This is an Express HTTP server that allows users to signup, login and logout of your application.

The HTTP routes render different information depending on whether the request is from an unknown visitor or a logged in user.

Database Testing HTTP Testing Testing with chai-HTTP

Questions: I thought I needed to provide the salt when comparing some hashed passwords, but I didn't need to do that in my login route and things seem to be working. Is this a feature of bcryptjs? How does it do this?

• build this app in a new empty GitHub repository
• use node
• ensure all your npm dependencies are listed in your package.json
• use postgresql
• design a database schema to store users
• commit your schema in schema.sql
• use the express node package
• use the body-parser node package
• use the cookie-session node package
• use the pg-promise node package
• implement the following user stories:
  • when you are not logged in
    • and you visit / (the home page) you see:
      • "Hello Stranger"
      • a link to /signup
      • a link to /login
    • and you visit /signup
      • you see:
        • a form with:
          • email
          • password
          • password confirmation
          • "Signup" button
      • and you submit the signup form
        • with no values
          • you should see the signup page again but with the error "please provide an email and a password to sign up"
        • with a value in the password field that does not match the value in the password confirmation field
          • you should see the signup page again but with the error "passwords do not match"
        • with a valid email, and matching passwords
          • a new user should be inserted into the database
          • your session cookie should be updated with the new user id
          • you should be logged in and redirected to the homepage
    • and you visit /login you see:
      • a form with:
        • email
        • password
    • and you submit the login form
      • with no values
        • you should see the login page again with the error "please provide an email and a password to login"
      • with a correct email but an incorrect password
        • you should see the login page again with the error "incorrect email or password"
      • with an incorrect email and any password
        • you should see the login page again with the error "incorrect email or password"
      • with a matching email and password
        • you should be logged in and redirect to the home page
    • and you visit /logout
      • you are redirected to the home page
  • when you are logged in
    • and you visit / (the home page) you see:
      • "Welcome back [email address]"
      • a link to /logout
    • and you visit /login
      • you are redirected to the homepage
    • and you visit /signup
      • you are redirected to the homepage
    • and you visit /logout
      • you are logged out and then redirected to the home page

• Write tests for your express routes using chai-http

• Encrypt passwords using bcryptjs
• Encrypt sessions with cryptr

If all of the above features are correctly implemented you should be able to

1. signup and be logged in
2. logout
3. login again as that same user
4. logout
5. signup as a different user
6. logout
7. etc…

Also try:

• Using a Chrome incognito window.
• Inspecting and deleting cookies in the Chrome Developer Tools application tab

• Salted Password Hashing—Doing it Right