Unit 5. Authenticating user accounts

In unit 4, you built CRUD functions for the models in your application. You also learned how Mongoose and some external packages can help you define associations between your models and display data from referenced models in your browser.

In this unit, you learn about flash messaging with sessions and cookies, data encryption, and user authentication. You start by implementing basic session storage to handle small messages called flash messages between requests. Then you modify your User model to handle password encryption with the bcrypt package. After setting up your first login form, you use bcrypt to authenticate users by comparing their login data with their encrypted passwords in your database. In the last lesson, you reimplement user authentication—the process of confirming that an account is valid before allowing users access to the application. You explore methods of authenticating accounts, encrypting passwords for security, and offering tools for normal users to move around in your application with tools provided by Passport.js. By the end of the unit, you’ll be able to sign up new users and even begin building logic based on user data in your database.

This unit covers the following topics:

• Lesson 22 discusses sessions and shows how to preserve your users’ login status by storing information on the client side. You learn how to apply flash messages; these short messages, passed between pages, let you know whether some server operation was successful.
• Lesson 23 guides you through the process of building a sign-up form. You’ve built forms before in this book, but this form handles a user’s email and password, so you need to take a slightly different approach to ensure that your data is safe and consistent. With the help of the bcrypt package, an encryption algorithm makes sure that no plain-text passwords are saved to your database. At the end of the lesson, you apply additional validation middleware with express-validator.
• Lesson 24 teaches you how to add application authentication for your users. With the help of the Passport.js middleware and some helpful npm packages, this lesson adds a layer of security to your application and the User model. You also modify your view layout to access your login form quickly, display any currently logged-in users, and provide a way to log out quickly.
• Lesson 25 wraps up the unit by guiding you through the construction of necessary user encryption and authentication for the Confetti Cuisine application. You apply flash messages, validation middleware, encryption, and a robust authentication process.

Start cooking in lesson 22 by adding cookies to your application.