Merge pull request #211 from deanblackborough/v2.18.0

v2.18.0

.docker/api/Dockerfile

@@ -11,27 +11,6 @@ RUN pecl install -o -f redis \
 &&  rm -rf /tmp/pear \
 &&  docker-php-ext-enable redis
 
-ARG WITH_COMPOSER=false
-
-RUN if [ $WITH_COMPOSER = "true" ] ; then \
-    curl -o /tmp/composer-setup.php https://getcomposer.org/installer \
-    && curl -o /tmp/composer-setup.sig https://composer.github.io/installer.sig \
-    && php -r "if (hash('SHA384', file_get_contents('/tmp/composer-setup.php')) !== trim(file_get_contents('/tmp/composer-setup.sig'))) { unlink('/tmp/composer-setup.php'); echo 'Invalid installer' . PHP_EOL; exit(1); }" \
-    && php /tmp/composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer \
-    && rm -f /tmp/composer-setup.*; \
-fi ;
-
-ARG WITH_XDEBUG=false
-
-RUN if [ $WITH_XDEBUG = "true" ] ; then \
-    pecl install xdebug; \
-    docker-php-ext-enable xdebug; \
-    echo "error_reporting = E_ALL" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \
-    echo "display_startup_errors = On" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \
-    echo "display_errors = On" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \
-    echo "xdebug.remote_enable=1" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; \
-fi ;
-
 RUN chown -R www-data:www-data /var/www/html \
     && a2enmod rewrite
 

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 The complete changelog for the Costs to Expect REST API, our changelog follows the format defined at https://keepachangelog.com/en/1.0.0/
 
+## [v2.18.0] - 2021-01-27
+### Added
+- We have opened up registration on the API; you can register, login, and use all the expected authentication features.
+- We have added notification emails for registration and forgot password requests.
+
+### Changed
+- We have switched to Laravel Sanctum and removed all references to Laravel Passport, Sanctum makes more sense for our API.
+- We have updated to Laravel version 8.
+- We have tweaked our Docker setup and removed composer and phpunit.
+- Content updates
+
 ## [v2.17.1] - 2020-11-28
 ### Changed
 - We have added the `X-Last-Updated` header to the `resource-types`, `resources`, `categories`, `subcategories`, `items` and `resource items` collection routes.

README.md

@@ -4,11 +4,11 @@
 
 Costs to Expect is a service which focuses on tracking and forecasting expenses. 
 The Costs to Expect API is the backbone of the service and is not going to be 
-limited to expenses; however, we figured that it was an excellent place to start. 
+limited to tracking expenses; however, we figured that it was an excellent place to start. 
 
 ## Documentation
 
-The documentation for Costs to Expect API can be found at 
+The documentation for the Costs to Expect API can be found at 
 [postman.costs-to-expect.com](https://postman.costs-to-expect.com?version=latest). 
 
 ### The App
@@ -20,7 +20,8 @@ The [alpha](https://app.costs-to-expect.com) for the service is online, we are
  to see how we are progressing. 
 
 ### The Website
-A small part of the service is tracking the costs to raise a child in the UK, 
+
+A small part of the service is tracking our costs to raise our children in the UK, 
 more detail can be found at [Costs to Expect](https://www.costs-to-expect.com).
 
 ## Set up
@@ -37,7 +38,7 @@ directory and run the below.
 * $ `docker-compose build`
 * $ `docker-compose up`
 
-*We include a network for local development purposed, I need the Costs to Expect 
+*We include a network for local development purposes, I need the Costs to Expect 
 Website and App to communicate with a local API. You probably don't need this 
 so remove the network section from the docker-compose file and don't create the 
 network.*
@@ -60,12 +61,12 @@ drivers have been set to our defaults, sessions, cache, and the queue default to
 * `docker-compose exec api composer install` 
 * `docker-compose exec api php artisan key:generate`
 * `docker-compose exec api php artisan migrate`
-* `docker-compose exec api php artisan passport:install`
 * `docker-compose exec api php artisan queue:work`
 * Run an OPTIONS request on `http://[your.domail.local:8080]/v2/resource_types`, you will see an OPTIONS response, 
 alternatively a GET request to `http://[your.domail.local:8080]/v1` will show all the defined routes.
-* You can add a development user by POSTing to `http://[your.domail.local:8080]/v2/auth/register`. A bearer will be in the 
- response from POSTing to `http://[your.domail.local:8080]/v2/auth/login` - you will need a bearer for all the routes that require authentication.
+* You can create a user by POSTing to `http://[your.domail.local:8080]/v2/auth/register`. 
+* You create a password by POSTing a password and password_confirmation to the URI register response. 
+* You login by posting to `http://[your.domail.local:8080]/v2/auth/login` - you will need a bearer for all the routes that require authentication.
 * Our API defaults to Mailgun, populate `MAILGUN_DOMAIN` and `MAILGUN_SECRET` with the relevant values from your account, 
 you will also need to set `MAIL_FROM_ADDRESS` and `MAIL_TO_ADDRESS`. You may need to set `Authorized Recipients` in Mailgun. 
 
@@ -77,30 +78,13 @@ you will also need to set `MAIL_FROM_ADDRESS` and `MAIL_TO_ADDRESS`. You may nee
 * Successful PATCH requests will return 204.
 * Successful DELETE requests will return a 204.
 * Non 2xx results will return an object with a message field and optionally a fields array. When we 
-return a validation error, the response will be 422 and the fields array will contain the validation errors.
+return a validation error, the response will be 422 and include a fields array which will contain any validation errors.
 
 ### Caching
 
 We include local level caching in the API, as time goes on we will move towards
 conditional caching, specifically including an Etag header and returning a 304 response.
 
-The TTL for the cache types is a below. As expected, caches will be 
-invalidated if the API detects a change.
-
-#### Collections
-
-- Item types: One year
-- Resource types: One week
-- Partial transfers: One week
-- Transfers: One week
-- Permitted users: One month
-- Categories: One month
-- Subcategories: One month
-- Resources: One week
-- Items: One week
-- Item categories: One week
-- Item subcategories: One week
-
 ## Headers
 
 Responses will include multiple headers, the table below details the intention 
@@ -116,23 +100,29 @@ behind each of our custom headers.
 | X-Link-Previous | Pagination: URI for previous result set if relevant |
 | X-Link-Next | Pagination: URI for next result set if relevant |
 | X-Link-Next | Pagination: URI for next result set if relevant |
+| X-Last-Updated | The last time the collection was updated |
 | X-Sort | Sort options applied to request after validation |
 | X-Search | Search options applied to request after validation |
 | X-Parameters | Request parameters applied to request after validation |
 
 ## Routes
 
-Access to a route will be limited based upon your permitted resource types. 
-When you create a resource type you have full access to everything below, 
-additionally, the same is true if you are assigned to a resource type.
+Access to a route will be limited based upon a users permitted resource types. 
+When you create a resource type you have full access to everything below it, 
+additionally, the same is true if you are assigned as a permitted user to a resource type.
 
 | HTTP Verb(s) | Route |
 | :--- | :--- |
 | GET/HEAD | v2/ |
 | OPTIONS  | v2/ | 
+| GET/HEAD | v2/auth/check |
+| POST     | v2/auth/create-password | 
+| POST     | v2/auth/create-new-password  |
+| POST     | v2/auth/forgot-password  |
 | POST     | v2/auth/login |
 | POST     | v2/auth/register  |
-| GET/HEAD | v2/auth/check |
+| POST     | v2/auth/update-password  |
+| POST     | v2/auth/update-profile  |
 | GET/HEAD | v2/auth/user |
 | GET/HEAD | v2/changelog |
 | OPTIONS  | v2/changelog |
@@ -221,12 +211,13 @@ additionally, the same is true if you are assigned to a resource type.
 
 ## Summary routes
 
-Eventually, there will be a summary route for every API GET endpoint. Until 
-that point, the summary routes that exists are detailed below. Some use GET 
+Eventually, there will be a summary route for every API collection GET endpoint. Until 
+that point, the summary routes that exists are detailed below. Some allow GET 
 parameters to breakdown the data, one example being 
-`v2/summary/resource-types/{resource_type_id}/items`. Review the OPTIONS 
-request for each summary route to see the supported parameters, these should 
-largely match the non summary route.
+`v2/summary/resource-types/{resource_type_id}/items`. 
+
+Review the OPTIONS request for each summary route to see the supported parameters, these should 
+largely match the matching non-summary route.
 
 | HTTP Verb(s) | Route |
 | :--- | :--- |