End-to-end User Authentication for React and Express.js using passport.js

[Kwinten-C]

End-to-end User Authentication for React and Express.js using passport.js

We are working on a dApp using React (for frontend) and Express.js (for node.js server). We are using material UI theme for React. We want you to help us implement user authentication module (end-to-end) using passport.js jwt-strategy.

We already have some implementation of the app. See components diagram below.

How can you help?

Implement a simple user authentication system that keeps track of all registered users and allows access control to certain parts of the application. User Login is necessary to implement a personal credit or token score and potentially later personal consumer data or wiki edit logging. A User Login system will also provide a small but useful barrier to prevent malevolent attacks on the curation ecosystem.

This system is compromised of the following parts:

• A simple user interface that requests username, email and password. (Login component of React). And option to reset password. ( are mandatory fields)
• A secure database that stores all user passwords and usernames within MongoDB. We already have mongodb setup. What you need is to create a collection ‘user’ and perform CRUD operations using mongoose.js
• passport.js jwt-strategy based server side authentication.

We are assuming that by looking at the project structure you will have a pretty good idea where the implementation code should go. But, in case of any doubts we will help you.

• Note > The entire system will be Web2.0 with the datastore stored off-chain.

Link to Github Repo

What needs to be done?

User interface

Make a javascript based pop up panel that must be called whenever the user performs an access-required action. The interface will have a register and a login option. In the register option, there must be a form with three required fields: unique user ID, password, and email (for password recovery). When the user ID already exists in the database, the user should receive an error message. For the login part, the user will be prompted to provide user ID and password.

If the user ID already exists in the databse during register, an informative error message must be displayed. If the user gives in the wrong password /ID combination, a proper error message must be displayed. The user must have the option to request for a password reset when forgotten by email.

Passport.js integration

Implement passport.js using JWT strategy. Connect the passport to the express.js back end. More documentation can be found here: http://www.passportjs.org/packages/passport-jwt/

User Datastore

Create a scalable datastore for application users within Mongo DB. Each user entry should have the following fields in collection users. Sample is shown below -

<email>: {
    username: 
    password:
    createdOn: <user creation date in UTC format>
    lastModifiedOn: <password last updated on in UTC format>
    lastLoginOn: <when did user last login in UTC format>
    }

• The datastore should not allow any duplicate entries based on user ID.
• New users should be added to the database after registration in the interface.
• Password is updated whenever user updates the password.

Test coverage:

Related tests should be written using mocha for express.js and React UI tests using Jest

We are very happy when

• [ ] User is able to register, login, change password using React UI component.
• [ ] User authentication is verified using passport.js jwt strategy on the server-side and appropriate error or success message is displayed on UI
• [ ] Corresponding entry is saved in mongodb using mongoose.js when user registers, logins, updates password etc.
• [ ] Test coverage for UI and Server-side test corresponding to this implementation is >70%
• [ ] code for this implementation is merged into master branch for this repo - https://github.com/oceanprotocol/musicmap/

Note > All PRs for this implementation goes in this repo: https://github.com/oceanprotocol/musicmap/

Seen this problem before?

Any help solving this is welcome. Feel free to leave any comments and help someone else to solve it. We might airdrop tokens to someone even if not directly completing bounty.

Questions & Reviews

Pull requests will be reviewed by one of the maintainers or long-term contributors. In case of any additional questions feel free to ask in this thread and we will do our best to add the missing info :)

Things to know

The bounty lifecycle process including payout will be managed using Gitcoin. We'll be responding to your questions here, but for discussion and clarification we recommend to join also our Gitter channel where our tech community is accessible. In order to see the PROCN balance in your wallet you'll need to reference the related token contract with address 0xf2aabdd898a0139195b2b5da7387d43a45ded254. If you use a Metamask plugin you'll find the the exact steps here. Lastly, even if it is a contest bounty, we will reward all valuable contributions and efforts. We greatly appreciate the value our open source community brings to Ocean and will always award some tokens to all great contributions! :smiley:

Reward

Once the project was reviewed and merged in the master branch, you will receive the reward. PROCN is a proto-Ocean token. Bounty hunters that earn PROCN will be able to convert them 1:1 to Ocean tokens on network launch (Ocean Token will be valued at at 0.22 EUR on network launch). Network launch is expected to happen by Mar 31, 2019. Until then PROCN will be locked and non-transferrable in the ETH wallet to which it is delivered to.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5000.0 PROCN attached to it as part of the Ocean Protocol Foundation fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $46,043.85 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 2 years, 11 months ago. Please review their action plans below:

1) sounak98 has been approved to start work.

• Integrate passport-jwt with express.js
• create a modal for login and registration and link it with the backend
• write tests for the whole work

Learn more on the Gitcoin Issue Details page.

[sounak98]

The link to the repo gives a 404, @Kwinten-C can you provide the correct link?

[Anirudh2490]

@sounak98 welcome! Thanks for applying for this bounty, it's great to have you on board. I see you've already made your way to gitter - https://gitter.im/oceanprotocol/Lobby. If you have any more doubts, you can ping us on Gitter. Cheers!

[Anirudh2490]

@sounak98 would you have any update for us on this bounty? Do let us know if you are stuck anywhere.

[sounak98]

Sorry @Anirudh2490 I was very busy with my university work for some days, I have resumed work today. Will update!

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5000.0 PROCN has been submitted by:

1. @sounak98

@chalidbdb please take a look at the submitted work:

• PR by @sounak98

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $54,619.91 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

The funding of 5000.0 PROCN attached to this issue has been approved & issued to @sounak98.

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $56,854.35 more funded OSS Work available on the Gitcoin Issue Explorer