MILESTONE - Authentication

[jeturcotte]

With users being saved to the database, ought be not allow them to log in?

• First, learning hashing ... we MAY throw it out afterward for Oauth but there is value in going through it
  • Use SHA something or other: https://github.com/grondilu/libdigest-perl6/blob/master/lib/Digest/SHA.pm (md5 is too breakable to be useful)
  • Take the submitted password and hash it and store in the database on account creation
• Second, provide a login form / welcome page
  • Build out a session/cookie detection clause
    • If cookie/session is found, say 'welcome $username'
    • If not, provide a login form
      • Ask for Username and Password
• Third, provide an authentication endpoint
  • Accept Username and Password
    • Encrypt the password given
    • So a lookup against the table for a user that has the username and encrypted password
    • Create a session and/or cookie if there's a result
    • Return a 'failure to log in' if not (and don't tell them that the username doesn't match; this protects the site from being scanned for usernames)
• BONUS; Add a field or new table that shows the last datetime any given username logged in
  • Could be done a few ways; not required at this time, up to you
• BONUS/LATER; At the same time, investigate Oauth2 as an option
  • NOTE: Implementing this may force us to go back and edit stuff you've just done, but we should learn about it anyways
  • SEE: https://modules.perl6.org/dist/OAuth2::Client::Google:cpan:BDUGGAN
  • SEE: https://github.com/ohmycloud/fanfou-p6
  • SEE: https://oauth.net/ (I myself am trying to get my head around it and that's why this task is starting out vague)
  • SEE: https://youtu.be/PfvSD6MmEmQ
  • Research how to implement the concept of Oauth and whether either of these are sufficient to our task
• First, provide an 'authentication' endpoint
  • Make sure it accepts a username and accepts a password
• TASK: provide a link/api-endpoint that logs a person out
  • review https://softwareengineering.stackexchange.com/questions/196871/what-http-verb-should-the-route-to-log-out-of-your-web-app-be ... it SEEMS like folk want you to POST the token back to a /logout endpoint saying 'take this and kill it.'
  • So... make a logout enpoint, accept post (and nothing else)
  • Delete the cookie
  • Return the homepage (either via call homepage code or via redirect to / )

[ajbuchholz]

10/10/19 Update (Evening)

Date & Time is now inputted into the Database in its column when a user makes an account. It gives down to milliseconds, so a lot of information, but thats ok for now. We can change that later.

Tomorrow we will work on hashing the password when a user registers and signs in.

[ajbuchholz]

10/11/19 Update (Class)

Have created a post -> login
Determined whether login is successful only based on username.

Next class. We will determine if login is successful when entering username & password, not just username.

[jeturcotte]

Don't panic about the amount of work; it's defined as a conceptual unit rather than as a 'weeks work.' (which it may well not be.)

[ajbuchholz]

10/16/19 Update (Class Tomorrow)

TODO

• Authentication when entering username and password. Currently only checks to make sure username exists. (Should hopefully be done tomorrow)
• Implement Francesco C cookie code. This will be done in the next week or so.

[ajbuchholz]

10/23 10/21 Update
Cookies are currently being implemented. We are running into some problems. This should hopefully be done Friday.

[peteryn]

10/24/19 Thursday night meetup update Today Jeff asked me to get a cro service running on the server. I resolved the dependencies and wrote documentation for installing cro on debian. I almost got everything working before running out of time to install DBIish. Everything else should work. I was told by Jeff and Matt to look into nginx for running cro service persistently on the server. Adrian and I will continue working tomorrow in class. If there is anything else you would like us to work please let us know.

…

-Peter

On Wed, Oct 23, 2019 at 5:11 PM HermesTheDev ***@***.***> wrote: 10/23 10/21 Update Cookies are currently being implemented. We are running into some problems. This should hopefully be done Friday. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#7>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALGWNLJT6GYDLH4CDKHEB5LQQC4XVANCNFSM4I7S5E5Q> .

[jeturcotte]

The nightmare at work should be over soon, so I'll be able to catch up before much longer.

[peteryn]

10/29/19 Update Today the three of us got cookies working. Cookies are saved and authtokens are inserted. Cookies are done, the code needs a little cleaning. One last problem is we cant the page after automatic login to say "Welcome $username"

…

On Mon, Oct 28, 2019 at 8:16 AM Joshua Eric Turcotte < ***@***.***> wrote: The nightmare at work should be over soon, so I'll be able to catch up before much longer. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#7>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALGWNLIOKVFY5ELL7LNJYX3QQ3J2TANCNFSM4I7S5E5Q> .

[peteryn]

It works now with some handy dandy overtime at school

…

On Tue, Oct 29, 2019 at 3:09 PM Peter Yuan ***@***.***> wrote: 10/29/19 Update Today the three of us got cookies working. Cookies are saved and authtokens are inserted. Cookies are done, the code needs a little cleaning. One last problem is we cant the page after automatic login to say "Welcome $username" On Mon, Oct 28, 2019 at 8:16 AM Joshua Eric Turcotte < ***@***.***> wrote: > The nightmare at work should be over soon, so I'll be able to catch up > before much longer. > > — > You are receiving this because you were assigned. > Reply to this email directly, view it on GitHub > <#7>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ALGWNLIOKVFY5ELL7LNJYX3QQ3J2TANCNFSM4I7S5E5Q> > . >

[jeturcotte]

Nice; I'm nearly done (hopefully) with the terrormonth at work; Ill be there thurs... as specific questions before then if you have any

…

On Tue, Oct 29, 2019 at 3:14 PM pyuan ***@***.***> wrote: It works now with some handy dandy overtime at school On Tue, Oct 29, 2019 at 3:09 PM Peter Yuan ***@***.***> wrote: > 10/29/19 Update > > Today the three of us got cookies working. Cookies are saved and > authtokens are inserted. Cookies are done, the code needs a little > cleaning. One last problem is we cant the page after automatic login to say > "Welcome $username" > > On Mon, Oct 28, 2019 at 8:16 AM Joshua Eric Turcotte < > ***@***.***> wrote: > >> The nightmare at work should be over soon, so I'll be able to catch up >> before much longer. >> >> — >> You are receiving this because you were assigned. >> Reply to this email directly, view it on GitHub >> < #7 >, >> or unsubscribe >> < https://github.com/notifications/unsubscribe-auth/ALGWNLIOKVFY5ELL7LNJYX3QQ3J2TANCNFSM4I7S5E5Q > >> . >> > — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#7>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD72XCLM2NLQCVO6USEUHLQRCDSDANCNFSM4I7S5E5Q> .

-- ~jet

[jeturcotte]

added logout specs