Thanks to visit codestin.com
Credit goes to github.com

Skip to content

shankarmishra/ConversAIlabs

Repository files navigation

The Silent Server - Fixed Authentication System

Overview

This repository contains the fixed version of the "Silent Server" authentication system. The original system had multiple critical bugs that prevented the authentication flow from working. All issues have been identified and resolved.

Fixed Issues

1. Missing next() Call in Logger Middleware

File: middleware/logger.js

The logger middleware was missing the next() function call, causing requests to hang indefinitely. Without calling next(), Express.js couldn't pass control to the next middleware in the chain.

2. Missing next() Call in Auth Middleware

File: middleware/auth.js

The authentication middleware was missing the next() call after successful token verification, causing authenticated requests to hang.

3. Incorrect Token Endpoint Implementation

File: server.js

The /auth/token endpoint was incorrectly reading the session from the authorization header instead of the session cookie that gets set during OTP verification.

4. Missing Cookie Parser Middleware

File: server.js

The server was trying to read cookies without having the cookieParser() middleware installed, causing req.cookies to be undefined.

5. Insufficient OTP Logging

File: server.js

The original logging only showed the session ID but not the actual OTP value, making it difficult to test the flow manually.

Authentication Flow

Task 1: Login (POST /auth/login)

  • Send email and password in request body
  • Server generates a random session ID and 6-digit OTP
  • Server logs both session ID and OTP to console
  • Server responds with session ID

Task 2: OTP Verification (POST /auth/verify-otp)

  • Send session ID and OTP (from server logs) in request body
  • Server validates session and OTP
  • Server sets session_token cookie
  • Server responds with success message

Task 3: Token Generation (POST /auth/token)

  • Send request with session cookie (automatically included by browser)
  • Server reads session_token from cookies
  • Server generates JWT with user information
  • Server responds with JWT access token

Task 4: Protected Route Access (GET /protected)

  • Send request with Authorization header: Bearer <JWT_TOKEN>
  • Auth middleware validates JWT
  • Server responds with protected resource and success flag

Setup

  1. Install dependencies:

    npm install
  2. Create .env file with required variables:

    APPLICATION_SECRET=any_random_string_for_testing
  3. Start the server:

    npm start

    Server runs at: http://localhost:3000 (or http://localhost:3001 if port 3000 is busy)

Testing the Fixed Authentication Flow

Task 1: Login

Endpoint: POST /auth/login

Request:

curl -X POST http://localhost:3000/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"password123"}'

Expected Outcome:

  • Server logs the OTP (e.g., [OTP] Session abc12345 generated with OTP: 123456).
  • Response contains loginSessionId.

Task 2: OTP Verification

Endpoint: POST /auth/verify-otp

Request:

curl -c cookies.txt -X POST http://localhost:3000/auth/verify-otp \
  -H "Content-Type: application/json" \
  -d '{"loginSessionId":"<loginSessionId>","otp":"<otp_from_logs>"}'

Expected Outcome:

  • cookies.txt is created containing a session cookie.
  • Response says "OTP verified".

Task 3: Token Generation

Endpoint: POST /auth/token

Request:

curl -b cookies.txt -X POST http://localhost:3000/auth/token

Expected Outcome:

  • Response contains { "access_token": "..." }.

Task 4: Protected Route Access

Endpoint: GET /protected

Request:

curl -H "Authorization: Bearer <jwt>" http://localhost:3000/protected

Expected Outcome:

  • Response: { "message": "Access granted", "user": ..., "success_flag": "FLAG-..." }

Success Flag

Using the email [email protected], the complete authentication flow generates the success flag:

FLAG-eHNoYW5rYXJtaXNocmFAZ21haWwuY29tX0NPTVBMRVRFRF9BU1NJR05NRU5U

Files Modified

  • server.js - Fixed token endpoint and added cookie parser middleware
  • middleware/logger.js - Added missing next() call
  • middleware/auth.js - Added missing next() call after successful verification
  • .env.example - Added for reference
  • package.json - Dependencies for the working system

Technologies Used

  • Node.js
  • Express.js
  • JSON Web Tokens (JWT)
  • Cookie parsing
  • In-memory session storage

Environment Variables

  • APPLICATION_SECRET - Secret key for token generation (required)
  • JWT_SECRET - Secret key for JWT signing (optional, defaults to "default-secret-key")
  • PORT - Port number for the server (optional, defaults to 3000)

All authentication flow steps now work correctly and the system is ready for use!

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors