0
0
Expressframework~20 mins

Testing authentication flows in Express - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Authentication Flow Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the response status code when a user provides valid credentials?
Consider an Express app with a POST /login route that checks username and password. If credentials are correct, it responds with status 200 and a JSON message {"message": "Login successful"}. What status code will the server respond with when valid credentials are sent?
Express
app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if(username === 'user' && password === 'pass') {
    res.status(200).json({ message: 'Login successful' });
  } else {
    res.status(401).json({ message: 'Unauthorized' });
  }
});
A200
B401
C500
D404
Attempts:
2 left
💡 Hint
Think about the HTTP status code for a successful login.
state_output
intermediate
2:00remaining
What is the value of req.user after successful authentication?
In an Express middleware that authenticates a user and attaches user info to req.user, what will req.user contain after successful login?
Express
function authMiddleware(req, res, next) {
  const token = req.headers['authorization'];
  if(token === 'valid-token') {
    req.user = { id: 1, name: 'Alice' };
    next();
  } else {
    res.status(401).send('Unauthorized');
  }
}
Aundefined
B{ id: 1, name: 'Alice' }
Cnull
DAn error is thrown
Attempts:
2 left
💡 Hint
Look at what the middleware assigns to req.user when the token is valid.
📝 Syntax
advanced
2:00remaining
Which option causes a syntax error in Express route definition?
Identify the option that will cause a syntax error when defining an Express route.
Express
app.get('/profile', (req, res) => {
  res.send('User profile');
});
Aapp.get('/profile' (req, res) => { res.send('User profile'); });
Bapp.get('/profile', (req, res) => { res.send('User profile'); });
Capp.get('/profile', function(req, res) { res.send('User profile'); });
Dapp.get('/profile', (req, res) => res.send('User profile'));
Attempts:
2 left
💡 Hint
Check for missing commas or parentheses.
🔧 Debug
advanced
2:00remaining
Why does this authentication middleware always call next() even with invalid tokens?
Given the middleware below, why does it always call next() even when the token is not 'valid-token'?
Express
function authMiddleware(req, res, next) {
  const token = req.headers['authorization'];
  if(token = 'valid-token') {
    next();
  } else {
    res.status(401).send('Unauthorized');
  }
}
ABecause the token header is missing
BBecause next() is not called properly
CBecause the assignment operator '=' is used instead of comparison '==' or '===' in the if condition
DBecause res.status is not chained correctly
Attempts:
2 left
💡 Hint
Look carefully at the if condition syntax.
🧠 Conceptual
expert
2:00remaining
What is the main purpose of using sessions in authentication flows?
Why do Express apps often use sessions when handling authentication?
ATo store user data on the client side permanently
BTo speed up server response by caching all requests
CTo encrypt user passwords before saving them
DTo keep user login state across multiple requests without re-authenticating each time
Attempts:
2 left
💡 Hint
Think about how servers remember who you are after you log in.