Implementing password-base authentication
Armed with the knowledge of hashing and salting, we'll now implement a password-based authentication layer on top of our existing API using the bcrypt algorithm. First, we'll need to update our Create User
endpoint to accept a bcrypt digest instead of a password. Since we are following TDD, we will update the E2E tests first, before updating the implementation.
Updating existing E2E tests
First, in the Gherkin specifications and Cucumber code, update anything related to passwords to use digests instead; this includes both the step description, step definitions, and sample data. For example, you may make the following changes in the E2E tests for the Bad Client Requests scenario of the Create User
feature:
--- a/spec/cucumber/features/users/create/main.feature +++ b/spec/cucumber/features/users/create/main.feature @@ -34,9 +34,9 @@ Feature: Create User Examples: - | missingFields | message | - | email | The '.email...