Milestone 6
+125
Make sure you have the
SaltedHashedPasswordclass defined as in cs691pub. Run itsmainmethod so you can generate a hash for whatever password you provide:Create new password: secret123 43685c6394daf9a10910bacfbad5c7f2$b11e640bbdaab0d29d9e0c5cd58dc0e6dc0cba9c3c4beddde4b50153e892f92bCopy the long hex string you generated in the previous program, and paste it into one of your SQL migration scripts as the password for a sample user. The way my user table is defined, it’s something like:
insert into user (email, password) values ( 'league@acm.org' , '43685c6394daf9a10910bacfbad5c7f2$b11e640bbdaab0d29d9e0c5cd58dc0e6dc0cba9c3c4beddde4b50153e892f92b' );Using the
Pathshelper andget/postdeclarations inSparkDemo.main, define a login screen.In the
gethandler, it should display an HTML form with email address and password fields, and a submit button labeled “Log in”.In the
posthandler, it will look up the email address in the user table of the database, construct aSaltedHashedPasswordobject from the password field, and then use the object’scheckmethod with the password from the login form.If the check succeeds, it should set a session variable to the user ID and redirect to the polls list. If not, it should display an error message (invalid user or password) and allow the user to try again.
Add a blurb to the page containing the polls list to say either “Welcome, {{email}}” with a logout link; or say “You are not logged in” with a link to the login page.
We still have an example of this sort of functionality from early in the course, but it accepted whatever name the user provided without checking a password or that the account exists.
PDF