Authetication

• Learn how to handle user registration, login, and logout functionality securely (K8, S17, B5)

• Understand the principles of authentication and authorisation in web applications (K8, S17)

• Develop strategies to mitigate security threats such as Cross-site Request Forgery (CSRF) attacks (K8, S5, S13, B3, B5)

React

• Implement navigation between different pages using React Router (S1, S11, S12)

• Understand using the context API and how it can help with complicated state management in React (K7, S1, S16)

• Have working knowledge of the useReducer hook and how it can aid in using useContext for state management (K7, K9, S1, S7)

This week focuses on enhancing the e-commerce web application developed in the previous week by adding authentication, user-specific interactions, and improving overall security. The emphasis is on implementing secure user authentication and authorization while expanding React state management techniques.

Workshops

Get Started with AWS CDK

Execute Program

• Finish previous courses

Topics

• User authentication and authorization in web applications

• Secure handling of user registration, login, and logout

• Session management (stateless vs stateful approaches)

• Security threats and mitigation strategies (e.g., CSRF attacks)

• React Router for multi-page navigation

• Advanced React state management using Context API and useReducer

• Linking user accounts with shopping carts and order history

• Database security and user data protection

Project

Continue developing the e-commerce application with the following new features:

• Implement user authentication (registration, login, logout)

• Create user-specific shopping carts and order history

• Implement session persistence

• Secure the application against common web vulnerabilities

• Enhance React state management using Context API and useReducer

• Implement multi-page navigation using React Router

Additional Skills

• Implementing role-based access control (for admin functionalities)

Project

Your project this week is continue work on the e-commerce shop you started last week and to add authentication and user specific interactions.

Spike

Before you start writing features you need to create a security plan. There should be a section in your README.md that describes how you will secure your app and mitigate different potential attacks.

Questions to consider

• Will you store session info in a token (stateless) or in your database (stateful)?

• How will you check a user’s identity (authentication)?

• How will you control what actions a user can take (authorization)?

• How will you mitigate Cross-site Request Forgery (CSRF) attacks?

Useful resources

• Session-base vs token-based authentication

User stories

As a shopper, I want to:

• Log into my account using my email and password

• Have my user session persist, so I don't have to log in every time

• Log out of my session

These User Stories from last week should be updated to be linked to a shoppers account

• Add products to a shopping cart

• View and edit items in my shopping cart

• Complete the checkout process to "purchase" products in my cart

• See confirmation when an order is placed successfully

• View previous orders and order history

• Complete checkout and payments to simulate purchasing products

Stretch user stories

As an admin, I want to:

• Log into an admin section of the site

• Add, edit and delete products

• View and export reports on site analytics

• Manage user accounts

Acceptance Criteria

• Users must log in to use site

• Each user has their own session with unique carts and order history

• Information stored about users in database is visible on site

• Using the site updates information about users on database

Stretch

• Site has admin functions

These resources are helpful extra reading that may clarify or enhance concepts you’re learning in the main curriculum.

• JSON Web Tokens Suck Despite the title this talk actually covers most aspects of web authentication in a very accessible way

• Reacts Powerful Duo A short guide to useReducer and useContext

• View, Edit, And Delete Cookies With Chrome DevTools How to work with cookies while you are developing

• CSRF Protection Guide Node based examples of the what and how of CSRF protection

• National Cyber Security Center The 8 Principles of Secure Development & Deployment set out by the National Cyber Security Center