Skip to content
Permalink
Browse files
Reorganised Lab Task
  • Loading branch information
@aa7401
aa7401 committed Nov 6, 2019
1 parent 72e528c commit d104a1d4e6fd939b05ad89a079d371f387470d4c
Showing 1 changed file with 8 additions and 7 deletions.
15 02 Forms and Authentication.md
View file
@@ -83,13 +83,14 @@ So how can we improve this security? The simplest way is to use AES256-GCM encry

In this section we will be implementing more granular authorisation by creating an admin-only area on the website:

1. Add an extra boolean field to the database called `admin` with a default value of `false`.
2. Manually modify one of your registered accounts and change the stored value to `true`, this will be your admin user.
3. When a user logs in, check this field and, if it is set to true, create a new session variable called `admin` and assign it a value of `true`.
4. Create a new admin page, `admin.handlebars` and make sure it is protected in the same way as the home page.
5. Create a link to this new page from the homepage.
6. Modify the page so that, if the user does not have admin authorisation they get redirected back to the home page which should display a message **You do not have admin privileges!**.
7. Modify the secure page so that it displays the username of the currently logged-in user:
1. Create a secure admin page:
1. Add an extra boolean field to the database called `admin` with a default value of `false`.
2. Manually modify one of your registered accounts and change the stored value to `true`, this will be your admin user.
3. When a user logs in, check this field and, if it is set to true, create a new session variable called `admin` and assign it a value of `true`.
4. Create a new admin page, `admin.handlebars` and make sure it is protected in the same way as the home page.
5. Create a link to this new page from the homepage.
6. Modify the page so that, if the user does not have admin authorisation they get redirected back to the home page which should display a message **You do not have admin privileges!**.
2. Modify the secure pages (home and admin) so that they displays the username of the currently logged-in user:
1. Start by modifying the `post('login')` callback, adding a second key called `username` to the `ctx.session` object to store the username.
2. Modify the code that logs the user out to remove this key.
3. Now change the callback for the secure home page so that it sends this data to the handlebars template.

0 comments on commit d104a1d

Please sign in to comment.