CSE312-Homework 5-Authentication Solved

 

For this assignment you’ll use docker-compose for all the objectives. Your docker-compose.yml file should run a database container and a container for your app that maps local port 8080 to your app. Use this database to store all persistent data needed throughout this assignment. Unless specified otherwise, all data should persist after a server restart.

Objective 1: First Visit Cookie
Use a cookie to give your users a different experience when they visit your site for the first time.

 

The first time a user visits your home page, show this message at the top of the page and set a cookie:

<h1Welcome!</h1
 

When the user visits the page again with the cookie set, display this message.

<h1Welcome Back!</h1
 

Note: As always, you can personalize these messages if you’d like as long as it’s clear to the grader what is being changed after the first visit.

Testing Procedure
Start your server with “docker-compose up” 
Open a browser and navigate to http://localhost:8080/
Verify that the welcome message is displayed on the page
Refresh the page
Verify that the welcome back message appears on the page
Objectives 2/3: Authentication
Note: This objective is worth double points and counts as both objectives 2 and 3.

 

Add authentication to your app. This must include 2 forms:

 

●      A registration from: Used when a user creates an account by entering a username and password

●      A login form: Used to login after a user creates an account by entering the same username and password that was used when they registered

 

You have much flexibility in how you create these forms. You can use an HTML form element with url or multipart encodings, or process the form using JavaScript to send an AJAX request.

 

When a user sends a registration request, store their username and a salted hash of their password in your database.

 

Security: Never store plain text passwords. You must only store salted hashes of your users’ passwords. It is strongly recommended that you use the bcrypt library to handle salting and hashing.

 

When a user sends a login request, authenticate the request based on the data stored in your database. If the [salted hash of the] password matches what you have stored in the database, the user is authenticated. When a user is authenticated, display this message on the page that loads when the form is submitted (or on the current page if you’re using AJAX).

 

<h1You logged in</h1
 

If the user is not authenticated (Either the hash did not match or the username does not exists), display this message

<h1Login failed</h1
 

Testing Procedure
Start your server with “docker-compose up” 
Open a browser and navigate to http://localhost:8080/
Find the registration form and register a username/password
Navigate back to http://localhost:8080/ if a different page loaded after the form submission
Find the login form and enter the same username, but an incorrect password
Verify that the page acknowledges that your login failed
Back on http://localhost:8080/ submit the login form again with the correct username and password from the registration step
Verify that the page acknowledges that you’ve logged in
Restart the server with “docker-compose restart”
Login again with the correct username/password (If objective 4 is complete, verify that the user is still logged in and skip steps 10&11)
Verify that the page acknowledges that you’ve logged in
 

Objective 4: Authentication Tokens
When a user successfully logs in, set a session token as a cookie for that user. These tokens must be stored in your database. If this cookie is set with a valid token, your home page should display the message.

 

<h1You are logged in as <username</h1
Testing Procedure
Start your server with “docker-compose up” 
Open a browser and navigate to http://localhost:8080/
Find the registration form and register a username/password
Navigate back to http://localhost:8080/ if a different page loaded after the form submission
Find the login form and enter the same username/password from the registration step
Verify that the page acknowledges that you’re logged in and mentions your username
Refresh the page and verify that the message containing your username still appears
Restart the server with “docker-compose restart”
Navigate to http://localhost:8080/
Refresh the page and verify that the message containing your username still appears
 

Bonus Objective: Password Requirements
When a user registers, check their password for a variety of conditions. If all the conditions are met, register the user. If any conditions are not met, do not register the user and display a message mentioning that their password does not meet your criteria. These checks must be made on your server.

 

At minimum, these requirements must include:

A minimum length of 8
At least 1 lowercase character
At least 1 uppercase character
At least 1 number
At least 1 special character
At least 1 additional criteria of your choosing
 

Whatever you choose for your criteria must be clearly displayed on your app (Display all criteria, not just your additional criteria).

 

Testing Procedure
Start your server with “docker-compose up” 
Open a browser and navigate to http://localhost:8080/
Find the registration form and register a username/password that does not meet all the displayed criteria
Verify that the site displays a message saying the password was not acceptable
Submission
Submit all files for your server to AutoLab in a .zip file ( A .rar or .tar file is not a .zip file!). Be sure to include:

 

●      A Dockerfile in the root directory

●      A file named “report.txt” in the root directory explaining the architecture of your code

●      [optional] Completed HW4 objectives if you want to makeup HW4 points