demo-login

Demo account creation/login page using HTML/CSS/JS templates from W3Schools.

Signup Form: https://www.w3schools.com/howto/howto_css_signup_form.asp
Login Form: https://www.w3schools.com/howto/howto_css_login_form.asp
Home Page Layout: https://www.w3schools.com/w3css/tryw3css_templates_coming_soon.htm

Live Site

https://website-login-demo.appspot.com/

progress + next steps

1. Forms and post method - DONE
2. Password bullet points instead of char - DONE
3. Site layout/structure + datastore - DONE
4. Terms & Privacy page - DONE
5. Server-generated Error checking - DONE
6. Server-generated Error alerts - DONE
7. HTML5-generated error checking + alerts - DONE
8. Form submit on enter (without HTML5 errors checking) - DONE
9. Form submit on enter (with HTML5 errors checking) - DONE
10. Success page - DONE
11. Form data carry through after failed attempt
12. JS Client-generated Error checking (include password = password???)
13. JS Client-generated Error alerts
14. Password requirements -> length, etc.
15. User Account page(s)
16. Deploy to Cloud - DONE
17. Gmail API - DONE
18. Get GC key and send confirmation email - DONE
19. Captcha
20. Forgot Password
21. More TBD
22. Add accurate HTML titles (tab headers)

login credentials

1. Storing Cookie on user's computer after signup or login - DONE
2. Requiring Cookie to view APP page - DONE
3. App page - DONE
4. Log out page that clears cookie value - DONE
5. Log out page that goes home - DONE
6. Different home page if logged in - DONE
7. Remove cookie from sign up - DONE
8. Create link to confirm account + create handler for access - DONE
9. Datastore field (account_confirmed boolean), add condition to check - DONE
10. Added urlSafe encryption from datastore - DONE
11. Create unique session id's (that overwrite local cookies after new id created/time period up) instead of using same session id
12. Ensure session id is unique by adding a user-unique string
13. Make sure session ids aren't used twice accidentally by including a counter as the first part of the string, form = "COUNT_encrypted(USERID)_LONG-RANDOM", and add a current count var in datastore
14. Accommodate logins from several computers at once by having list of current session id's in datastore
15. Local Remember Me option -> do it with a Cookie
16. Let a user log out of all other sessions (like gmail)
17. Extra level of encryption -> in urgent/not urgent section
18. Add message for session requests that are no longer active -> some type of redirect/login prompt/handling
19. Have confirm emails expire after a period of time (datastore + handler code)
20. Option to report (I didn't enter this email, erase account)

email

1. Gitignore for credentials.json and token.json - DONE
2. Secret.py for hidden email address - DONE
3. Created dedicated email - DONE
4. Quickstart - DONE
5. Changed scope, authorized email, + made test email method w/ Handler (locally) - DONE
6. Appengine_config + vendored python lib (locally) - DONE
7. Email ^^ setup tweaked so credentials can be read online (not locally) - DONE
8. Send email after new user sign up - DONE

urgent and not urgent todos

1. Deploy as test
2. Add extra encryption to key (cookie value, confirmation url) in hidden python file "secret.py"
3. Change cookie name + other cookie details (HTTPS secure)
4. Add comments to code
5. Figure out next steps
6. List out resources used
7. Clean datastore
8. TEST!
9. See if I can make it faster

encryption resources

https://security.stackexchange.com/questions/72836/are-passwords-stored-in-the-cookie-encrypted
http://www.theitstuff.com/sessions-cookies-user-login-work
https://stackoverflow.com/questions/5905646/faking-session-cookies
https://stackoverflow.com/questions/2257441/random-string-generation-with-upper-case-letters-and-digits-in-python