Lab 10 Solution

A Simple User Login System

Using the concepts learned on authentication, middleware, etc, you will implement a basic user system with only a few routes.

This lab requires a good deal of planning, but relatively little code to be written out. You will implement your own user login

system, without using node modules like Passport.

Your Routes

GET /

The root route of the application will do one of two things:

1. If the user is authenticated, it will redirect to /private

2. If the user is not authenticated, it will render a view with a login screen for a username and password. The form used to submit to the server must have an id of login-form . The input for the username must have a name of username ; the input for the password must have a

name of password .

An authenticated user should not ever see the login screen.

POST /login

This route is simple: posting to this route will attempt to log a user in with the credentials they provide in the login form.

If the user provides a successful username / password combination, you will set a cookie named AuthCookie . This cookie must be named AuthCookie or your assignment will receive a major point deduction. After logging in, you will redirect the user to the /private route.

If the user does not provide a valid login, you will render the login screen once again, and this time show an error message to the user explaining that they did not provide a valid username / password.

GET /private

This route will be simple, as well. You will protect the /private route with your authentication middleware to only allow valid, logged in users to see this page. If a user is not logged in, you will return an HTML page saying that the user is not logged in, and the page must issue a status code of 403 .




If the user is logged in, you will make a simple view that displays all details except the password for the currently logged in

user.

GET /logout

This route will expire the AuthCookie and inform the user that they have been logged out. It will provide a URL to the /

route.

Users

You will use the following information to compose your users. For the sake of this assignment and focusing on

authentiction, you will store them in memory and not in a database; the data module methods you create to access and

search for your users must, however, return promises.

For example, you may store, in your users.js file, something like this:

const users = [

{ _id: "1245325124124", username: "masterdetective123", hashedPassword: "THE HASH", firstName: "Sherlo

ck", lastName: "holmes" }, // etc, dont forget the other data

{ _id: "723445325124124", username: "lemon", hashedPassword: "THE HASH", firstName: "Elizabeth", lastN

ame: "Lemon" }, // etc, dont forget the other data

]

Remember, all passwords must be hashed at all times using an algorithm such as bcrypt

You do not need to create a signup form for users! Simply add these users, with any associated data you may need, with

hashed passwords to an array in memory.

For the sake of simplicity of the assignment, I have supplied you with bcrypted passwords through 16 salt rounds. You may

hardcode the hashes, but not the actual passwords, in your data modules. The passwords listed below are the passwords

you will input into the login form that need to work.

User 1: Sherlock Holmes

username: masterdetective123

First Name: Sherlock

Last Name: Holmes

Profession: Detective

Bio: Sherlock Holmes (/ˈʃɜːrlɒk ˈhoʊmz/) is a fictional private detective created by British author Sir Arthur Conan Doyle.

Known as a "consulting detective" in the stories, Holmes is known for a proficiency with observation, forensic science, and

logical reasoning that borders on the fantastic, which he employs when investigating cases for a wide variety of clients,

including Scotland Yard.

Password: elementarymydearwatson

Hashed Password: $2a$16$7JKSiEmoP3GNDSalogqgPu0sUbwder7CAN/5wnvCWe6xCKAKwlTD.




User 2: Liz Lemon

username: lemon

First Name: Elizabeth

Last Name: Lemon

Profession: Writer

Bio: Elizabeth Miervaldis "Liz" Lemon is the main character of the American television series 30 Rock. She created and

writes for the fictional comedy-sketch show The Girlie Show or TGS with Tracy Jordan.

Password: damnyoujackdonaghy

Hashed Password: $2a$16$SsR2TGPD24nfBpyRlBzINeGU61AH0Yo/CbgfOlU1ajpjnPuiQaiDm

User 3: Harry Potter

username: theboywholived

First Name: Harry

Last Name: Potter

Profession: Student

Bio: Harry Potter is a series of fantasy novels written by British author J. K. Rowling. The novels chronicle the life of a young

wizard, Harry Potter, and his friends Hermione Granger and Ron Weasley, all of whom are students at Hogwarts School of

Witchcraft and Wizardry . The main story arc concerns Harry's struggle against Lord Voldemort, a dark wizard who intends to

become immortal, overthrow the wizard governing body known as the Ministry of Magic, and subjugate all wizards and

Muggles.

Password: quidditch

Hashed Password: $2a$16$4o0WWtrq.ZefEmEbijNCGukCezqWTqz1VWlPm/xnaLM8d3WlS5pnK

General Note

For the sake of grading properly, when you start your server, please have the process send the following message after the

app was listening on the proper port:

if (process && process.send) process.send({done: true}); // ADD THIS LINE

Like so:

app.listen(3000, function() {

console.log("Your server is now listening on port 3000! Navigate to http://localhost:3000 to access




if (process && process.send) process.send({done: true}); // ADD THIS LINE

});

We will be unable to grade your assignments properly without this line.

Requirements

1. All general requirements from previous labs apply.