Skip to content

gelinas-lambda/Sprint-Challenge-Authentication

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
api
api
 
 
auth
auth
 
 
database
database
 
 
joke-client
joke-client
 
 
jokes
jokes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
knexfile.js
knexfile.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Sprint Challenge: Authentication - Dad Jokes

Description

In this challenge, you build a real wise-guy application. Dad jokes are all the rage these days. Currently the application is trying to receive some Dad Jokes, however we are locked out.

Instructions

Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.

This is an individual assessment, please work on it alone. It is an opportunity to demonstrate proficiency in the concepts and objectives introduced and practiced in preceding days.

If the instructions are not clear, please seek support from your TL and Instructor on Slack.

The Minimum Viable Product must be completed in three hours.

Follow these steps to set up and work on your project:

  • Create a forked copy of this project.
  • Add your Team Lead as collaborator on Github.
  • Clone your forked version of the Repository.
  • Create a new Branch on the clone: git checkout -b firstName-lastName.
  • Implement the project on this Branch, committing changes regularly.
  • Push commits: git push origin firstName-lastName.

Follow these steps for completing your project.

  • Submit a Pull-Request to merge firstName-lastName branch into master on your fork. Please don't make Pull Requests against Lambda's repository.
  • Please don't merge your own pull request.
  • Add your Team Lead as a Reviewer on the Pull-request
  • Your Team Lead will count the challenge as done by merging the branch into master.

Commits

Commit your code regularly and use descriptive messages. This helps both you (in case you ever need to return to old code) and your Team Lead.

Self-Study/Essay Questions

Demonstrate your understanding of this week's concepts by answering the following free-form questions. Edit this document to include your answers after each question. Make sure to leave a blank line above and below your answer so it is clear and easy to read by your project manager.

  • What is the purpose of using sessions?

HTTP is stateless, so if the server wants to be able to identify clients and let them persist data across requests, it uses a "session" stored on their database. The client receives an HTTP Cookie, which they locally store, that allows them to access data from their server-stored-session on subsequent requests.

  • What does bcrypt do to help us store passwords in a secure manner.

bcrypt is a one-way hashing algorithm. when you hash a given string, you will always receive the same resulting "hash" string, but you can't reverse engineer the original data. This is useful for passwords because if hash them before storing, a user's password will not be compromised if the database is compromised.

  • What does bcrypt do to slow down attackers?

Hackers have "rainbow tables" of pre-calculated hashes for all possible character combinations up to a particular length using common hashing techniques. bcyrpt makes this harding by using "salt" (a secret string that is incorporated into the hash) and accumulative hasing rounds (re-hashing the hash several times). Now the hacker needs a lot of additional information (Salt and number of rounds) to be able to match passwords.

  • What are the three parts of the JSON Web Token?

Header (hash algorithm and token type) Payload (that data stored, usually including the standard subject, issue date, and expiration date of the token plus any custom properties) Signature (although anyone can decode your header and payload, they can't decode your signature without your secret)

Minimum Viable Product

Implement an User Authentication System. Hash user's passwords before saving them to the database. Use JSON Web Tokens or Sessions and Cookies to persist authentication across requests.

  • Implement the register and login functionality inside /auth/auth-router.js. A user has username and password. Both properties are required.
  • Implement the authenticate middleware inside /auth/authenticate-middleware.js.
  • Write a minimum o 2 tests per API endpoint. Write more tests if you have time.

Note: the database already has the users table, but if you run into issues, the migrations are available.

Stretch Problem

Build a front end to show the jokes.

  • Add a React client that connects to the API and has pages for Sign Up, Sign In and showing a list of Jokes.
  • Once you have the functionality down, style it!

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • JavaScript 75.3%
  • CSS 19.7%
  • HTML 5.0%