· Validate registration and login data
0. Create a lab5 directory and copy your existing devconnector directory into it.
1. Add the book’s validation code for both /users/api/register and /users/api/login (50)
2. Modify
the login validation, so if the login fails for any reason, the errors object
returned is:
status: 401 body:
{"credentials": "Invalid credentials supplied."}
Otherwise, the Bearer token is returned as it was in lab 4. (15)
3. Password must contain a special character from the following list (from http://www.sussex.ac.uk/its/help/faq?faqid=839 (11/14/18)) (15)
Hint: /[~`!#$%\^&*+=\-\[\]\\';,/{}|\\":<>\?]/g.test(str);
4. Add a single security question / answer pair that must be supplied at registration with field (body element name) “question” and “answer”, respectively. (10)
a. Both the question and answer must be at least 10 characters long (5)
b. The question may not be the same as the answer (5)
Note: You do not need to encrypt the question or the answer
5. At login: (10)
a. the answer must be supplied (3)
b. the answer must match the stored answer (7)
6. Zip only: server.js, model/User.js, route/api/users.js, config/passport.js, the validation directory and submit these files on moodle.
All of the following tests (except the last one) should return an error object indicating what is wrong when Req.body contains:
· Nothing
· Short name (< 2 chars)
· Long name (> 30 chars)
· Valid name, but none of the other fields present
· Name, invalid email, as checked by Validator.isEmail()
· Name, valid email, but no passwords
· Name, email, short password (< 6 chars)
· Name, email, long password (> 30 chars)
· Password without a special character
· Name, email, password, password2 != password
· Name, email, password, password2, short security question (< 10 chars)
· Name, email, password, password2, valid question, but no answer
· Name, email, password, password2, question, short answer (< 10 chars)
· Name, email, password, password2, question, valid answer
All of the following
tests (except the last one) should return an error object with the text “Invalid credentials supplied.”
Req.body contains:
· Nothing
· Invalid email
· Valid email, non-matching password
· Email, valid password
· Email, password, non-matching answer
· Email, password, valid answer