diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-strategies.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-strategies.md index 08f791012b..0d29b5c99a 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-strategies.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-strategies.md @@ -10,7 +10,7 @@ dashedName: authentication-strategies A strategy is a way of authenticating a user. You can use a strategy for allowing users to authenticate based on locally saved information (if you have them register first) or from a variety of providers such as Google or GitHub. For this project, we will set up a local strategy. To see a list of the hundreds of strategies, visit Passport's site [here](http://passportjs.org/). -Add `passport-local` as a dependency and add it to your server as follows: `const LocalStrategy = require('passport-local');` +Add `passport-local@~1.0.0` as a dependency and add it to your server as follows: `const LocalStrategy = require('passport-local');` Now you will have to tell passport to **use** an instantiated LocalStrategy object with a few settings defined. Make sure this (as well as everything from this point on) is encapsulated in the database connection since it relies on it! diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md index 61f22a9988..ce5af55213 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/authentication-with-socket.io.md @@ -10,7 +10,7 @@ dashedName: authentication-with-socket-io Currently, you cannot determine who is connected to your web socket. While `req.user` contains the user object, that's only when your user interacts with the web server, and with web sockets you have no `req` (request) and therefore no user data. One way to solve the problem of knowing who is connected to your web socket is by parsing and decoding the cookie that contains the passport session then deserializing it to obtain the user object. Luckily, there is a package on NPM just for this that turns a once complex task into something simple! -Add `passport.socketio`, `connect-mongo@~3.2.0`, and `cookie-parser` as dependencies and require them as `passportSocketIo`, `MongoStore`, and `cookieParser` respectively. Also, we need to initialize a new memory store, from `express-session` which we previously required. It should look like this: +Add `passport.socketio@~3.7.0`, `connect-mongo@~3.2.0`, and `cookie-parser@~1.4.5` as dependencies and require them as `passportSocketIo`, `MongoStore`, and `cookieParser` respectively. Also, we need to initialize a new memory store, from `express-session` which we previously required. It should look like this: ```js const MongoStore = require('connect-mongo')(session); diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/hashing-your-passwords.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/hashing-your-passwords.md index ee33328d67..43459f9438 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/hashing-your-passwords.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/hashing-your-passwords.md @@ -10,7 +10,7 @@ dashedName: hashing-your-passwords Going back to the information security section, you may remember that storing plaintext passwords is *never* okay. Now it is time to implement BCrypt to solve this issue. -Add BCrypt as a dependency, and require it in your server. You will need to handle hashing in 2 key areas: where you handle registering/saving a new account, and when you check to see that a password is correct on login. +Add `bcrypt@~5.0.0` as a dependency, and require it in your server. You will need to handle hashing in 2 key areas: where you handle registering/saving a new account, and when you check to see that a password is correct on login. Currently on our registration route, you insert a user's password into the database like so: `password: req.body.password`. An easy way to implement saving a hash instead is to add the following before your database logic `const hash = bcrypt.hashSync(req.body.password, 12);`, and replacing the `req.body.password` in the database saving with just `password: hash`. diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication-ii.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication-ii.md index 8b9c8e8d95..43740bdac5 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication-ii.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/implementation-of-social-authentication-ii.md @@ -8,7 +8,7 @@ dashedName: implementation-of-social-authentication-ii # --description-- -The last part of setting up your GitHub authentication is to create the strategy itself. For this, you will need to add the dependency of 'passport-github' to your project and require it in your `auth.js` as `GithubStrategy` like this: `const GitHubStrategy = require('passport-github').Strategy;`. Do not forget to require and configure `dotenv` to use your environment variables. +The last part of setting up your GitHub authentication is to create the strategy itself. For this, you will need to add the dependency of `passport-github@~1.1.0` to your project and require it in your `auth.js` as `GithubStrategy` like this: `const GitHubStrategy = require('passport-github').Strategy;`. Do not forget to require and configure `dotenv` to use your environment variables. To set up the GitHub strategy, you have to tell Passport to use an instantiated `GitHubStrategy`, which accepts 2 arguments: an object (containing `clientID`, `clientSecret`, and `callbackURL`) and a function to be called when a user is successfully authenticated, which will determine if the user is new and what fields to save initially in the user's database object. This is common across many strategies, but some may require more information as outlined in that specific strategy's GitHub README. For example, Google requires a *scope* as well which determines what kind of information your request is asking to be returned and asks the user to approve such access. The current strategy we are implementing has its usage outlined [here](https://github.com/jaredhanson/passport-github/), but we're going through it all right here on freeCodeCamp! diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/serialization-of-a-user-object.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/serialization-of-a-user-object.md index f3967b928a..6c204b1d40 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/serialization-of-a-user-object.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/serialization-of-a-user-object.md @@ -12,7 +12,7 @@ Serialization and deserialization are important concepts in regards to authentic To set this up properly, we need to have a serialize function and a deserialize function. In Passport, we create these with `passport.serializeUser( OURFUNCTION )` and `passport.deserializeUser( OURFUNCTION )` -The `serializeUser` is called with 2 arguments, the full user object and a callback used by passport. A unique key to identify that user should be returned in the callback, the easiest one to use being the user's `_id` in the object. It should be unique as it generated by MongoDB. Similarly, `deserializeUser` is called with that key and a callback function for passport as well, but, this time, we have to take that key and return the full user object to the callback. To make a query search for a Mongo `_id`, you will have to create `const ObjectID = require('mongodb').ObjectID;`, and then to use it you call `new ObjectID(THE_ID)`. Be sure to add MongoDB as a dependency. You can see this in the examples below: +The `serializeUser` is called with 2 arguments, the full user object and a callback used by passport. A unique key to identify that user should be returned in the callback, the easiest one to use being the user's `_id` in the object. It should be unique as it generated by MongoDB. Similarly, `deserializeUser` is called with that key and a callback function for passport as well, but, this time, we have to take that key and return the full user object to the callback. To make a query search for a Mongo `_id`, you will have to create `const ObjectID = require('mongodb').ObjectID;`, and then to use it you call `new ObjectID(THE_ID)`. Be sure to add `mongodb@~3.6.0` as a dependency. You can see this in the examples below: ```js passport.serializeUser((user, done) => { diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-passport.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-passport.md index 852d12c28c..98c406d1d2 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-passport.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-passport.md @@ -10,9 +10,9 @@ dashedName: set-up-passport It's time to set up *Passport* so we can finally start allowing a user to register or login to an account! In addition to Passport, we will use Express-session to handle sessions. Using this middleware saves the session id as a cookie in the client and allows us to access the session data using that id on the server. This way we keep personal account information out of the cookie used by the client to verify to our server they are authenticated and just keep the *key* to access the data stored on the server. -To set up Passport for use in your project, you will need to add it as a dependency first in your package.json. `"passport": "^0.3.2"` +To set up Passport for use in your project, you will need to add it as a dependency first in your package.json. `passport@~0.4.1` -In addition, add Express-session as a dependency now as well. Express-session has a ton of advanced features you can use but for now we're just going to use the basics! `"express-session": "^1.15.0"` +In addition, add Express-session as a dependency now as well. Express-session has a ton of advanced features you can use but for now we're just going to use the basics! `express-session@~1.17.1` You will need to set up the session settings now and initialize Passport. Be sure to first create the variables 'session' and 'passport' to require 'express-session' and 'passport' respectively. diff --git a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-the-environment.md b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-the-environment.md index 89cb81a8ba..9da23f8cac 100644 --- a/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-the-environment.md +++ b/curriculum/challenges/english/06-quality-assurance/advanced-node-and-express/set-up-the-environment.md @@ -10,7 +10,7 @@ dashedName: set-up-the-environment The following challenges will make use of the `chat.pug` file. So, in your `routes.js` file, add a GET route pointing to `/chat` which makes use of `ensureAuthenticated`, and renders `chat.pug`, with `{ user: req.user }` passed as an argument to the response. Now, alter your existing `/auth/github/callback` route to set the `req.session.user_id = req.user.id`, and redirect to `/chat`. -Add `http` and `socket.io` as a dependency and require/instantiate them in your server defined as follows: +Add `socket.io@~2.3.0` as a dependency and require/instantiate it in your server defined as follows, with `http` (comes built-in with Nodejs): ```javascript const http = require('http').createServer(app);