Sprint 7 – Corona Stole My Title

Sprint 7 – Corona Stole My Title

April 13th, 2020

Thank you to everyone who sent me well wishes after my last update. Thankfully I feel much better now, I’m sleeping and the headaches have gone 🙂 which means I managed to get a fair amount done this sprint! 🥳

If you’re reading this, I’d love to hear from you! Let me know how you’re getting on with the current crisis 😊

  1. Precursor
  2. Sprint 1 – The Foundations
  3. Sprint 2 – The ummm Foundations?
  4. Sprint 2 – Nerd Ramble
  5. Sprint 3 – Cooking with matches!
  6. Sprint 4 – Now We’re Cooking With Gas!
  7. Sprint 5 – Robot Uprising
  8. This Is Not the Sprint You’re Looking For
  9. Sprint 6 – That’s a Weird Looking Patronus
  10. Sprint 7 – Corona Stole My Title
  11. Sprint 8 – Adventure Time!
  12. Sprint 9 – Now In Technicolor
  13. Sprint 10 – Refinement
  14. Sprint 11 – Motion In The Ocean
  15. Alpha Release 1.0.3
  16. Sprint 12 – No Rest For The Wicked
  17. Alpha Release 1.0.4
  18. Sprint 13 – I Need a Break
  19. Alpha Release 1.0.5
  20. Sprint 14 – Just James Things
  21. Sprint 15 – Wearing My Heart On My Sleeve
  22. Alpha Release 1.0.6
  23. Sprint 16 – Warm Up
  24. Alpha Release 1.0.7
  25. Sprint 17 – Coffee’s back on the menu!
  26. Alpha Release 1.0.8
  27. Sprint 18 – We’re on fire!
  28. Sprint 19 – Slowly fast
  29. Sprint 20 – Let’s get Nerdy
  30. Alpha Release 1.0.9
  31. Sprint 21 – We’re back!
  32. Alpha Release 1.1.0
  33. Sprint 22 – You Look Cute Today
  34. Alpha Release 1.1.1
  35. Sprint 23 – Sausage Smuggler
  36. A SoSa Retrospective
  37. Sprint 25 – I am SoSa and don’t call me Shirley
  38. Sprint 26 – The best laid schemes of mice and men
  39. Sprint 27 – Vogue, Strike a Pose
  40. Sprint 28 – a New Hope
  41. I Couldn’t Think Of a Title
  42. Guess who’s back, Back again!
  43. Demolition Man
  44. Squid James
  46. We Didn’t Choose This Life, We’re Just Living In It
  47. Let’s go!

Let’s get started with the work i’ve done this time!


You’ll probably remember, I started working on this last sprint. I got the backend API all working but now it’s time to integrate it into the app 🙂

Showing the login flow
I didn’t kick him. He’s a bot.

It won’t win any design awards but it’s functional and flows nicely. I’ll continue to improve the login over the development of SoSa.

How are passwords stored?

At the moment, passwords are hashed and then stored in the database. What’s a hash? I hear you say!

When you hash a password, it turns that password into a long piece of text that can’t be reversed. For example

Can become

Based on how much computing power the server has, we can make it more complex and typically more secure.

This means, if someone gets hold of our database their chances of getting your password is very slim.

For each user in our database We also add something called a salt, which also adds an additional layer of complexity to the hashing process and helps to protect against Rainbow table based attacks.

Forgotten Password

Positive Password Flow
Even though I’m the only user right now, i’ve managed to forget my password

What’s the point in a login if you can’t remember your password!? Don’t worry the forgotten password flow has come to the rescue.

I tried to keep this as simple as possible, again won’t win any design awards but is functional and flows really easily.

You type in your e-mail, you get a reset code / link, press it and it’ll throw you back into the app and pre-fill the 6 character code. 

Bad Forgot password flow
Oppsie I did a stupid!

In the event something goes wrong, you can also type the code shown in your email into the box. Simple huh?

I’ve tried to make this as secure as possible so there is only a 15 minute window to enter a new password. 

Behind the scenes the pin is just a 2nd key to a 255 character token and a 100 character transient token. If an attacker doesn’t have all 3 of these (provided at different stages in the process) they won’t be able to reset your password.

Device only login

Last but not least, Device logins! So… when you login it would be crazy if we stored your username and password on your device right? Right!

That’s where Device management comes in.

When you login, your phone sends our server a unique identifier, if your login is successful – we create a row in our database for your device and then send you back a secret key.

Devices database
Don’t worry, my-device-id isn’t a real device ID

Next time you open the app, if you don’t have a valid / active session the server will ask you for your device ID and userID. 

The app will then wrap these into what’s called a JWT Token and secure it using the “secret” the server provided you when you successfully logged in.

When the server receives this token, it then checks it against the secret we have stored in the database and BOOM you’re in!

These “tokens” will also expire after 30 days of inactivity at which point they’ll require a full login unless you have two step set up (will be introducing that in a later sprint).

Corona Night

Tuesday – Film Amélie


7:30pm BST Ricosantiago will be playing the Film Amélie!

Join us as we follow Amélie, an innocent and naive waitress from Paris helping those around her and along the way finding love 😍

Wednesday – Disney Land

Disney land
I’m not going to be silly about disney land because their lawyers are scary

It’s a small world after all… Ever wondered what it would be like to go to Disney land Florida with a group of SoSa peeps and view it through someone else’s go-pro? 

Wonder no more! 

This Wednesday at 7pm BST we’ll be taking a flight to the magic kingdom and couch rollercoastering our way through it, get your Mickey ears on and meet us in Movie chat!

(Please be aware some rides contain flashing lights)

Game Night

Naughty terrorists!

Next SoSa game night we will be playing Trouble in Terrorist Town (Garry’s mod)!

Sunday 19th April 1900-2100 BST / 1100-1300 PT / 1400-1600 ET

We’re all Terrorists, out for world domination but some amongst us can’t be trusted and they’re killing us in the shadows!

Work together to discover who the traitors are!

Grab a ticket to join in! 🙂

Tickets here: https://www.eventbrite.co.uk/e/sosa-plays-trouble-in-terrorist-town-garrys-mod-tickets-102094246640

Don’t have Garry’s Mod?

Don’t have the game? Don’t worry! If you’re a regular in the community just give me a shout and i’ll give you a copy of the game. You just need steam + PC


That’s all for this sprint folks! Hope you enjoyed reading 😊