User Login & Logout (Authentication)

[BenBolthouse]

Story

https://github.com/BenBolthouse/nice-bytes/wiki/User-Stories#user-login--logout

Q & A

1. • [ ] How does the NiceBytes application handle secure login?
     1. • [ ] NiceBytes leverages JWT authentication in Node for secure login
2. • [ ] How long will a user remain logged in until they are automatically logged out due to inactivity?
     1. • [ ] 24 hours
     2. • [ ] A user's session expiration and JWT expiration will be set 24 hours from the time of the user's last HTTP request
3. • [ ] How is a user made aware that they are logged in or logged out of the web application?
     1. • [ ] A component of the website that shows on every page displays the username and other details of the user while logged in
     2. • [ ] The abovementioned component instead shows a prompt to login or register if the user is not logged in
4. • [ ] Where can a user go to login?
     1. • [ ] A dedicated login page located at the url http://nicebytes.com/login
     2. • [ ] Links to the dedicated login page are visible from every page of the website
5. • [ ] What information does the user need to provide to login?
     1. • [ ] The user's email address
     2. • [ ] The user's chosen password
6. • [ ] What happens when the user submits their request to login?
     1. • [ ] If the request is invalid then the login view notifies the user of which fields to correct
     2. • [ ] If the request is valid and the login is successful then return the user to the location that they were in prior to login
     3. • [ ] If successful, the user receives a JWT from the application and is authorized to access certain resources until logout
7. • [ ] Where can a user go to logout?
     1. • [ ] The webpage component that displays the username of the logged in user also presents an option to log out
8. • [ ] What happens when the user submits their request to logout?
     1. • [ ] They are redirected to the login page