The first function is validateuser which is looking for a simple parameter called login. This parameter will be an object which contains the username and the password being passed in from the user interface.Cognitive learning theory in the classroom if both parameters match the static user information which we have in the user object, we will set a user.Authenticated property to true and set the status to a success message.Cognitive learning theory in the classroom

The second function of the module is getuserinfo. This function will return a simple user object back to the calling code. Because of the need to be authenticated, we first check our internal user object to determine if it has been authenticated.Cognitive learning theory in the classroom if it has, we then create a literal object on-the-fly containing the username, the current status of the user, and a boolean flag of authenticated.Cognitive learning theory in the classroom

From the request, the code is going to look for two parameters sent back to the server. We’re going to assign those two values to an object literal called login’ with the properties of username and password.Cognitive learning theory in the classroom we then create a local variable called authenticated and capture the return value from our userservice.ValidateUser function after we pass in the login object.Cognitive learning theory in the classroom

Assuming that we have a valid login object, authenticated will pass the if test and now sets a global user object with the contents that we requested from the userservice.GetUserInfo function.Cognitive learning theory in the classroom we’ve surrounded the setting of the user object and the redirect with a time out to simulate hitting a database. Once the timeout finishes, we use the response object’s redirect function to set a response status of 302 (found) and redirects the user to the /secure route.Cognitive learning theory in the classroom if we fail to authenticate we are going to simply redirect the user back to the login form and kill the response.

Upon passing through the if statement, we can now set the actual page data as we have been doing for most of our other pages.Cognitive learning theory in the classroom notice that on the links property we’re still using the filelisting.CreatedFileList function. This time though, we’re going to be passing a value of unknown to the listing because the file is not part of the view/pages directory.Cognitive learning theory in the classroom this was done so that we can still have global navigation across the top of the application. We also have a user property where we will assign the global user object to it.Cognitive learning theory in the classroom this way we can utilize the information about the user on the views we access.

We’re going to use one of handlebars view helpers and do an if conditional on the data.User.Authenticated property which we set back in the /secure/ route.Cognitive learning theory in the classroom if this passes, the markup allows the user name to be displayed using the curly braces and it will display a new hyperlink which directs to the /logout/ route.Cognitive learning theory in the classroom if the conditional fails, the user of the application only sees the link for signing in.

There we have it. Our simple security model has been implemented which allows a user to login and authenticate via a service.Cognitive learning theory in the classroom the valid user is then redirected to a secure page and the navigation bar is updated with the status and changes from sign in to sign out. This model can definitely be expanded by adding database access to store additional users.Cognitive learning theory in the classroom passwords should be stored in some non-human readable form when in the database. JSON web tokens should be generated and passed to the front end to validate any request made back and forth from the front end and the back end.Cognitive learning theory in the classroom

As you can see, the security of an application can quickly go down deep rabbit holes of locking an application down. But by implementing this simple model, we now have a pretty good idea of where to start.Cognitive learning theory in the classroom in future segments of this series, we will talk about securing single page applications and securing API endpoints. Stay tuned for more. Series quick links