[Solved] CSE312 Homework5- Authentication

For this assignment you’ll use docker-compose for all the objectives. Your docker-compose.yml file should run a database container and a container for your app that maps local port 8080 to your app. Use this database to store all persistent data needed throughout this assignment. Unless specified otherwise, all data should persist after a server restart.

Objective 1: First Visit Cookie

Use a cookie to give your users a different experience when they visit your site for the first time.

The first time a user visits your home page, show this message at the top of the page and set a cookie:

<h1>Welcome!</h1>

When the user visits the page again with the cookie set, display this message.

<h1>Welcome Back!</h1>

Note: As always, you can personalize these messages if you’d like as long as it’s clear to the grader what is being changed after the first visit.

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/
3. Verify that the welcome message is displayed on the page
4. Refresh the page
5. Verify that the welcome back message appears on the page

Objectives 2/3: Authentication

Note: This objective is worth double points and counts as both objectives 2 and 3.

Add authentication to your app. This must include 2 forms:

• A registration from: Used when a user creates an account by entering a username and password
• A login form: Used to login after a user creates an account by entering the same username and password that was used when they registered

You have much flexibility in how you create these forms. You can use an HTML form element with url or multipart encodings, or process the form using JavaScript to send an AJAX request.

When a user sends a registration request, store their username and a salted hash of their password in your database.

Security: Never store plain text passwords. You must only store salted hashes of your users’ passwords. It is strongly recommended that you use the bcrypt library to handle salting and hashing.

When a user sends a login request, authenticate the request based on the data stored in your database. If the [salted hash of the] password matches what you have stored in the database, the user is authenticated. When a user is authenticated, display this message on the page that loads when the form is submitted (or on the current page if you’re using AJAX).

<h1>You logged in</h1>

If the user is not authenticated (Either the hash did not match or the username does not exists), display this message

<h1>Login failed</h1>

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/
3. Find the registration form and register a username/password
4. Navigate back to http://localhost:8080/ if a different page loaded after the form submission
5. Find the login form and enter the same username, but an incorrect password
6. Verify that the page acknowledges that your login failed
7. Back on http://localhost:8080/ submit the login form again with the correct username and password from the registration step
8. Verify that the page acknowledges that you’ve logged in
9. Restart the server with “docker-compose restart”
10. Login again with the correct username/password (If objective 4 is complete, verify that the user is still logged in and skip steps 10&11)
11. Verify that the page acknowledges that you’ve logged in

Objective 4: Authentication Tokens

When a user successfully logs in, set a session token as a cookie for that user. These tokens must be stored in your database. If this cookie is set with a valid token, your home page should display the message.

<h1>You are logged in as <username></h1>

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/
3. Find the registration form and register a username/password
4. Navigate back to http://localhost:8080/ if a different page loaded after the form submission
5. Find the login form and enter the same username/password from the registration step
6. Verify that the page acknowledges that you’re logged in and mentions your username
7. Refresh the page and verify that the message containing your username still appears
8. Restart the server with “docker-compose restart”
9. Navigate to http://localhost:8080/
10. Refresh the page and verify that the message containing your username still appears

Bonus Objective: Password Requirements

When a user registers, check their password for a variety of conditions. If all the conditions are met, register the user. If any conditions are not met, do not register the user and display a message mentioning that their password does not meet your criteria. These checks must be made on your server.

At minimum, these requirements must include:

1. A minimum length of 8
2. At least 1 lowercase character
3. At least 1 uppercase character
4. At least 1 number
5. At least 1 special character
6. At least 1 additional criteria of your choosing

Whatever you choose for your criteria must be clearly displayed on your app (Display all criteria, not just your additional criteria).

Testing Procedure

1. Start your server with “docker-compose up”
2. Open a browser and navigate to http://localhost:8080/
3. Find the registration form and register a username/password that does not meet all the displayed criteria
4. Verify that the site displays a message saying the password was not acceptable