Demo account creation/login page using HTML/CSS/JS templates from W3Schools.
Signup Form: https://www.w3schools.com/howto/howto_css_signup_form.asp
Login Form: https://www.w3schools.com/howto/howto_css_login_form.asp
Home Page Layout: https://www.w3schools.com/w3css/tryw3css_templates_coming_soon.htm
https://website-login-demo.appspot.com/
- Forms and post method - DONE
- Password bullet points instead of char - DONE
- Site layout/structure + datastore - DONE
- Terms & Privacy page - DONE
- Server-generated Error checking - DONE
- Server-generated Error alerts - DONE
- HTML5-generated error checking + alerts - DONE
- Form submit on enter (without HTML5 errors checking) - DONE
- Form submit on enter (with HTML5 errors checking) - DONE
- Success page - DONE
- Form data carry through after failed attempt
- JS Client-generated Error checking (include password = password???)
- JS Client-generated Error alerts
- Password requirements -> length, etc.
- User Account page(s)
- Deploy to Cloud - DONE
- Gmail API - DONE
- Get GC key and send confirmation email - DONE
- Captcha
- Forgot Password
- More TBD
- Add accurate HTML titles (tab headers)
- Storing Cookie on user's computer after signup or login - DONE
- Requiring Cookie to view APP page - DONE
- App page - DONE
- Log out page that clears cookie value - DONE
- Log out page that goes home - DONE
- Different home page if logged in - DONE
- Remove cookie from sign up - DONE
- Create link to confirm account + create handler for access - DONE
- Datastore field (account_confirmed boolean), add condition to check - DONE
- Added urlSafe encryption from datastore - DONE
- Create unique session id's (that overwrite local cookies after new id created/time period up) instead of using same session id
- Ensure session id is unique by adding a user-unique string
- Make sure session ids aren't used twice accidentally by including a counter as the first part of the string, form = "COUNT_encrypted(USERID)_LONG-RANDOM", and add a current count var in datastore
- Accommodate logins from several computers at once by having list of current session id's in datastore
- Local Remember Me option -> do it with a Cookie
- Let a user log out of all other sessions (like gmail)
- Extra level of encryption -> in urgent/not urgent section
- Add message for session requests that are no longer active -> some type of redirect/login prompt/handling
- Have confirm emails expire after a period of time (datastore + handler code)
- Option to report (I didn't enter this email, erase account)
- Gitignore for credentials.json and token.json - DONE
- Secret.py for hidden email address - DONE
- Created dedicated email - DONE
- Quickstart - DONE
- Changed scope, authorized email, + made test email method w/ Handler (locally) - DONE
- Appengine_config + vendored python lib (locally) - DONE
- Email ^^ setup tweaked so credentials can be read online (not locally) - DONE
- Send email after new user sign up - DONE
- Deploy as test
- Add extra encryption to key (cookie value, confirmation url) in hidden python file "secret.py"
- Change cookie name + other cookie details (HTTPS secure)
- Add comments to code
- Figure out next steps
- List out resources used
- Clean datastore
- TEST!
- See if I can make it faster
https://security.stackexchange.com/questions/72836/are-passwords-stored-in-the-cookie-encrypted
http://www.theitstuff.com/sessions-cookies-user-login-work
https://stackoverflow.com/questions/5905646/faking-session-cookies
https://stackoverflow.com/questions/2257441/random-string-generation-with-upper-case-letters-and-digits-in-python