Authentication System

This document details the authentication system used in the Digibit ERP system, which handles user authentication, session management, and profile management.

Overview

The Digibit application uses Supabase Auth for user authentication combined with an external backend API for additional business logic. The authentication system manages user sessions, profiles, and file storage for user avatars.

Authentication Service

AuthService (auth.service.ts)

The main service responsible for authentication functionality.

Key Properties

  • sessionSnapshots: BehaviorSubject containing the current authentication session
  • session: Getter that returns the current session value
  • session$: Observable for subscribing to session changes

Authentication Methods

isAuthenticated()
  • Purpose: Checks if a user is currently authenticated
  • Return: Boolean indicating authentication status
  • Logic: Verifies if session exists and is valid
initSession()
  • Purpose: Initializes the user session on application startup
  • Process:
  • Retrieves current session from Supabase
  • Refreshes session if available
  • Updates session snapshot
  • Usage: Called during application initialization
signInWithEmailAndPassword(email, pw)
  • Purpose: Authenticates user with email and password
  • Parameters:
  • email: User's email address
  • pw: User's password
  • Process:
  • Validates input parameters
  • Makes POST request to external backend /api/auth/login
  • Sets session in Supabase with returned session data
  • Updates local session snapshot
  • Return: Promise resolving to VoidOperationResponse
signUp(email, password)
  • Purpose: Registers a new user account
  • Parameters:
  • email: User's email address
  • password: User's password
  • Process:
  • Calls Supabase auth signup method
  • Updates local session with returned session data
  • Return: Promise resolving to VoidOperationResponse
signOut()
  • Purpose: Logs out the current user
  • Process:
  • Makes POST request to external backend logout endpoint
  • Calls Supabase sign out method
  • Clears local session snapshot
  • Note: Also sends user ID to backend for session cleanup

Profile Management

profile(user)
  • Purpose: Retrieves user profile information
  • Parameter: user - Supabase user object
  • Process: Queries 'profiles' table in Supabase database
  • Return: Profile object or null if not found
updateProfile(profile)
  • Purpose: Updates user profile information
  • Parameter: profile - Profile object with updated information
  • Process: Performs upsert operation on 'profiles' table

File Management

downLoadImage(path)
  • Purpose: Downloads user avatar images
  • Parameter: path - Path to the image in Supabase storage
  • Return: Downloaded file object
uploadAvatar(filePath, file)
  • Purpose: Uploads user avatar images to Supabase storage
  • Parameters:
  • filePath - Destination path in storage
  • file - File object to upload
  • Return: Upload result

Authentication Flow

Login Process

  1. User enters email and password in login form
  2. signInWithEmailAndPassword() is called
  3. Validation checks if email and password are provided
  4. POST request sent to external backend API (/api/auth/login)
  5. If successful, Supabase session is set with returned session data
  6. Local session snapshot is updated
  7. User is redirected to their dashboard/home page

Session Initialization

  1. Application starts and initSession() is called
  2. Current session retrieved from Supabase
  3. Session is refreshed if available
  4. Session snapshot is updated with refreshed session
  5. Application UI adjusts based on authentication status

Logout Process

  1. User clicks logout button
  2. signOut() method is called
  3. POST request sent to external backend logout endpoint with user ID
  4. Supabase sign out is called
  5. Local session is cleared
  6. User is redirected to login page

Security Considerations

Session Management

  • Sessions are stored securely using Supabase Auth
  • Session refresh mechanism ensures continued validity
  • Sessions are synchronized between external backend and Supabase

Password Security

  • Passwords are never stored in plain text
  • Supabase handles password hashing and verification
  • Password strength requirements enforced by Supabase

API Security

  • Authentication tokens are included in API requests when needed
  • Route guards prevent unauthorized access to protected routes
  • Session validation occurs on each protected route access

Integration Points

With Components

  • Header component displays login/logout options based on authentication status
  • Route guards check authentication before allowing access to protected routes
  • Profile components allow users to view and edit their profiles

With External Backend

  • Login/logout operations communicate with external API
  • Session synchronization between external backend and Supabase
  • User validation performed by external backend

Error Handling

Authentication Errors

  • Invalid credentials return appropriate error messages
  • Network errors are caught and communicated to users
  • Session expiration is handled gracefully

Profile Management Errors

  • Profile update failures are reported to users
  • Image upload/download errors are handled appropriately
  • Validation errors for profile fields are displayed

User Experience

Login/Registration Flow

  • Simple email/password authentication
  • Clear error messaging for failed attempts
  • Remember me functionality (if implemented)

Session Persistence

  • Sessions persist across browser sessions
  • Automatic session refresh maintains continuous access
  • Seamless experience when switching between tabs/windows

Future Enhancements

Potential Improvements

  • Social login integration (Google, Facebook, etc.)
  • Two-factor authentication
  • Password reset functionality
  • Account lockout after failed attempts
  • Session management across multiple devices

Testing Considerations

Authentication Testing

  • Unit tests for authentication methods
  • Integration tests for backend API communication
  • End-to-end tests for complete authentication flow
  • Security tests for vulnerability assessment

This authentication system provides a secure and reliable way to manage user access to the Digibit ERP system while maintaining good user experience and security practices.