Ready for review: Implemented core user authentication (registration, login, password reset) and integrated with PostgreSQL.

[happymealinthebuilding]

Feature: User Authentication & Authorization Module (SCA-Web)

This Pull Request introduces a comprehensive user authentication and authorization module for the SCA-Web application. It enables users to register, log in, reset their passwords, and access protected content securely using JWT (JSON Web Token) based authentication.

Key Changes & Features

User Registration

• Allows new users to create accounts with a unique username and email.
• Passwords are securely hashed using bcrypt before storage.

User Login

• Authenticates users against stored credentials.
• Upon successful login, a JWT is generated and stored client-side for secure session management.

Password Reset Functionality

• Initiation: Users can initiate a password reset by providing their registered username and email.
• Reset: If the provided details match, users can set a new password, which is then re-hashed and updated in the database.

JWT-Based Authorization

• Leverages JSON Web Tokens for stateless authentication.
• A sample "Protected Application Dashboard" UI element is conditionally rendered based on the presence of a valid JWT, demonstrating access control.
• A "Toggle JWT Token Display" button is included for debugging and demonstration purposes.

PostgreSQL Database Integration

• Uses SQLAlchemy for ORM (Object-Relational Mapping) to interact with a PostgreSQL database.
• A users table is created to store user credentials (username, email, hashed password).
• Database URL: postgresql://postgres:1234@localhost:5432/AZRA_SCA_DEMO (Please ensure this database is accessible and configured as per the IMPORTANT note in the code).

Enhanced User Interface (Shiny & Custom CSS)

• Improved visual aesthetics with custom CSS for a modern, clean, and user-friendly experience.
• Responsive design elements for better display across devices.
• Clear messaging for success, error, and guidance during registration, login, and password reset flows.

Client-Side Usability Improvements

• "Enter to continue" functionality implemented via JavaScript for quick form submission.
• Smooth transitions between login, registration, and password reset forms.

Technical Details

Libraries Used

• shiny: For building the interactive web application.
• sqlalchemy: ORM for database interactions.
• bcrypt: For secure password hashing.
• jwt: For generating and handling JSON Web Tokens.
• datetime: For managing JWT expiration.

Security Considerations (Addressed/Noted)

• Passwords are hashed and salted using bcrypt (addressed).
• JWT SECRET_KEY is currently hardcoded (noted as an IMPORTANT area for improvement in a production environment – should be an environment variable).
• Basic input validation is performed (e.g., checking for empty fields).

How to Test

Database Setup

• Ensure your PostgreSQL server is running.
• Create a database named AZRA_SCA_DEMO.
• Verify the postgres user with password 1234 has access to this database.
• The Base.metadata.create_all(bind=engine) call will automatically create the users table on first run if it doesn't exist.

Run the Application

• python your_app_file_name.py (assuming the code is in a file like app.py).

Test Scenarios

Register New User

• Navigate to the "Register New Account" form.
• Enter a unique username, email, and a strong password.
• Click "Register" and observe the success message and transition to the login page.

Login with Registered User

• Enter the credentials of the newly registered user.
• Click "Log In" and verify access to the "Protected Application Dashboard."
• Toggle the JWT token display.

Login with Incorrect Credentials

• Attempt to log in with an incorrect username or password and observe error messages.

Forgot Password (Initiate)

• Click "Forgot Password?"
• Enter a valid username and email for an existing user.
• Proceed to the "Set New Password" page.

Forgot Password (Reset)

• On the "Set New Password" page, enter new passwords (both matching and non-matching) and observe outcomes.
• Verify that a successful password reset allows login with the new password.

Logout

• Click the "Log out" button from the protected content area and verify returning to the login/register screen.