Closed zoe-1 closed 9 years ago
Can we not better use a normal login page which redirects to the home page. I think now using ajax makes things very complicated.
Is this what you want : http://www.andwecode.com/create-popup-login-and-signup-form/
I'm all in for moving the manifest to its own separate file.
@rutaihwa Great! Glad you agree. Assignment will require the manifest to be in it's own file. @roelof1967 Assignment is going to require AJAX here. AJAX example will help other's see how hapi-auth-cookie works with AJAX.
@zoe-1 oke, then I have to google further on finding a good example.
@zoe-1 Have you finalized the assignment?
@rutaihwa and community, currently finalizing the assignment, but planning to add some new parts:
What does everyone think about the above? Plus, if you have any last minute requests to place in the next assignment, please share them.
@zoe-1 According to me, the library will simplify things a lot. Lets hear from the community. Thanks for adding api
connection :smile:
Below is an overview of assignment7. Please look it over and give your feed back! Feel free to make suggestions. After finalizing the general objectives described here, Assignment7 will be written.
Validation, Authentication, and Authorization
Configure the application to use hapi-auth-cookie for cookie-based session management. Every route will be black listed requiring authentication and authorization globally. Routes that do not require authenticated users and have no permissions restrictions will be white listed so anyone can access them. Additionally, the application will utilize two user roles for authorization which are:
There will be three types of authorization restrictions:
Login Process
Create a login in page that utilizes AJAX to login. This route (/login) is open to the public. If the login AJAX POST request is successful, the login form will disappear and the user will be presented with links to access restricted content /account or /logout. At this stage the login process is complete, session cookies are set, and authorized users can begin to access restricted content. If the login AJAX request fails, an error message is displayed along with the login form.
Restricted Access Content
The /account route
After a successful login, user sees "My Account" link and "Logout" link. The "My Account" link goes to the /account route which is restricted to authenticated users with roles of "user" or "admin". The /account route will display a welcome message with the user name in it and displays the following links: "Logout", "Home", and "Admin Panel" (if user has admin privileges). Correspondingly, the previous mentioned links point to /logout, /home, and /admin.
The /admin route
The /admin route should display an admin welcome message with user's username displayed. Plus, there should be three links: "My Account", "Logout" , "Home". Only users with the role of "admin" should be able to access /admin route.
The /home route
If a logged in user goes to /home, "My Account" and "Logout" links are displayed along with the hapi university image. When a user clicks on "My Account" link they are taken to the /account route described above.
Logging Out
On /home, /account, and /admin routes there should be a logout button which links to /logout and destroys the session. Plus, the /login POST route should have a Logout link displayed after the AJAX requests successfully completes.
Technical Details:
Configure Application to Use hapi-auth-cookie
Questions: