Right now, users can get through with any password. Try it out.
Use git and create a commit for each feature. Submit a PR when you're done.
- Only let users through if they enter the password 'doggo'. (Hint: you'll need body-parser to get the form info)
- Return a 401 if any other password is entered.
- Only let users through if they also check "I agree".
- Add an email field to the login form. Update your password check.
- Store a list of users, along with their passwords in an array of objects. Update your password check to use this array for authentication.
- Keep count of login failures. Display these on the 401 page. E.g. "You've tried to login 3 times". Make sure it works per user.
- Reset the login failures to 0 if they successfully log in.