Data Security
User Authentication Flow
This section documents the process of user authentication, which involves validating user credentials, creating a session, and setting a session cookie.
Overview
The user authentication flow ensures that users are properly authenticated before they can access protected resources. This involves validating user inputs, checking the credentials against stored user data, and managing sessions.
+---------------------------------+
| Start |
+---------------------------------+
|
v
+---------------------------------+
| Input Validation |
+---------------------------------+
/ \
/ \
Valid Input Invalid Input
| |
v v
+------------------+ +-----------------+
| Fetch User Data | | Show Error Msg |
+------------------+ +-----------------+
|
v
+-------------------------+
| Check User Exists |
+-------------------------+
/ \
/ \
User Exists User Not Found
| |
v v
+----------------+ +-----------------+
| Check Password | | Show Error Msg |
+----------------+ +-----------------+
|
v
+---------------------+
| Password Matches |
+---------------------+
|
v
+------------------+
| Encrypt Session |
| Data |
+------------------+
|
v
+-----------------+
| Create Session |
+-----------------+
|
v
+--------------------+
| Set Session Cookie |
+--------------------+
|
v
+------------------------------+
| Return Session Data and URL |
+------------------------------+
Detailed Steps
-
Start: The process begins when a user attempts to log in.
-
Input Validation: The system validates the input fields using the
LoginSchema.- Valid Input: If the input is valid, proceed to fetch user data.
- Invalid Input: If the input is invalid, an error message is displayed.
-
Fetch User Data: The system fetches the user data by email from the database using
getUserByEmail.- If the user is not found, an error message is displayed.
-
Check User Exists: The system checks if the user exists and if the email and password are present.
- User Exists: If the user exists, proceed to check the password.
- User Not Found: If the user does not exist, an error message is displayed.
-
Check Password: The system compares the provided password with the stored hashed password using
bcrypt.compare.- Password Matches: If the passwords match, proceed to create a session.
- Password Does Not Match: If the passwords do not match, an error message is displayed.
-
Encrypt Session Data: The system creates a session token by encrypting the user data and the session expiry date using
encrypt.- Encryption: The encryption process ensures that the session data is secure.
-
Create Session: The system generates a session token for the authenticated user.
-
Set Session Cookie: The session token is saved in an HTTP-only cookie using
cookies().set.- HTTP-Only Cookie: The cookie is set with the
httpOnlyflag to prevent client-side access.
- HTTP-Only Cookie: The cookie is set with the
-
Return Session Data and URL: The system returns the session data, user data, and redirect URL.
Authentication Logic Details
-
Input Validation:
- Uses
LoginSchemato validate the user's input fields (email and password). - Ensures that the input meets the required format and constraints.
- Uses
-
Fetch User Data:
- Queries the database to retrieve the user data associated with the provided email.
- Uses
getUserByEmailfunction to fetch the user data.
-
Check Password:
- Compares the provided password with the stored hashed password.
- Uses
bcrypt.compareto securely compare the passwords.
-
Encrypt Session Data:
- Encrypts the user data and session expiry date to create a session token.
- Uses the
encryptfunction to perform encryption.
-
Set Session Cookie:
- Sets the session token in an HTTP-only cookie to ensure secure storage.
- Uses
cookies().setto set the cookie with thehttpOnlyflag.