Skip to content

[Improvement] Improve auth.js security and functionality #218

Description

@zaibamachhaliya

auth.js needs improvements for better security and user experience.

Issues:

  1. Security Issues:

    • Passwords stored in plain text in localStorage
    • No password hashing (bcrypt)
    • No session timeout
    • No CSRF protection
    • No rate limiting for login attempts
  2. Missing Features:

    • No "Remember Me" option
    • No password reset functionality
    • No email verification
    • No 2FA support
    • No account lockout after failed attempts
  3. UX Issues:

    • Using alert() for errors (should use custom toasts)
    • No loading states
    • No form validation feedback
    • No password strength indicator
  4. Code Structure:

    • Mixed responsibilities
    • No error handling for localStorage operations
    • No JWT token support
  5. Missing Validation:

    • No email format validation
    • No password strength validation
    • No special character validation
    • No XSS protection

Suggestions:

  • Hash passwords before storing
  • Add session timeout (15-30 min)
  • Add "Remember Me" checkbox
  • Add password reset flow
  • Add email verification
  • Replace alert() with custom toasts
  • Add loading states
  • Add form validation feedback
  • Add JWT token support
  • Add account lockout after 5 failed attempts

Metadata

Metadata

Labels

SSoC26Program label for Social Summer of Code Season 5.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions