CH-17: How do I create a new user without an existing one. No token = no user?

[ademars94]

Fixed

[sahibjotsaggu]

@ademars94 How did you fix this issue?

[ademars94]

@sahibjotsaggu You need to go into ./app/routes/api.js and find the routing code for '/users'. In this code, the .post() code block is AFTER the authentication middleware. To solve the issue, you need to create another route to '/users' BEFORE the authentication middleware and put the .post() code block there.

Like this:

// POST to '/users' (token check happens AFTER this route, so it IS NOT protected)
apiRouter.route('/users')
  .post({
    // Create and save new user
  })

// Route to obtain token
apiRouter.post('/authenticate', function(req, res) {
  // Creates a token for valid user/password
}

// Route middleware to verify a token
apiRouter.use(function(req, res, next) {
  // Checks for valid token on all requests AFTER THIS POINT
}

// GET user index (token check happens BEFORE this route, so it IS protected)
apiRouter.route('/users')
  .get({
    // Sends a response with the user index data
  })

The reason you need to do this is because when you are trying to create a new user, you don't have an authentication token (since only users can get tokens). Protecting the route for creating new users makes no sense, so we move it before the token check / authentication logic. HOWEVER, you should keep the .get() block BELOW the authentication. You don't want unauthenticated users to be able to access the user index, but you want them to be able to create accounts. If you have any questions let me know.

[ademars94]

@sevilayha I am going to create a pull req for this issue, as I think this fix should be made. I remember having a very hard time figuring this out when I was doing the tutorial.

[sahibjotsaggu]

@ademars94 Thanks for that! Ya, I figured that was the problem but I thought they would've thought about this when writing the book lol