Authentication and Testing Sprint Challenge

Read these instructions carefully. Understand exactly what is expected before starting this Sprint Challenge.

This challenge allows you to practice the concepts and techniques learned over the past sprint and apply them in a concrete project. This sprint explored Authentication and Testing. During this sprint, you studied authentication, JSON web tokens, unit testing, and backend testing. In your challenge this week, you will demonstrate your mastery of these skills by creating a dad jokes app.

This is an individual assessment. All work must be your own. Your challenge score is a measure of your ability to work independently using the material covered through this sprint. You need to demonstrate proficiency in the concepts and objectives introduced and practiced in preceding days.

You are not allowed to collaborate during the sprint challenge. However, you are encouraged to follow the twenty-minute rule and seek support from your TL if you need direction.

You have three hours to complete this challenge. Plan your time accordingly.

Introduction

In this challenge, you build a real wise-guy application. Dad jokes are all the rage these days. Currently the application is trying to receive some Dad Jokes, however we are locked out.

Implement an User Authentication System. Hash user's passwords before saving the user to the database. Use JSON Web Tokens or Sessions and Cookies to persist authentication across requests.

Commits

Commit your code regularly and meaningfully. This helps both you (in case you ever need to return to old code for any number of reasons) and your team lead as the evaluate your solution.

Interview Questions

Be prepared to demonstrate your understanding of this week's concepts by answering questions on the following topics. You might prepare by writing down your own answers before hand.

  1. Differences between using sessions or JSON Web Tokens for authentication.
  • Sessions add a cookie to the client's browser as well as the server saving an instance of the cookie and checking if the cookie is valid when the client sends a request with the cookie.

  • JWT (Json Web Tokens) are not saved to the server and are instead sent to the client as a token upon successful login and the client uses the token to gain access to the resource.

  1. What does bcrypt do to help us store passwords in a secure manner.
  • bcrypt allows us to hash the password so that they are not stored as plain text
  1. How are unit tests different from integration and end-to-end testing.
  • unit tests test one specific function (aka pure function)
  • end-to-end testing testing everything in one particular avenue of the app
    • ex. test the registering of a new client which will test everything involved in registering the client
  1. How Test Driven Development changes the way we write applications and tests.
  • In test driven development you create the tests first and then write only enough code to pass that specific test. This allows us to make sure that every functionality it working properly and allows us to check if any future changes breaks any previous working code

You are expected to be able to answer questions in these areas. Your responses contribute to your Sprint Challenge grade.

Instructions

Task 1: Project Set Up

  • Create a forked copy of this project
  • Add your team lead as collaborator on Github
  • Clone your OWN version of the repository (Not Lambda's by mistake!)
  • Create a new branch: git checkout -b <firstName-lastName>.
  • Implement the project on your newly created <firstName-lastName> branch, committing changes regularly
  • Push commits: git push origin <firstName-lastName>

Task 2: Project Requirements

Your finished project must include all of the following requirements:

  • An authentication workflow with functionality for account creation and login implemented inside /auth/auth-router.js. A user has username and password. Both properties are required.
  • Middleware used to restrict access to resources for non authenticated requests. Use the file: ./auth/authenticate-middleware.js as a starting point.
  • Configuration for running tests using Jest.
  • A minimum o 2 tests per API endpoint.

Note: the database already has the users table, but if you run into issues, the migrations are available.

In your solution, it is essential that you follow best practices and produce clean and professional results. You will be scored on your adherence to proper code style and good organization. Schedule time to review, refine, and assess your work and perform basic professional polishing including spell-checking and grammar-checking on your work. It is better to submit a challenge that meets MVP than one that attempts too much and does not.

Task 3: Stretch Goals

After finishing your required elements, you can push your work further. These goals may or may not be things you have learned in this module but they build on the material you just studied. Time allowing, stretch your limits and see if you can deliver on the following optional goals:

  • Write at least 4 tests per endpoint.
  • Extract user validation into a separate method and write unit tests for it.
  • Use a separate testing database for the endpoint tests.
  • Implement authentication with the other method, if you used JWTs for MVP use sessions for stretch and vice versa.

Submission format

Follow these steps for completing your project.

  • Submit a Pull-Request to merge Branch into master (student's Repo). Please don't merge your own pull request
  • Add your team lead as a reviewer on the pull-request
  • Your team lead will count the project as complete after receiving your pull-request