0
0
Expressframework~20 mins

User login flow in Express - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Express Login Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output of this Express login route?
Consider this Express route handling a POST login request. What will the server respond with if the user provides correct credentials?
Express
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (username === 'admin' && password === '1234') {
    res.status(200).send('Login successful');
  } else {
    res.status(401).send('Unauthorized');
  }
});
AResponds with status 500 and message 'Server error' if username is 'admin'
BResponds with status 401 and message 'Unauthorized' for all inputs
CResponds with status 200 and message 'Welcome user' for any username
DResponds with status 200 and message 'Login successful' if username is 'admin' and password is '1234'
Attempts:
2 left
💡 Hint
Check the condition inside the if statement comparing username and password.
state_output
intermediate
2:00remaining
What is the value of 'isLoggedIn' after this middleware runs?
Given this Express middleware that sets a flag on the request object, what will be the value of 'req.isLoggedIn' after it runs if the user is authenticated?
Express
function authMiddleware(req, res, next) {
  if (req.headers.authorization === 'Bearer validtoken') {
    req.isLoggedIn = true;
  } else {
    req.isLoggedIn = false;
  }
  next();
}
AAlways true regardless of headers
Btrue if 'authorization' header equals 'Bearer validtoken', otherwise false
CAlways false regardless of headers
DUndefined because 'isLoggedIn' is not set
Attempts:
2 left
💡 Hint
Look at how 'req.isLoggedIn' is assigned based on the authorization header.
🔧 Debug
advanced
3:00remaining
Why does this login route always return 200 'Login successful'?
Examine the following Express login route. Why does it always respond with 200 'Login successful' even when incorrect credentials are sent?
Express
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (username === 'admin' && password === '1234') {
    res.status(200).send('Login successful');
  } else {
    res.status(401).send('Unauthorized');
  }
});
ABecause '=' is used instead of '===' causing assignment instead of comparison
BBecause 'req.body' is undefined by default in Express
CBecause the route method should be GET, not POST
DBecause the response is sent twice causing an error
Attempts:
2 left
💡 Hint
Check the operators used in the if condition.
📝 Syntax
advanced
3:00remaining
Which option correctly parses JSON body in Express login route?
You want to access 'req.body' in your Express login route. Which code snippet correctly enables JSON body parsing?
A
app.use(express.json());
app.post('/login', (req, res) => { /* access req.body */ });
B
app.use(bodyParser.urlencoded());
app.post('/login', (req, res) => { /* access req.body */ });
Capp.post('/login', express.json(), (req, res) => { /* access req.body */ });
D
app.use(express.urlencoded());
app.post('/login', (req, res) => { /* access req.body */ });
Attempts:
2 left
💡 Hint
Look for middleware that parses JSON bodies globally.
🧠 Conceptual
expert
3:00remaining
What is the main security risk if you do not hash passwords in a login flow?
In a user login flow, passwords are stored in plain text in the database. What is the biggest risk of this practice?
AThe server will crash due to large password sizes
BUsers will be unable to log in because passwords are not encrypted
CIf the database is compromised, attackers get all user passwords in readable form
DPasswords will expire automatically after a short time
Attempts:
2 left
💡 Hint
Think about what happens if someone steals the database data.