Dynamic password support, encrypted passwords, remove automatic password on demo front-end

[thomasqbrady]

Adds backend support for checking the password against whatever is 'stored in the database' in hashed form to help new users figure out how to do dynamic passwords and to encourage them not to store unencrypted passwords; modifies front-end to allow user to enter password to make it easier to test with dynamic passwords

[antony]

I think this is reasonable. I'm in two minds about whether I'm trying to demonstrate full authentication best-practices here though, or just how to integrate your auth mechanism with Sapper.

It's probably a good thing...

[thomasqbrady]

Totally get what you mean about not knowing where to draw the line in the demo functionality. Not that this is the only answer, but what I was thinking was "someone who finds this and wants to use it as a jumping off point could get immediately stuck right here… not knowing where to store the password instead of hard-coding it, and the most obvious choice for them might be to just store it in plain text in the database. This way with a couple lines of a code (and a dependency) they hopefully get sent in a much safer direction.

[thomasqbrady]

Totally agreed. Just pushed changes.

[antony]

Looks good. I need to think about how I want to handle improvements to the app such as this, whether the project has multiple branches or whether it all gets bundled in like a seed. Will merge either way in the next few days. Thanks for your work!

[thomasqbrady]

Absolutely! Thanks for this project! It was just the convenience I was looking for to get me over the hump starting a pet project (that I'd wanted to use Sapper and Hapi on, coincidentally).