SoSa — Corona Stole My Title — Sprint 7
Thank you to everyone who sent me well wishes after my last update. Thankfully I feel much better now, I’m sleeping and the headaches have gone 🙂 which means I managed to get a fair amount done this sprint! 🥳
If you’re reading this, I’d love to hear from you! Let me know how you’re getting on with the current crisis 😊
- Precursor
- Sprint 1 — The Foundations
- Sprint 2 — The ummm Foundations?
- Sprint 2 — Nerd Ramble
- Sprint 3 — Cooking with matches!
- Sprint 4 — Now We’re Cooking With Gas!
- Sprint 5 — Robot Uprising
- This Is Not the Sprint You’re Looking For
- Sprint 6 — That’s a Weird Looking Patronus
- Sprint 7 — Corona Stole My Title
Let’s get started with the work i’ve done this time!
Login
You’ll probably remember, I started working on this last sprint. I got the backend API all working but now it’s time to integrate it into the app 🙂
It won’t win any design awards but it’s functional and flows nicely. I’ll continue to improve the login over the development of SoSa.
How are passwords stored?
At the moment, passwords are hashed and then stored in the database. What’s a hash? I hear you say!
When you hash a password, it turns that password into a long piece of text that can’t be reversed. For example
test12345
Can become
$2y$10$wduXY/tPaNmLxWl3iyCFbeskK6iJbl8hmrSocPMHtWjK.5ji6585K
Based on how much computing power the server has, we can make it more complex and typically more secure.
This means, if someone gets hold of our database their chances of getting your password is very slim.
For each user in our database We also add something called a salt, which also adds an additional layer of complexity to the hashing process and helps to protect against Rainbow table based attacks.
Forgotten Password
What’s the point in a login if you can’t remember your password!? Don’t worry the forgotten password flow has come to the rescue.
I tried to keep this as simple as possible, again won’t win any design awards but is functional and flows really easily.
You type in your e-mail, you get a reset code / link, press it and it’ll throw you back into the app and pre-fill the 6 character code.
In the event something goes wrong, you can also type the code shown in your email into the box. Simple huh?
I’ve tried to make this as secure as possible so there is only a 15 minute window to enter a new password.
Behind the scenes the pin is just a 2nd key to a 255 character token and a 100 character transient token. If an attacker doesn’t have all 3 of these (provided at different stages in the process) they won’t be able to reset your password.
Device only login
Last but not least, Device logins! So… when you login it would be crazy if we stored your username and password on your device right? Right!
That’s where Device management comes in.
When you login, your phone sends our server a unique identifier, if your login is successful — we create a row in our database for your device and then send you back a secret key.
Next time you open the app, if you don’t have a valid / active session the server will ask you for your device ID and userID.
The app will then wrap these into what’s called a JWT Token and secure it using the “secret” the server provided you when you successfully logged in.
When the server receives this token, it then checks it against the secret we have stored in the database and BOOM you’re in!
These “tokens” will also expire after 30 days of inactivity at which point they’ll require a full login unless you have two step set up (will be introducing that in a later sprint).
Corona Night
Tuesday — Film Amélie
7:30pm BST Ricosantiago will be playing the Film Amélie!
Join us as we follow Amélie, an innocent and naive waitress from Paris helping those around her and along the way finding love 😍
Wednesday — Disney Land
It’s a small world after all… Ever wondered what it would be like to go to Disney land Florida with a group of SoSa peeps and view it through someone else’s go-pro?
Wonder no more!
This Wednesday at 7pm BST we’ll be taking a flight to the magic kingdom and couch rollercoastering our way through it, get your Mickey ears on and meet us in Movie chat!
(Please be aware some rides contain flashing lights)
Game Night
Next SoSa game night we will be playing Trouble in Terrorist Town (Garry’s mod)!
Sunday 19th April 1900–2100 BST / 1100–1300 PT / 1400–1600 ET
We’re all Terrorists, out for world domination but some amongst us can’t be trusted and they’re killing us in the shadows!
Work together to discover who the traitors are!
Grab a ticket to join in! 🙂
Tickets here: https://www.eventbrite.co.uk/e/sosa-plays-trouble-in-terrorist-town-garrys-mod-tickets-102094246640
Don’t have Garry’s Mod?
Don’t have the game? Don’t worry! If you’re a regular in the community just give me a shout and i’ll give you a copy of the game. You just need steam + PC
That’s all for this sprint folks! Hope you enjoyed reading 😊
-James
Originally published at https://blog.sosa.net on April 13, 2020.
