Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New lesson: Session-based authentication #29082

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

New lesson: Session-based authentication #29082

wants to merge 22 commits into from

Commits on Nov 6, 2024

  1. Write intro and lesson overview

    @MaoShizhong
    MaoShizhong committed Nov 6, 2024
    Configuration menu
    Copy the full SHA
    3c3a0fd View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2024

  1. Write sessions description

    @MaoShizhong
    MaoShizhong committed Nov 9, 2024
    Configuration menu
    Copy the full SHA
    e212eb6 View commit details
    Browse the repository at this point in the history

  2. Rearrange section content 

    'Persisting logins' was a glorified intro anyway
    @MaoShizhong
    MaoShizhong committed Nov 9, 2024
    Configuration menu
    Copy the full SHA
    4d23f47 View commit details
    Browse the repository at this point in the history

  3. Add example app setup instructions

    @MaoShizhong
    MaoShizhong committed Nov 9, 2024
    Configuration menu
    Copy the full SHA
    a2d7e44 View commit details
    Browse the repository at this point in the history

  4. Start login example 

    Only up to the original login process
    @MaoShizhong
    MaoShizhong committed Nov 9, 2024
    Configuration menu
    Copy the full SHA
    657de49 View commit details
    Browse the repository at this point in the history

  5. Handle general authentication middleware

    @MaoShizhong
    MaoShizhong committed Nov 9, 2024
    Configuration menu
    Copy the full SHA
    0027857 View commit details
    Browse the repository at this point in the history

Commits on Nov 10, 2024

  1. Rephrase validation feedback warning verbiage

    @MaoShizhong
    MaoShizhong committed Nov 10, 2024
    Configuration menu
    Copy the full SHA
    ca2d4f9 View commit details
    Browse the repository at this point in the history

  2. Explain session options in app.js 

    Reordered setup code blocks for easier content flow.
Decided to introduce the session store and secret explanations here
instead of their own sections later on (not really needed there).
    @MaoShizhong
    MaoShizhong committed Nov 10, 2024
    Configuration menu
    Copy the full SHA
    0cbc997 View commit details
    Browse the repository at this point in the history

Commits on Nov 13, 2024

  1. Format code blocks for less horizontal scrolling

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    d767546 View commit details
    Browse the repository at this point in the history

  2. Rearrange session options description 

    New order allows for a more natural way of explaining how
express-session populates req.session.
That can be explained at the start and options explained to reflect
that, instead of explaining options in a bit of a black hole then
provide the context later in the lesson.
    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    79ef33e View commit details
    Browse the repository at this point in the history

  3. Add section on password hashing with argon2id

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    2c0da9b View commit details
    Browse the repository at this point in the history

  4. Fix signup path

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    e5bfc45 View commit details
    Browse the repository at this point in the history

  5. Add section on logging out 

    Made more sense to talk about logging out after logging in, then talk
about password hashing afterwords.
    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    584b2a4 View commit details
    Browse the repository at this point in the history

  6. Add knowledge check questions 

    Use subsections for better content organisation and linking
    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    1869145 View commit details
    Browse the repository at this point in the history

  7. Emphasise argon2 library defaults meet OWASP recommendations

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    45bf391 View commit details
    Browse the repository at this point in the history

  8. Add login/signup links in views for convenient navigation

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    03da52f View commit details
    Browse the repository at this point in the history

  9. Fix grammar and US/UK spelling

    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    77d56e1 View commit details
    Browse the repository at this point in the history

  10. Rename lesson file 

    "Session-based authentication" is a more appropriate title for the
lesson than just "Sessions", given that sessions are not exclusively
used for auth purposes.
    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    973251c View commit details
    Browse the repository at this point in the history

  11. Demonstrate NODE_ENV conditional cookie options 

    Makes sense to showcase them directly rather than just via text example after the fact
    @MaoShizhong
    MaoShizhong committed Nov 13, 2024
    Configuration menu
    Copy the full SHA
    b9b0b1e View commit details
    Browse the repository at this point in the history

Commits on Nov 17, 2024

  1. Force hash verification to run every POST /login 

    Prevent timing attack
    @MaoShizhong
    MaoShizhong committed Nov 17, 2024
    Configuration menu
    Copy the full SHA
    9c5f8a2 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2024

  1. Rename heading 

    Prevent confusion with POST as an HTTP verb
    @MaoShizhong
    MaoShizhong committed Nov 19, 2024
    Configuration menu
    Copy the full SHA
    db5787a View commit details
    Browse the repository at this point in the history

  2. Improve wording for salt explanation

    @MaoShizhong
    MaoShizhong committed Nov 19, 2024
    Configuration menu
    Copy the full SHA
    9a8148c View commit details
    Browse the repository at this point in the history