- DISCLAIMER Authentication is a subject that many people spend a large amount time throughout their careers obtaining knowledge over. This is not something we expect you to have a mastery over, rather, we're preparing you to be able have an intelligent conversation about the subject.
- The objective of this challenge is to get you used to answering a few questions about Authentication.
- We also have some more reps for you to help hammer in the knowledge you've thus far learned.
- Answers to your written questions will be recorded in ANSWERS.md
- This is to be worked on alone but you can use outside resources. You can reference any old code you may have, and the React Documentation, however, please refrain from copying and pasting any of your answers. Try and understand the question and put your responses in your own words. Be as thorough as possible when explaining something.
Don't fret or get anxious. This is a no-pressure assessment designed to help us discover better ways to help you move forward and make the learning experience better for you.
Questions - Self Study - You can exercise your Google-Fu for this and any other Sprint Challenge in the future.
- Describe Middleware, Sessions (as we know them in express), bcrypt and JWT.
- What does bcrypt do in order to prevent attacks?
- What are the three parts of the JSON Web Token?
- What we have here is a wise-guy application. Dad jokes are all the rage these days.
- Our main problem with the application now is that we are trying to receive some mad dad jokes that are being requested from an external api, but we are locked out.
- Trust me, we all need these dad jokes in our lives.
- In order to be able to access our Killer Jokes you'll need to implement a User Authentication System that uses bcrypt and JWT.
cd
into the root of the project and runyarn install
.- Once you have your
node_modules
go ahead and start yourmongod
server * use eithermongod
mongod --dbpath data
flag. - Run
nodemon app.js
to start your node server. - TEST this project using
POSTMAN
. Once you finish the project, you'll be tasked to set upcors
properly for use with a client.
- The required fields are
username
(must be unique and required) andpassword
.
{
"username": "Tony@stark.com",
"password": "pepperpots"
}
- Next we'll use bcrypt to set up a
pre
hook on oursave
function for the UserSchema. - This pre save hook will act as middleware to encrypt our users passwords.
- You can also take this time to set up a
checkPassword
method that can be used for comparing user passwords later on.
- Most of the heavy lifting will be taken care of in our pre save
middleware
that we've already implemented in ouruserModel
file. - Be sure to follow instructions on creating a user and you should be set
- TEST your
/api/users
POST to ensure you can create a user with an encrypted password. - Before moving on make sure you can create a user in the DB with an encrypted pw.
- This step will be real fun. Primarily because it's built out for you already! You're welcome!
- IF your
checkPassword
function is working properly, you should get back a token from the server. - You'll need to handle this token appropriately in your next route.
- Grab your Token sent back to you in JWT format from /login.
- Send a
GET
request up to/api/jokes
with the appropriate header and token. - Without the appropriate request header you'll get an error that looks like this from the
jwt
package
{
"name": "JsonWebTokenError",
"message": "invalid signature"
}
- In order to play around with a client server app, you'll need to set up your
cors
inside ofserver.js
properly. - Using React and React Router, create a
Sign Up
,Sign In
andJokes
page. - Once you have the functionality down, you'll be able to style it up a bit and play around with the jokes etc.