Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.
This challenge allows you to practice the concepts and techniques learned over the past sprint and apply them in a concrete project. This sprint explored Authentication and Testing. During this sprint, you studied authentication, JSON web tokens, unit testing, and backend testing. In your challenge this week, you will demonstrate your mastery of these skills by creating a dad jokes app.
This is an individual assessment. All work must be your own. Your challenge score is a measure of your ability to work independently using the material covered through this sprint. You need to demonstrate proficiency in the concepts and objectives introduced and practiced in preceding days.
You are not allowed to collaborate during the sprint challenge. However, you are encouraged to follow the twenty-minute rule and seek support from your TL if you need direction.
You have three hours to complete this challenge. Plan your time accordingly.
In this challenge, you build a real wise-guy application. Dad jokes are all the rage these days. Currently the application is trying to receive some Dad Jokes, however we are locked out.
Implement an User Authentication System. Hash user's passwords before saving the user to the database. Use JSON Web Tokens or Sessions and Cookies to persist authentication across requests.
Commit your code regularly and meaningfully. This helps both you (in case you ever need to return to old code for any number of reasons) and your team lead as the evaluate your solution.
Be prepared to demonstrate your understanding of this week's concepts by answering questions on the following topics. You might prepare by writing down your own answers before hand.
Q1. Differences between using sessions or JSON Web Tokens for authentication.
A1. Sessions are stored in the server’s memory on a cookie to verify the user and JSON web tokens are stateless and has a secret. It is created when the user logs in and the server looks for the JWT header to validate the request form the user.
Q2. What does bcrypt do to help us store passwords in a secure manner?
A2. It incorporates a salt to block rainbow table attacks. It takes the password and hashes it to a string that can’t be reversed back into the user’s password.
Q3. How are unit tests different from integration and end-to-end testing?
A3. Unit tests only test the functionality of on unit of code to see if it works (ex. One function). Integration tests how multiple units work together in the code and End-to-end test how the user would interact with the code.
Q4. How Test Driven Development changes the way we write applications and tests?
A4. We write the tests before we write the code. The tests fail before the code is written making in more efficient because there is no need to rewrite codes for tests, fewer bugs and better organized. It’s good for testing units of code.
You are expected to be able to answer questions in these areas. Your responses contribute to your Sprint Challenge grade.
- Create a forked copy of this project
- Add your team lead as collaborator on Github
- Clone your OWN version of the repository (Not Lambda's by mistake!)
- Create a new branch: git checkout -b
<firstName-lastName>. - Implement the project on your newly created
<firstName-lastName>branch, committing changes regularly - Push commits: git push origin
<firstName-lastName>
Your finished project must include all of the following requirements:
- An authentication workflow with functionality for account creation and login implemented inside
/auth/auth-router.js. Auserhasusernameandpassword. Both properties are required. - Middleware used to restrict access to resources for non authenticated requests. Use the file:
./auth/authenticate-middleware.jsas a starting point. - Configuration for running tests using
Jest. - A minimum o 2 tests per API endpoint.
Note: the database already has the users table, but if you run into issues, the migrations are available.
In your solution, it is essential that you follow best practices and produce clean and professional results. You will be scored on your adherence to proper code style and good organization. Schedule time to review, refine, and assess your work and perform basic professional polishing including spell-checking and grammar-checking on your work. It is better to submit a challenge that meets MVP than one that attempts too much and does not.
After finishing your required elements, you can push your work further. These goals may or may not be things you have learned in this module but they build on the material you just studied. Time allowing, stretch your limits and see if you can deliver on the following optional goals:
- Write at least 4 tests per endpoint.
- Extract user validation into a separate method and write unit tests for it.
- Use a separate testing database for the endpoint tests.
- Implement authentication with the other method, if you used JWTs for MVP use sessions for stretch and vice versa.
Follow these steps for completing your project.
- Submit a Pull-Request to merge Branch into master (student's Repo). Please don't merge your own pull request
- Add your team lead as a reviewer on the pull-request
- Your team lead will count the project as complete after receiving your pull-request