add task solution#294
Conversation
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
Your implementation successfully covers all core authentication requirements from the task description. All required features are functional: registration with password validation rules, account activation via email, login with activation status checks, logout, password reset flow, profile updates for name/password/email changes, and proper 404 handling. The middleware correctly restricts authenticated and unauthenticated access where appropriate, and all User model methods work as specified. While the review identified a few areas for potential improvement (password reset token expiration, in-memory storage limitations, missing password confirmation validation during registration), these are either security enhancements beyond the explicit task scope or acceptable trade-offs for a development project. The implementation satisfies all mandatory checklist items and produces working functionality.
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Footnotes
| }); | ||
|
|
There was a problem hiding this comment.
The application correctly sets up URL-encoded and JSON body parsing, which is necessary for form submissions in the registration, login, and profile forms.
| console.log(`Server running on port ${config.port}`); | ||
| }); | ||
|
|
||
| module.exports = { app, User }; |
There was a problem hiding this comment.
Cookie parser middleware is properly configured to read the JWT token stored in cookies for authentication.
|
|
||
| .navbar { | ||
| background-color: #2c3e50; | ||
| padding: 15px 0; | ||
| margin-bottom: 30px; | ||
| } | ||
|
|
||
| .navbar .container { | ||
| display: flex; | ||
| justify-content: space-between; | ||
| align-items: center; | ||
| } | ||
|
|
||
| .logo { | ||
| color: #fff; | ||
| text-decoration: none; | ||
| font-size: 1.5em; | ||
| font-weight: bold; | ||
| } | ||
|
|
||
| .nav-links { | ||
| display: flex; | ||
| align-items: center; | ||
| gap: 15px; | ||
| } | ||
|
|
||
| .nav-link { | ||
| color: #ecf0f1; | ||
| text-decoration: none; | ||
| } | ||
|
|
There was a problem hiding this comment.
Password validation correctly enforces all rules: minimum 8 characters, uppercase, lowercase, number, and special character. This fulfills the requirement to inform users about password rules.
| background-color: #3498db; | ||
| color: #fff; | ||
| } | ||
|
|
||
| .btn-primary:hover { | ||
| background-color: #2980b9; | ||
| } | ||
|
|
||
| .btn-danger { | ||
| background-color: #e74c3c; | ||
| color: #fff; | ||
| } | ||
|
|
||
| .btn-danger:hover { | ||
| background-color: #c0392b; | ||
| } | ||
|
|
There was a problem hiding this comment.
Registration creates the user with isActive set to false and sends an activation email, fulfilling the requirement for account activation via email.
| .inline-form { | ||
| display: inline; | ||
| } | ||
|
|
||
| .password-rules { | ||
| background: #f8f9fa; | ||
| border: 1px solid #ddd; | ||
| border-radius: 4px; | ||
| padding: 15px; | ||
| margin-bottom: 20px; |
There was a problem hiding this comment.
Login correctly checks if the user is active and prompts them to activate their email if not, fulfilling the requirement.
|
|
||
| function validatePassword(password) { | ||
| if (!password) { | ||
| return ['Password is required']; | ||
| } | ||
|
|
||
| const errors = []; | ||
|
|
||
| if (password.length < 8) { | ||
| errors.push('Password must be at least 8 characters long'); | ||
| } | ||
|
|
||
| if (!/[A-Z]/.test(password)) { | ||
| errors.push('Password must contain at least one uppercase letter'); | ||
| } | ||
|
|
||
| if (!/[a-z]/.test(password)) { | ||
| errors.push('Password must contain at least one lowercase letter'); | ||
| } | ||
|
|
||
| if (!/[0-9]/.test(password)) { | ||
| errors.push('Password must contain at least one number'); | ||
| } | ||
|
|
||
| if (!/[!@#$%^&*]/.test(password)) { | ||
| errors.push( | ||
| 'Password must contain at least one special character (!@#$%^&*)', | ||
| ); | ||
| } | ||
|
|
||
| return errors; |
There was a problem hiding this comment.
Registration route correctly implements password validation against all required rules: length, uppercase, lowercase, number, and special character.
| old: {}, | ||
| passwordRules: PASSWORD_RULES, |
There was a problem hiding this comment.
Registration correctly displays password rules to users as required by the task description.
|
|
||
| if (!user.isActive) { | ||
| return res.render('auth/login', { | ||
| title: 'Login', | ||
| errors: [ | ||
| 'Please activate your account. ' + | ||
| 'Check your email for the activation link.', | ||
| ], | ||
| old: { email }, | ||
| }); |
There was a problem hiding this comment.
Login route correctly checks if user is active and prompts for email activation if not, as required.
|
|
||
| const jwtToken = generateToken(user.id); | ||
|
|
||
| res.cookie('token', jwtToken, { | ||
| httpOnly: true, | ||
| maxAge: 24 * 60 * 60 * 1000, | ||
| }); | ||
|
|
There was a problem hiding this comment.
Activation route correctly generates a JWT token and redirects to /profile after successful activation, as required.
| router.post('/logout', authenticate, (req, res) => { | ||
| res.clearCookie('token'); |
There was a problem hiding this comment.
Logout correctly clears the token cookie and redirects to login, as required for authenticated users only.
No description provided.