...
<Describe all design decisions made for the sub-system. Provide at least decision descriptions for all frameworks, libraries and other technologies used. Other decisions may be related to software patterns, system-structure, adapted principles or the like.>
Login
Sequence diagram
The LoginResource returns the response back to the user. The LoginResource needs to get the name of the user, so that it may check if the login is correct and that it knows who the create token is for. If LoginResource doesn't know the username, then duplicate code will be created in the LoginController. The response changes if the verify proces is not correct. This creates an 403 response back to the resource and will throw an exception in the code. If it is correct, then it will execute createToken and getUserWithUsername.
Design decisions
Decision | Description |
|---|---|
Problem/Issue | The password can't be seen in the database, so that hackers aren't able to login to other accounts. |
| Decision | Using Argon2, we can hash the passwords of users, so that a hashed password is stored in the database. This prevents hackers from seeing someone elses password. |
| Alternatives | SHA-512, MD5, PBKDF2, BCrypt, and SCrypt (Millington, 2022) |
| Arguments | From an comment in Baeldung (Millington, 2022), I saw Argon2 being suggested. Going to the Supertokens website (Supertokens Team, 2022), I found a tool that detects how safely a password is. With that Supertokens also recommended to use this hashing tool this march, which is quite recent. It uses more resources from your computer, but it makes a stronger password from it. Regterschot Racing required minimum security, that also includes a hashed password. |
...