Implement User Authentication Model with Secure Password Hashing

[HermanKoii]

Implement User Authentication Model with Secure Password Hashing

Description

Task

Define database schema for user authentication with email and hashed password

Acceptance Criteria

• User model correctly validates email format
• Passwords are hashed before storage
• Unique email constraint prevents duplicate registrations
• Password comparison method works correctly
• Minimum password length enforced

Summary of Work

This pull request implements a comprehensive User model for secure user authentication in the Sephora API.

Changes Made

• Created TypeScript User model with Mongoose schema
• Implemented email and password fields with validation
• Added password hashing using bcrypt before saving
• Included password comparison method for authentication
• Enforced strong password and email validation

Implementation Details

• User Schema Features:
  • Unique email validation
  • Email format validation using regex
  • Minimum password length of 8 characters
  • Automatic password hashing before database storage
  • Method to compare passwords securely

Validation Criteria

• Email must be:
  • Required
  • Unique
  • Trimmed
  • Lowercase
  • Matches valid email format
• Password must be:
  • Required
  • Minimum 8 characters long
  • Hashed before storage

Security Considerations

• Uses bcrypt for secure password hashing
• Prevents storing plain-text passwords
• Implements pre-save middleware for password hashing
• Provides a secure method for password comparison

Testing Approach

• Verified email validation rules
• Confirmed password hashing occurs automatically
• Tested password comparison method
• Ensured unique email constraint works correctly

Changes Made

• Implemented comprehensive User model
• Added email and password schema fields
• Implemented password hashing middleware
• Created password comparison method
• Added input validation for email and password

Tests

• Verify email validation rules
• Confirm password hashing occurs
• Test password comparison method
• Check unique email constraint

Signatures

Staking Key

G79TK8ccVx11JCsStBY85thohoSCm5eDwACAVju4z7bj: AWzUukHQZjMJ1zumtZduGC71fPCegVxcgcZ5Pd8RUL1DYtnvUdgiZGSe5JpqhuNtCNWSSuAtakWecNTD1JKQzusFKTmrw2nYDhVUTYn9FmN6UCVHwwLvN8cAZykjmvccq7MDzpPev1xyuaFG2GdXwvDRG74iHJv5Dogv6ZwSfXqAVpNTSa32t5oPjNyeZrab85DvvKtyGyEYrGyms3kMtQnrBh7oYMGtqc5JVmNStCKbbAZSpxSEeiVGcuRHdQ9MhmajFgQuWGrpUtKSJ134RvZxMuTBCB2rtqKThtmZrwAJMg5fj5sLM376WDNyXdohRRcUunGB1ka6BcLD9iEzdECX5LLVW2Apa8eayQQ2nhJEagiGnM3HzhrJhhxFKXwWjhbEKbXY8eyXGgUQSVfqGsv6xjShz7Q9Kr

Public Key

3Zfb8hhM5g8ZC7nqNKELNBByLSP56s6gqGNc8RWB6PgP: Fi97niT994WQbWgTFhcCThPsNrVYEp28ufLpa1x7LgYppXQLrB6A7oo5KuwuAS6e5uRm3MPx4Mr2B8FRMXiNeWoem6dHvPMowXEAyGLfgQYFCxAyLWCWBkJPJKrJThF2AvZDW6bddTQ4acNEB5kKUJCoCQ1HbFLDNPzbCYoNHXTdY3hCD7KMSUvygpyHrEhciJAhd35psD2TSpPTtQVtTCvxN1hNtHx6kHvD2p9MV2A7vcGgC6TDjDSQ6V3EwS7PWkCPscaJdd1hUut2bPYasbShdWGuNteecnqeRjGY3HvcJMSK7MWuNAgaXPrDkoFxUf5CZkhE2ZHnxZnM9ueVwBLF8A7jNsSa1u8mtZQreT4L4FMvfP1tdu1tEm1bChmtNgBmQNr6LNGECYk4VYmAyb84JzqqUXRm8x