Sprint 7 – Corona Stole My Title

Sprint 7 – Corona Stole My Title

April 13th, 2020

Thank you to everyone who sent me well wishes after my last update. Thankfully I feel much better now, I’m sleeping and the headaches have gone 🙂 which means I managed to get a fair amount done this sprint! 🥳

If you’re reading this, I’d love to hear from you! Let me know how you’re getting on with the current crisis 😊

  1. Precursor
  2. Sprint 1 – The Foundations
  3. Sprint 2 – The ummm Foundations?
  4. Sprint 2 – Nerd Ramble
  5. Sprint 3 – Cooking with matches!
  6. Sprint 4 – Now We’re Cooking With Gas!
  7. Sprint 5 – Robot Uprising
  8. This Is Not the Sprint You’re Looking For
  9. Sprint 6 – That’s a Weird Looking Patronus
  10. Sprint 7 – Corona Stole My Title
  11. Sprint 8 – Adventure Time!
  12. Sprint 9 – Now In Technicolor
  13. Sprint 10 – Refinement

Let’s get started with the work i’ve done this time!

Login

You’ll probably remember, I started working on this last sprint. I got the backend API all working but now it’s time to integrate it into the app 🙂

Showing the login flow
I didn’t kick him. He’s a bot.

It won’t win any design awards but it’s functional and flows nicely. I’ll continue to improve the login over the development of SoSa.

How are passwords stored?

At the moment, passwords are hashed and then stored in the database. What’s a hash? I hear you say!

When you hash a password, it turns that password into a long piece of text that can’t be reversed. For example

test12345
Can become
$2y$10$wduXY/tPaNmLxWl3iyCFbeskK6iJbl8hmrSocPMHtWjK.5ji6585K

Based on how much computing power the server has, we can make it more complex and typically more secure.

This means, if someone gets hold of our database their chances of getting your password is very slim.

For each user in our database We also add something called a salt, which also adds an additional layer of complexity to the hashing process and helps to protect against Rainbow table based attacks.

Forgotten Password

Positive Password Flow
Even though I’m the only user right now, i’ve managed to forget my password

What’s the point in a login if you can’t remember your password!? Don’t worry the forgotten password flow has come to the rescue.

I tried to keep this as simple as possible, again won’t win any design awards but is functional and flows really easily.

You type in your e-mail, you get a reset code / link, press it and it’ll throw you back into the app and pre-fill the 6 character code. 


Bad Forgot password flow
Oppsie I did a stupid!

In the event something goes wrong, you can also type the code shown in your email into the box. Simple huh?

I’ve tried to make this as secure as possible so there is only a 15 minute window to enter a new password. 

Behind the scenes the pin is just a 2nd key to a 255 character token and a 100 character transient token. If an attacker doesn’t have all 3 of these (provided at different stages in the process) they won’t be able to reset your password.

Device only login

Last but not least, Device logins! So… when you login it would be crazy if we stored your username and password on your device right? Right!

That’s where Device management comes in.

When you login, your phone sends our server a unique identifier, if your login is successful – we create a row in our database for your device and then send you back a secret key.

Devices database
Don’t worry, my-device-id isn’t a real device ID

Next time you open the app, if you don’t have a valid / active session the server will ask you for your device ID and userID. 

The app will then wrap these into what’s called a JWT Token and secure it using the “secret” the server provided you when you successfully logged in.

When the server receives this token, it then checks it against the secret we have stored in the database and BOOM you’re in!

These “tokens” will also expire after 30 days of inactivity at which point they’ll require a full login unless you have two step set up (will be introducing that in a later sprint).

Corona Night

Tuesday – Film Amélie

Amélie
Spoon!

7:30pm BST Ricosantiago will be playing the Film Amélie!

Join us as we follow Amélie, an innocent and naive waitress from Paris helping those around her and along the way finding love 😍

Wednesday – Disney Land

Disney land
I’m not going to be silly about disney land because their lawyers are scary

It’s a small world after all… Ever wondered what it would be like to go to Disney land Florida with a group of SoSa peeps and view it through someone else’s go-pro? 

Wonder no more! 

This Wednesday at 7pm BST we’ll be taking a flight to the magic kingdom and couch rollercoastering our way through it, get your Mickey ears on and meet us in Movie chat!

(Please be aware some rides contain flashing lights)

Game Night

Naughty terrorists!

Next SoSa game night we will be playing Trouble in Terrorist Town (Garry’s mod)!

Sunday 19th April 1900-2100 BST / 1100-1300 PT / 1400-1600 ET

We’re all Terrorists, out for world domination but some amongst us can’t be trusted and they’re killing us in the shadows!

Work together to discover who the traitors are!

Grab a ticket to join in! 🙂

Tickets here: https://www.eventbrite.co.uk/e/sosa-plays-trouble-in-terrorist-town-garrys-mod-tickets-102094246640

Don’t have Garry’s Mod?

Don’t have the game? Don’t worry! If you’re a regular in the community just give me a shout and i’ll give you a copy of the game. You just need steam + PC

——-

That’s all for this sprint folks! Hope you enjoyed reading 😊

-James

Comments