Releases: jschwarzwalder/IT328-Fireworks
Milestone 3
Milestone #3: Authentication, Security and Usability
Submit Assignment
Overview
Many websites support User Accounts, User Roles and Authentication (logging in and out). What parts of your website should only be available to a user you can identify? Should some users have access to parts of your website that other users cannot access?
To secure your website, you should remove the insecure and autopublish packages and replace them with secure Meteor methods and publications/subscriptions.
Website design should follow alongside user feedback, in particular with your UI design. Part of the requirement for this milestone is to have quick informal usability tests as detailed below.
Features
Each group is responsible for meeting with me in person to discuss authentication in your project.
How user accounts, roles and authentication should be implemented in your website.
The goal is to identify users and restrict access to your site unless a user has been registered on the site.
We will also discuss how Meteor methods and publications/subscriptions will affect your database related statements.
The first step for each group should be to remove both the autopublish and insecure packages.
Secure Methods and Publications and Subscriptions
Meteor applications come pre-configured with two packages called autopublish and insecure. Both of these packages support rapid development processes, but introduce vulnerabilities in a Meteor app.
We must replace the insecure package to avoid letting clients edit the database directly. Instead we will use secure Meteor methods that can limit database edits to logged in users.
We must replace the autopublish package to prevent a copy of your database being present on the clients machine.
Usability Testing
If you are new to usability testing, then please read this primer: https://www.nngroup.com/articles/usability-101-introduction-to-usability/ (Links to an external site.).
As part of your submission for this milestone, you will be responsible for finding two individuals to take part in a usability test with your website.
Note: this will need to be completed after your core features are complete, but before your submit your milestone. So you will need to manage your time well!
This will require the following steps from your group:
You will need to find a quiet environment for the user to interact with your website while you watch.
You should have a set of tasks for the user to perform.
ie. given a shopping cart app, your tasks might be (add a new item to the cart, view your cart, check out)
You should provide your user with a general description of what your website does and then present them with a task.
You should quietly watch, observe and take notes. Try to avoid telling them where to click or what to type.
You should encourage your users to think out loud.
This will allow them to tell you:
how they think a task should be accomplished using your user interface
if they feel stuck trying to accomplish a task
You are responsible for submitting a usability report that details the following:
What tasks did you give your user to perform?
What tasks were difficult for the user to complete, and why?
Alternatively, what tasks were completed with ease?
Did you encounter any surprising observations with your user behavior?
How do you intend to respond to your user's feedback?
Submission Requirements
The insecure and auto-publish packages should be removed from your project.
You should submit a zip file with all folders/files in your project folder except for the .meteor folder
You should submit a link to your repository on GitHub
Milestone2 Basic UI
Overview
For this milestone we will add a database back-end to our application using MongoDB. Storing website data to Mongo will persist the data between page views or refreshes.
Also, we will focus on creating a "minimum viable product (MVP)." MVP is a term used in agile development, which is pervasive as a method for creating modern software. Our goal is to avoid creating features that the stakeholders of a website or their users may not need. We will instead focus on a set of core features that can be quickly deployed and tested by users. Based on feedback we will refocus our development efforts.
Features
Each group is responsible for meeting with me in person to discuss what features are part of the minimum viable product for your website. These features will be different for each group.
Once your core features are complete and submitted to Git, you are responsible for getting feedback on your website in the form of usability tests.
Milestone 1
Overview
This stage of your application should highlight key features of your website and show that they work within Meteor's framework.
Features
Each group is responsible for meeting with me in person to discuss this first set of features. These features will be different for each group.
In the very least, this first set of features will include:
Event based programming using Meteors event model
Storing data in Session (we will change our data store to Mongo in a future milestone)
Using template helpers and spacebars to create a reactive user interface
Submission Requirements
All code must be saved to your local repository and pushed to GitHub
Your Git history should show several commits, showing the habit of:
making changes
verifying that your application is stable
committing your changes to Git
You should submit a zip file with all folders/files in your project folder except for the .meteor folder
You should submit a link to your repository on GitHub