From cccad947541e7ca614b934beaa55ddc1deb536ac Mon Sep 17 00:00:00 2001 From: Tom Monks <52682653+tmonks@users.noreply.github.com> Date: Wed, 5 Feb 2020 22:15:53 -0500 Subject: [PATCH] fix(learn): updated challenge text to clarify when to start using new boilerplates (#38124) * fix: update to clarify new boilerplates used Updating challenge text to make it more clear that learners need to switch to new boilerplate * fix: improved wording to clarify new boilerplates used Updating challenge text to be consistent and make it clear where learners are to switch to new boilerplate Incorporating suggestions from PR #38124 --- .../implementation-of-social-authentication.english.md | 2 +- .../advanced-node-and-express/set-up-the-environment.english.md | 2 +- .../understand-bcrypt-hashes.english.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md b/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md index 4cb168179b..48222c3e66 100644 --- a/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md +++ b/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/implementation-of-social-authentication.english.md @@ -7,7 +7,7 @@ forumTopicId: 301559 ## Description
-As a reminder, this project is being built upon the following starter project on Glitch, or cloned from GitHub. +For the following challenges, you will be working with a new starter project that is different from the previous one. You can find the new starter project on Glitch, or clone it from GitHub. The basic path this kind of authentication will follow in your app is:
  1. User clicks a button or link sending them to our route to authenticate using a specific strategy (EG. GitHub)
  2. Your route calls passport.authenticate('github') which redirects them to GitHub.
  3. The page the user lands on, on GitHub, allows them to login if they aren't already. It then asks them to approve access to their profile from our app.
  4. The user is then returned to our app at a specific callback url with their profile if they are approved.
  5. They are now authenticated and your app should check if it is a returning profile, or save it in your database if it is not.
Strategies with OAuth require you to have at least a Client ID and a Client Secret which is a way for them to verify who the authentication request is coming from and if it is valid. These are obtained from the site you are trying to implement authentication with, such as GitHub, and are unique to your app- THEY ARE NOT TO BE SHARED and should never be uploaded to a public repository or written directly in your code. A common practice is to put them in your .env file and reference them like: process.env.GITHUB_CLIENT_ID. For this challenge we're going to use the GitHub strategy. Obtaining your Client ID and Secret from GitHub is done in your account profile settings under 'developer settings', then 'OAuth applications'. Click 'Register a new application', name your app, paste in the url to your glitch homepage (Not the project code's url), and lastly for the callback url, paste in the same url as the homepage but with '/auth/github/callback' added on. This is where users will be redirected to for us to handle after authenticating on GitHub. Save the returned information as 'GITHUB_CLIENT_ID' and 'GITHUB_CLIENT_SECRET' in your .env file. diff --git a/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/set-up-the-environment.english.md b/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/set-up-the-environment.english.md index d36a3d8081..88f3e6f834 100644 --- a/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/set-up-the-environment.english.md +++ b/curriculum/challenges/english/06-information-security-and-quality-assurance/advanced-node-and-express/set-up-the-environment.english.md @@ -7,7 +7,7 @@ forumTopicId: 301566 ## Description
-As a reminder, this project is being built upon the following starter project on Glitch, or cloned from GitHub. +For the following challenges, you will be working with a new starter project that is different from the previous one. You can find the new starter project on Glitch, or clone it from GitHub. Add Socket.IO as a dependency and require/instantiate it in your server defined as 'io' with the http server as an argument. const io = require('socket.io')(http); The first thing needing to be handled is listening for a new connection from the client. The on keyword does just that- listen for a specific event. It requires 2 arguments: a string containing the title of the event thats emitted, and a function with which the data is passed though. In the case of our connection listener, we use socket to define the data in the second argument. A socket is an individual client who is connected. For listening for connections on our server, add the following between the comments in your project: diff --git a/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes.english.md b/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes.english.md index ca3d346452..335d6d0136 100644 --- a/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes.english.md +++ b/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/understand-bcrypt-hashes.english.md @@ -7,7 +7,7 @@ forumTopicId: 301586 ## Description
-For the following challenges, you will be working with a new starter project that is different from earlier challenges. This project is being built upon the following starter project on Glitch, or cloned from GitHub. +For the following challenges, you will be working with a new starter project that is different from the previous one. You can find the new starter project on Glitch, or clone it from GitHub. BCrypt hashes are very secure. A hash is basically a fingerprint of the original data- always unique. This is accomplished by feeding the original data into an algorithm and returning a fixed length result. To further complicate this process and make it more secure, you can also salt your hash. Salting your hash involves adding random data to the original data before the hashing process which makes it even harder to crack the hash. BCrypt hashes will always looks like $2a$13$ZyprE5MRw2Q3WpNOGZWGbeG7ADUre1Q8QO.uUUtcbqloU0yvzavOm which does have a structure. The first small bit of data $2a is defining what kind of hash algorithm was used. The next portion $13 defines the cost. Cost is about how much power it takes to compute the hash. It is on a logarithmic scale of 2^cost and determines how many times the data is put through the hashing algorithm. For example, at a cost of 10 you are able to hash 10 passwords a second on an average computer, however at a cost of 15 it takes 3 seconds per hash... and to take it further, at a cost of 31 it would takes multiple days to complete a hash. A cost of 12 is considered very secure at this time. The last portion of your hash $ZyprE5MRw2Q3WpNOGZWGbeG7ADUre1Q8QO.uUUtcbqloU0yvzavOm, looks like one large string of numbers, periods, and letters but it is actually two separate pieces of information. The first 22 characters is the salt in plain text, and the rest is the hashed password!