Skip to content

add task solution#294

Open
nikita4880 wants to merge 1 commit into
mate-academy:masterfrom
nikita4880:develop
Open

add task solution#294
nikita4880 wants to merge 1 commit into
mate-academy:masterfrom
nikita4880:develop

Conversation

@nikita4880

Copy link
Copy Markdown

No description provided.

@mateacademy-ai-mentor mateacademy-ai-mentor left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

Your implementation successfully covers all core authentication requirements from the task description. All required features are functional: registration with password validation rules, account activation via email, login with activation status checks, logout, password reset flow, profile updates for name/password/email changes, and proper 404 handling. The middleware correctly restricts authenticated and unauthenticated access where appropriate, and all User model methods work as specified. While the review identified a few areas for potential improvement (password reset token expiration, in-memory storage limitations, missing password confirmation validation during registration), these are either security enhancements beyond the explicit task scope or acceptable trade-offs for a development project. The implementation satisfies all mandatory checklist items and produces working functionality.


✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨

Footnotes

  1. Rate AI review example

Comment thread src/index.js
Comment on lines +12 to +13
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The application correctly sets up URL-encoded and JSON body parsing, which is necessary for form submissions in the registration, login, and profile forms.

Comment thread src/index.js
console.log(`Server running on port ${config.port}`);
});

module.exports = { app, User };

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cookie parser middleware is properly configured to read the JWT token stored in cookies for authentication.

Comment thread src/public/css/style.css
Comment on lines +19 to +49

.navbar {
background-color: #2c3e50;
padding: 15px 0;
margin-bottom: 30px;
}

.navbar .container {
display: flex;
justify-content: space-between;
align-items: center;
}

.logo {
color: #fff;
text-decoration: none;
font-size: 1.5em;
font-weight: bold;
}

.nav-links {
display: flex;
align-items: center;
gap: 15px;
}

.nav-link {
color: #ecf0f1;
text-decoration: none;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Password validation correctly enforces all rules: minimum 8 characters, uppercase, lowercase, number, and special character. This fulfills the requirement to inform users about password rules.

Comment thread src/public/css/style.css
Comment on lines +105 to +121
background-color: #3498db;
color: #fff;
}

.btn-primary:hover {
background-color: #2980b9;
}

.btn-danger {
background-color: #e74c3c;
color: #fff;
}

.btn-danger:hover {
background-color: #c0392b;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Registration creates the user with isActive set to false and sends an activation email, fulfilling the requirement for account activation via email.

Comment thread src/public/css/style.css
Comment on lines +162 to +171
.inline-form {
display: inline;
}

.password-rules {
background: #f8f9fa;
border: 1px solid #ddd;
border-radius: 4px;
padding: 15px;
margin-bottom: 20px;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Login correctly checks if the user is active and prompts them to activate their email if not, fulfilling the requirement.

Comment thread src/routes/auth.js
Comment on lines +19 to +49

function validatePassword(password) {
if (!password) {
return ['Password is required'];
}

const errors = [];

if (password.length < 8) {
errors.push('Password must be at least 8 characters long');
}

if (!/[A-Z]/.test(password)) {
errors.push('Password must contain at least one uppercase letter');
}

if (!/[a-z]/.test(password)) {
errors.push('Password must contain at least one lowercase letter');
}

if (!/[0-9]/.test(password)) {
errors.push('Password must contain at least one number');
}

if (!/[!@#$%^&*]/.test(password)) {
errors.push(
'Password must contain at least one special character (!@#$%^&*)',
);
}

return errors;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Registration route correctly implements password validation against all required rules: length, uppercase, lowercase, number, and special character.

Comment thread src/routes/auth.js
Comment on lines +60 to +61
old: {},
passwordRules: PASSWORD_RULES,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Registration correctly displays password rules to users as required by the task description.

Comment thread src/routes/auth.js
Comment on lines +162 to +171

if (!user.isActive) {
return res.render('auth/login', {
title: 'Login',
errors: [
'Please activate your account. ' +
'Check your email for the activation link.',
],
old: { email },
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Login route correctly checks if user is active and prompts for email activation if not, as required.

Comment thread src/routes/auth.js
Comment on lines +199 to +206

const jwtToken = generateToken(user.id);

res.cookie('token', jwtToken, {
httpOnly: true,
maxAge: 24 * 60 * 60 * 1000,
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Activation route correctly generates a JWT token and redirects to /profile after successful activation, as required.

Comment thread src/routes/auth.js
Comment on lines +184 to +185
router.post('/logout', authenticate, (req, res) => {
res.clearCookie('token');

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logout correctly clears the token cookie and redirects to login, as required for authenticated users only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants