GithubHelp home page GithubHelp logo

michaelbyalsky / authentication-challenge-template Goto Github PK

View Code? Open in Web Editor NEW

This project forked from suvelocity/authentication-challenge-template

1.0 0.0 0.0 334 KB

JavaScript 88.71% HTML 4.24% CSS 7.05%

authentication-challenge-template's Introduction

backend-authentication-challenge

Description

Welcome to the Best Authentication Challenge ever existed.
This challenge's goal is to learn and practice building a User Authentication and Authorization System in your project.
In order to pass this challenge successfully you should follow all of the requirements detailed below.

Preparations

  • It is recommended to review the resources bellow before starting the challenge.
  • Install Node.js (if you haven't already).
  • Install a code editor of your choice (recommended: Visual Studio Code).
  • Fork this Github repository to your computer.
  • Run npm install on your terminal, both in the main directory and client folder.
  • Please notice that most of the tests can only be resolved whene the /users/register and /users/login APIs will work properly.

After these steps, you are good to go. Good Luck!

Libraries

Resources

Important Note

  • Do Not try to change dependencies in package.json/package.json.lock, the initial libraries are the only libraries allowed to use in order to pass the challenge successfully, it will be Tested.

Requirements

  • Access tokens should expire after 10 seconds.
  • Server must have an unknown endpoint handler (status 404 "unknown endpoint").
  • Server must contain the following variables: USERS [...{email, name, password, isAdmin},{}...], INFORMATION [...{name, info},{}...],
  • Passwords cannot be stored as plain-text - only as hash+salt(10!)
  • USERS array on server must have an admin user with the props mentioned bellow: { email: "[email protected]", name: "admin", password: "hashed password", isAdmin: true }. admin's password must be Rc123456!.
  • Server must work with content/type: application/JSON
  • RESTFull API requirements:

    • POST path: "/users/register", description: sign up to the server.

      • request template: body: {email, user, password}
      • server responses: status 201 "Register Success" | status 409 "user already exists".
      • When a user registers, the INFORMATION variable is updated with new info {name: ${username}, info: "${username} info"}

    • POST path: "/users/login", description: Login.

      • request template: body: {email ,password}
      • server responses: status 200, body {accessToken, refreshToken , userName, isAdmin} | status 404 "cannot find user" | status 403 "User or Password incorrect".

    • POST path: "/users/tokenValidate", description: Access Token Validation, Required:

      • request template header: {authorization: "Bearer -access token-"}
      • server responses: status 200, body: {valid: true} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • GET path: "/api/v1/information", description: Access user's information, Required: header: {authorization: "Bearer -access token-"}

      • request template: header {authorization: "Bearer -access token-"}
      • server responses: status 200, body: {name, info} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • POST path: "/users/token", description: Renew access token,

      • request template: body: {token: -refresh token-}.
      • server responses: status 200, body: {accessToken} | status 401 "Refresh Token Required" | status 403 "Invalid Refresh Token".

    • POST path: "/users/logout", description: Logout Session.

      • Request template: body: {token: -refresh token-"}
      • server responses: status 200 "User Logged Out Successfully" | status 400 "Refresh Token Required" | status 400 "Invalid Refresh Token".

    • GET path: /api/v1/users, description: Get users DB (admin only),

      • Request template: header {authorization: "Bearer -access token-"}
      • Server Responses: status 200, body: {USERS: [...[{email, name, password, isAdmin}]} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • OPTIONS path: "/", description: returns an array of all APIs and endpoints. (sends only the available options for the currnet logged user premissions)

      • Request template: optional header {authorization: "Bearer -access token-"}
      • Server Response: status 200, header: {Allow: "OPTIONS, GET, POST"}, body: returns an array of all the server's APIs:

        • client with no token gets only register and login APIs.

        • client with invalid token can use register, login and refresh token APIs.

        • authenticated user can access login, register, refresh token, information and logout APIs.

        • admin user can see all the server's APIs (including the get api/v1/users)

          • options array:

          [ { method: "post", path: "/users/register", description: "Register, Required: email, user, password", example: { body: { email: "[email protected]", name: "user", password: "password" } } }, { method: "post", path: "/users/login", description: "Login, Required: valid email and password", example: { body: { email: "[email protected]", password: "password" } } }, { method: "post", path: "/users/token", description: "Renew access token, Required: valid refresh token", example: { headers: { token: "*Refresh Token*" } } }, { method: "post", path: "/users/tokenValidate", description: "Access Token Validation, Required: valid access token", example: { headers: { authorization: "Bearer *Access Token*" } } }, { method: "get", path: "/api/v1/information", description: "Access user's information, Required: valid access token", example: { headers: { authorization: "Bearer *Access Token*" } } }, { method: "post", path: "/users/logout", description: "Logout, Required: access token", example: { body: { token: "*Refresh Token*" } } }, { method: "get", path: "api/v1/users", description: "Get users DB, Required: Valid access token of admin user", example: { headers: { authorization: "Bearer *Access Token*" } } } ]

How to run tests

  • Run all tests (tokenExpire.test takes 10s) - CLI command - npm run test.
  • Run single test suite - CLI command - npm run test -- SomeTestFileToRun.

authentication-challenge-template's People

Contributors

david35008 avatar moran1324 avatar

Stargazers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.