CS356: Lab 5

Due: See Moodle for the due date and time

Goals:

·    Validate registration and login data

Requirements:

0.    Create a lab5 directory and copy your existing devconnector directory into it.

1.    Add the book’s validation code for both /users/api/register and /users/api/login (50)

2.    Modify the login validation, so if the login fails for any reason, the errors object returned is:
status: 401 body: {"credentials": "Invalid credentials supplied."}

Otherwise, the Bearer token is returned as it was in lab 4.  (15)

 

0.     

1.     

2.     

3.    Password must contain a special character from the following list (from http://www.sussex.ac.uk/its/help/faq?faqid=839 (11/14/18)) (15)

 

 

Hint: /[~`!#$%\^&*+=\-\[\]\\';,/{}|\\":<>\?]/g.test(str);

4.    Add a single security question / answer pair that must be supplied at registration with field (body element name) “question” and “answer”, respectively. (10)

a.    Both the question and answer must be at least 10 characters long (5)

b.    The question may not be the same as the answer (5)

 

Note: You do not need to encrypt the question or the answer

 

5.    At login: (10)

a.    the answer must be supplied (3)

b.    the answer must match the stored answer (7)

 

6.    Zip only: server.js, model/User.js, route/api/users.js, config/passport.js, the validation directory and submit these files on moodle.

 

Test Suite:

Set of tests for /users/api/register:

All of the following tests (except the last one) should return an error object indicating what is wrong when Req.body contains:

·       Nothing

·       Short name (< 2 chars)

·       Long name (> 30 chars)

·       Valid name, but none of the other fields present

·       Name, invalid email, as checked by Validator.isEmail()

·       Name, valid email, but no passwords

·       Name, email, short password (< 6 chars)

·       Name, email, long password (> 30 chars)

·       Password without a special character

·       Name, email, password, password2 != password

·       Name, email, password, password2, short security question (< 10 chars)

·       Name, email, password, password2, valid question, but no answer

·       Name, email, password, password2, question, short answer (< 10 chars)

·       Name, email, password, password2, question, valid answer

 

Set of tests for /users/api/login:

All of the following tests (except the last one) should return an error object with the text “Invalid credentials supplied.”

Req.body contains:

·       Nothing

·       Invalid email

·       Valid email, non-matching password

·       Email, valid password

·       Email, password, non-matching answer

·       Email, password, valid answer