cookies with HttpOnly, Secure and SameSite at least Lax, and maybe something more (domain etc.) idk everything about cookies hardening, will need to check mdn again.
Also, currently Auth page (login and register) do not have tests for interactions which check:
So... After implementing JWT with cookies on backend, adapt frontend to use those cookies instead of localStorage and then adapt existing tests and add missing ones listed above.