- DISCLAIMER Authentication is a subject that many people spend a large amount time throughout their careers obtaining knowledge over. This is not something we expect you to have a mastery over, rather, we're preparing you to be able have an intelligent conversation about the subject.
- The objective of this challenge is to get you used to answering a few questions about Authentication.
- We also have some more reps for you to help hammer in the knowledge you've thus far learned.
- Answers to your written questions will be recorded in Answers.md
- This is to be worked on alone but you can use outside resources. You can reference any old code you may have, and the React Documentation, however, please refrain from copying and pasting any of your answers. Try and understand the question and put your responses in your own words. Be as thorough as possible when explaining something.
- Just a friendly Reminder Don't fret or get anxious about this, this is a no-pressure assessment that is only going to help guide you here in the near future. This is NOT a pass/fail situation.
Questions - Self Study - You can exercise your Google-Fu for this and any other Sprint Challenge in the future.
- Describe Middleware, Sessions (as we know them in express), bcrypt and JWT.
- What does bcrypt do in order to prevent attacks?
- What are the three parts of the JSON Web Token?
- What we have here is a wise-guy application. Dad jokes are all the rage these days.
- Our main problem with the application now is that we are trying to receive some mad dad jokes that are being requested from an external api, but we are locked out.
- Trust me, we all need these dad jokes in our lives.
- In order to be able to access our Killer Jokes you'll need to implement a User Authentication System that uses bcrypt and JWT.
cdinto the root of the project and runnpm install.- Once you have your
node_modulesgo ahead and start yourmongodserver * I recommend using themongod --dbpath dataflag. - Run
nodemon app.jsto start your node server. - TEST this project using
POSTMAN. Once you finish the project, you'll be tasked to set upcorsproperly for use with a client.
- The required fields are
username(must be unique and required) andpassword.
{
"username": "[email protected]",
"password": "pepperpots"
}
- Start in
api/utils/middlewares.js. - Follow the steps provided in the
encryptPWfunction. Once done there, head back here for further instructions. - Check out
api/controllers/user.js. There are some things to implement there. - Once you have your controller implemented, head over to your
api/routes/routes.jsfile and notice we have a controller missing. Go ahead and pass in this controller. - TEST your
/api/userPOST to ensure you can create a user with an encrypted password.
- This step will be real fun.
- Head over to your
comparePWfunction inapi/utils/middlwares.jsand follow the instructions for the that piece of loginmiddleware. - Once you have compared passwords with
bcrypt, you'll need to**ENSURE THAT**you have set thereq.usernameas the user'susername. Without it, yourlogin controllerwon't know what to do and you'll receive this error:
error: 'no username check your comparePW middleware'
- Grab your Token sent back to you in JWT format from /login.
- Send a
GETrequest up to/api/jokeswith the appropriate - Without the appropriate request you'll get an error that looks like this from the
jwtpackage
{
"name": "JsonWebTokenError",
"message": "invalid signature"
}
- In order to play around with a client server app, you'll need to set up your
corsinside ofserver.jsproperly. - Using React and Redux and React Router, create a
Sign Up,Sign InandJokespage. - Once you have the functionality down, you'll be able to style it up a bit and play around with the jokes etc.