Skip to content

regn_login

Jump to bottom
Ritesh Shah edited this page Dec 15, 2017 · 8 revisions

User management

The user management concerns users who wish to register an account with Sakura. This constitutes client-side validation of data, and server-side registration and authentication of user credentials.

Client side operations

The client-side validation of user data is done by making use of two forms combined in a single modal window. The two forms are used for User account registration and User login authentication and are invoked by clicking on the Sign In Link on the top right side of the home page.

User account registration

The New Account form is shown here.

Each field entry as shown above is validated with respect to the semantics of the field and constraints on the data format.

For instance

  1. obligatory fields are checked for empty values
  2. the field for email only allows legal email addresses
  3. the password is not validated if it is not confirmed with the same value.

We show two instances of the form below each with invalid data and with valid data.

Form filled with invalid data
  • The invalid fields have a highlighted red background which turns green with a valid value.
  • The reasons for not validating the data appear below each input field.

Form filled with valid data

All the fields have been validated and ready for submission. However, please note that the field values auto-filled by the browser appear with a yellow background.

We make use of parsley.js library (MIT License) to validate the form data.

A new user will be registered with all the credentials entered.

User login/password authentication

The new user upon registration has to login with his email and password in the Sign In form.

The Sign In form as shown below validates the field entries and allows user login only after successful authentication of the user credentials from the server-side.

Server side operations

The User table schema related to user information is as follows.

Security related

For password authentication we use best practices on the client and server side.

Client-side

On the client side we make use of the crypto-js library from https://cdnjs.com/libraries/crypto-js with an MIT license from https://spdx.org/licenses/MIT.html

Server-side

On the server side we primarily make use of the hashlib library in python(v3.4 onwards) and use the password-based key derivation function together with robust hashing functions to ensure secure password authentication.

Sakura Project (french)

Documentation

Clone this wiki locally