GithubHelp home page GithubHelp logo

authentication-challenge-template's Introduction

backend-authentication-challenge

Description

Welcome to the Best Authentication Challenge ever existed.
This challenge's goal is to learn and practice building a User Authentication and Authorization System in your project.
In order to pass this challenge successfully you should follow all of the requirements detailed below.

Preparations

  • It is recommended to review the resources bellow before starting the challenge.
  • Install Node.js (if you haven't already).
  • Install a code editor of your choice (recommended: Visual Studio Code).
  • Fork this Github repository to your computer.
  • Run npm install on your terminal, both in the main directory and client folder.
  • Please notice that most of the tests can only be resolved whene the /users/register and /users/login APIs will work properly.

After these steps, you are good to go. Good Luck!

Libraries

Resources

Important Note

  • Do Not try to change dependencies in package.json/package.json.lock, the initial libraries are the only libraries allowed to use in order to pass the challenge successfully, it will be Tested.

Requirements

  • Server must contain the following variables:
const USERS = [...{email, name, password, isAdmin}...], 
const INFORMATION = [...{email, info}...]
const REFRESHTOKENS = []
  • Passwords cannot be stored as plain-text - only as hash+salt(10!)
  • USERS array on server must have an admin user with the props mentioned bellow:
{ email: "[email protected]", name: "admin", password: "**hashed password**", isAdmin: true }.

admin's password must be Rc123456!.

  • Server must work with content/type: application/JSON

  • Access tokens should expire after 10 seconds.

  • Server must have an unknown endpoint handler (status 404 "unknown endpoint").

  • REST-Full API requirements:

    • POST path: "/users/register", description: sign up to the server.

      • request template:
      body: {email, user, password}
      • server responses: status 201 "Register Success" | status 409 "user already exists".
      • When a user registers, the INFORMATION variable is updated with new info {email: ${email}, info: "${name} info"}

    • POST path: "/users/login", description: Login.

      • request template:
       body: {email ,password}
      • server responses: status 200, body {accessToken, refreshToken , email, name, isAdmin} | status 404 "cannot find user" | status 403 "User or Password incorrect".

    • POST path: "/users/tokenValidate", description: Access Token Validation, Required:

      • request template
      header: {Authorization: "Bearer -access token-"}
      • server responses: status 200, body: {valid: true} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • GET path: "/api/v1/information", description: Access user's information, Required: header: {Authorization: "Bearer -access token-"}

      • request template:
      header {Authorization: "Bearer -access token-"}
      • server responses: status 200, body: {email, info} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • POST path: "/users/token", description: Renew access token,

      • request template:
      body: {token: -refresh token-}.
      • server responses: status 200, body: {accessToken} | status 401 "Refresh Token Required" | status 403 "Invalid Refresh Token".

    • POST path: "/users/logout", description: Logout Session.

      • Request template:
      body: {token: -refresh token-"}
      • server responses: status 200 "User Logged Out Successfully" | status 400 "Refresh Token Required" | status 400 "Invalid Refresh Token".

    • GET path: /api/v1/users, description: Get users DB (admin only),

      • Request template:
      header {Authorization: "Bearer -access token-"}
      • Server Responses: status 200, body: {USERS: [...[{email, name, password, isAdmin}]} | status 401 "Access Token Required" | status 403 "Invalid Access Token".

    • OPTIONS path: "/", description: returns an array of all APIs and endpoints. (sends only the available options for the currnet logged user premissions)

      • Request template: optional 
      header {Authorization: "Bearer -access token-"}
      • Server Response: status 200, header: {Allow: "OPTIONS, GET, POST"}, body: returns an array of all the server's APIs:
        • client with no token gets only register and login APIs.
        • client with invalid token can use register, login and refresh token APIs.
        • authenticated user can access login, register, refresh token, information and logout APIs.
        • admin user can see all the server's APIs (including the get api/v1/users)
          • options array:
          [
  { method: "post", path: "/users/register", description: "Register, Required: email, name, password", example: { body: { email: "[email protected]", name: "user", password: "password" } } },
  { method: "post", path: "/users/login", description: "Login, Required: valid email and password", example: { body: { email: "[email protected]", password: "password" } } },
  { method: "post", path: "/users/token", description: "Renew access token, Required: valid refresh token", example: { headers: { token: "\*Refresh Token\*" } } },
  { method: "post", path: "/users/tokenValidate", description: "Access Token Validation, Required: valid access token", example: { headers: { Authorization: "Bearer \*Access Token\*" } } },
  { method: "get", path: "/api/v1/information", description: "Access user's information, Required: valid access token", example: { headers: { Authorization: "Bearer \*Access Token\*" } } },
  { method: "post", path: "/users/logout", description: "Logout, Required: access token", example: { body: { token: "\*Refresh Token\*" } } },
  { method: "get", path: "api/v1/users", description: "Get users DB, Required: Valid access token of admin user", example: { headers: { authorization: "Bearer \*Access Token\*" } } }
]

How to run tests

  • Run all tests (tokenExpire.test takes 10s) - CLI command - npm run test.
  • Run single test suite - CLI command - npm run test -- SomeTestFileToRun.

authentication-challenge-template's People

Contributors

david35008 avatar moran1324 avatar

Watchers

avatar avatar

Forkers

trodelgal amirdebbie roydamari alontzukerman thealmightycrumb zbejavu meirony2008 yoni-gold itaibn9 guyleifer michaelbyalsky mtn-g talshem itsdrtsach orisass omerokach eliav-touitou erezkatsman michefraim ido-leybo niv200 dannyisa inbar-weinberg noavrd moran-aga shirameirovitz ofer3k yamebgui ziv5ha yansido orrosman royshemesh ramabadash arnonasquira amitfikler ofirsalem1 omernaveh amitnahtomi sagigolan8 yakovcohen4 oridavidi100 dorbr oryanab ehood-goren strauss02 shakederin dimatomilin michael-lugashi forks-archive

authentication-challenge-template's Issues

refresh or access?

GET path: /api/v1/users, description: Get users DB (admin only),

Request template: header {Authorization: "Bearer -access token-"}
Server Responses: status 200, body: {USERS: [...[{email, name, password, isAdmin}]} | status 401 "Refresh Token Required" | status 403 "Invalid Refresh Token".

does this get a refresh token or access?

status 400 or 401

POST path: "/users/logout", description: Logout Session.

Request template: body: {token: -refresh token-"}
server responses: status 200 "User Logged Out Successfully" | status 400 "Refresh Token Required" | status 400 "Invalid Refresh Token".

Are you sure both errors should be status 400? in other endpoints its 401 for "Refresh Token Required"

Problematic for use with react router

if all the endpoints are not in one file, you cant use arrays for users and information, because both /users endpoints and /api endpoints need them.
one solution is using fs and .json files, but this creates a problem with reseting for tests and adding the users - it seem to mess with the way bcrypt creates a hash

Dependencies version Error

Hi, after running "npm i" in both the client and the root directory,
The react command "npm start" shows the following error:

image

The client cannot be run at all.
The challenge still works but the client experience is missing.

Typo in README

It is written in the readme that login entry point gets in the body the object : {user,email,password}, but in the test it recives: {name,email,password}.
Makes some of the tests to fail, not fun

user description in read me

"USERS [...{email, user, password, isAdmin},{}...]"

it should be "[...{email, name, password, isAdmin},{}...]"

INFORMATION of the USERS is not uniquely identified

currently only the email of the user is a unique field.
so if each item in the INFORMATION array for all the users is represented by the name of the user, users with the same name will get their information mixed up.

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.