Authentication System
This document details the authentication system used in the Digibit ERP system, which handles user authentication, session management, and profile management.
Overview
The Digibit application uses Supabase Auth for user authentication combined with an external backend API for additional business logic. The authentication system manages user sessions, profiles, and file storage for user avatars.
Authentication Service
AuthService (auth.service.ts)
The main service responsible for authentication functionality.
Key Properties
sessionSnapshots: BehaviorSubject containing the current authentication sessionsession: Getter that returns the current session valuesession$: Observable for subscribing to session changes
Authentication Methods
isAuthenticated()
- Purpose: Checks if a user is currently authenticated
- Return: Boolean indicating authentication status
- Logic: Verifies if session exists and is valid
initSession()
- Purpose: Initializes the user session on application startup
- Process:
- Retrieves current session from Supabase
- Refreshes session if available
- Updates session snapshot
- Usage: Called during application initialization
signInWithEmailAndPassword(email, pw)
- Purpose: Authenticates user with email and password
- Parameters:
email: User's email addresspw: User's password- Process:
- Validates input parameters
- Makes POST request to external backend
/api/auth/login - Sets session in Supabase with returned session data
- Updates local session snapshot
- Return: Promise resolving to VoidOperationResponse
signUp(email, password)
- Purpose: Registers a new user account
- Parameters:
email: User's email addresspassword: User's password- Process:
- Calls Supabase auth signup method
- Updates local session with returned session data
- Return: Promise resolving to VoidOperationResponse
signOut()
- Purpose: Logs out the current user
- Process:
- Makes POST request to external backend logout endpoint
- Calls Supabase sign out method
- Clears local session snapshot
- Note: Also sends user ID to backend for session cleanup
Profile Management
profile(user)
- Purpose: Retrieves user profile information
- Parameter:
user- Supabase user object - Process: Queries 'profiles' table in Supabase database
- Return: Profile object or null if not found
updateProfile(profile)
- Purpose: Updates user profile information
- Parameter:
profile- Profile object with updated information - Process: Performs upsert operation on 'profiles' table
File Management
downLoadImage(path)
- Purpose: Downloads user avatar images
- Parameter:
path- Path to the image in Supabase storage - Return: Downloaded file object
uploadAvatar(filePath, file)
- Purpose: Uploads user avatar images to Supabase storage
- Parameters:
filePath- Destination path in storagefile- File object to upload- Return: Upload result
Authentication Flow
Login Process
- User enters email and password in login form
signInWithEmailAndPassword()is called- Validation checks if email and password are provided
- POST request sent to external backend API (
/api/auth/login) - If successful, Supabase session is set with returned session data
- Local session snapshot is updated
- User is redirected to their dashboard/home page
Session Initialization
- Application starts and
initSession()is called - Current session retrieved from Supabase
- Session is refreshed if available
- Session snapshot is updated with refreshed session
- Application UI adjusts based on authentication status
Logout Process
- User clicks logout button
signOut()method is called- POST request sent to external backend logout endpoint with user ID
- Supabase sign out is called
- Local session is cleared
- User is redirected to login page
Security Considerations
Session Management
- Sessions are stored securely using Supabase Auth
- Session refresh mechanism ensures continued validity
- Sessions are synchronized between external backend and Supabase
Password Security
- Passwords are never stored in plain text
- Supabase handles password hashing and verification
- Password strength requirements enforced by Supabase
API Security
- Authentication tokens are included in API requests when needed
- Route guards prevent unauthorized access to protected routes
- Session validation occurs on each protected route access
Integration Points
With Components
- Header component displays login/logout options based on authentication status
- Route guards check authentication before allowing access to protected routes
- Profile components allow users to view and edit their profiles
With External Backend
- Login/logout operations communicate with external API
- Session synchronization between external backend and Supabase
- User validation performed by external backend
Error Handling
Authentication Errors
- Invalid credentials return appropriate error messages
- Network errors are caught and communicated to users
- Session expiration is handled gracefully
Profile Management Errors
- Profile update failures are reported to users
- Image upload/download errors are handled appropriately
- Validation errors for profile fields are displayed
User Experience
Login/Registration Flow
- Simple email/password authentication
- Clear error messaging for failed attempts
- Remember me functionality (if implemented)
Session Persistence
- Sessions persist across browser sessions
- Automatic session refresh maintains continuous access
- Seamless experience when switching between tabs/windows
Future Enhancements
Potential Improvements
- Social login integration (Google, Facebook, etc.)
- Two-factor authentication
- Password reset functionality
- Account lockout after failed attempts
- Session management across multiple devices
Testing Considerations
Authentication Testing
- Unit tests for authentication methods
- Integration tests for backend API communication
- End-to-end tests for complete authentication flow
- Security tests for vulnerability assessment
This authentication system provides a secure and reliable way to manage user access to the Digibit ERP system while maintaining good user experience and security practices.