# Simple Auth Work Plan### Overview & Weekly - This week I will accomplish th

1. # Simple Auth Work Plan
2.  
3. ### Overview & Weekly
4. - This week I will accomplish the implementation of authenication using express-session. I will also implement bcrypt for added security during the authenication.
5.  
6. ### Specifications
7. - Authenication
8. + A user can sign up using a signup page
9. + A user can log in using a login page
10. + A user is redirected when not logged in to the login page (Not logged in users can't see pages or data other than login and signup pages)
11. + Someone new to the app can create a "new-user" in the database.
12. + When a user logs in, their username and password are validated in the user table. If the username/password combo doesn't exist or is invalid, user receives an error.
13. + Users Passwords are encrypted with bcrypt
14. + Users session is saved, Express-session is used to store sessions on the server side. Notice the differences between storing sessions on client side(using cookie-session vs storing sessions on the server side(using express-session).
15. - Authorization
16. + A user should have a role associated to it. The values are admin or regular.
17. + Only a user with an admin role should be able to create a new contact. If the logged in user is not an admin, going to the route "/contacts/new" should return a status code 403.
18. + Only a user with an admin role should be able to delete contact. If the logged in user is not an admin, goin to the route /contacts/delete/:contactId should return a status code 403. The delete links on the page should not be shown if the logged in user is not an admin.
19.  
20. ### Implementation Plan
21. #### Authenication
22. - A user can sign up using a signup page
23. + create users table
24. + create signup route
25. + create signup form view
26. + link to login page in view
27. + write functions that checks if input is valid.
28.  
29. - A user can log in using a login page
30. + create login route
31. + create login form view
32. + link to signup page in view
33.  
34. - A user is redirected when not logged in to the login page (Not logged in users can't see pages or data other than login and signup pages)
35. + implement express-session to check if user is logged in or not.
36. + if user is logged in, redirect to "/" route, or else redirect to "/signup" page.
37.  
38. - Someone new to the app can create a "new-user" in the database.
39. + create addNewUser function that adds new user in database.
40.  
41. #### Authenication
42. - A user should have a role associated to it
43.  + add role column to user table.
44. + add role option to form
45. + create function to check if user has role of admin or regular, if regular show edit and delete button,
46. otherwise dont show buttons.
47. + add condition that checks if user has role of admin or regular, if regular going to route "/contacts/delete/:contactId" will produce 403 error.