User Management Module

### 1. Part You Worked On

"I worked on the User Management Module, which includes user
registration, login, profile management, and
password handling. This module ensures that only authenticated
users can access certain features, like wallet
management and transaction history."

### 2. Responsibilities and Contributions

#### 2.1. Core Features Developed
1. User Registration:
- Built logic to register new users with basic details such as name,
email, and password.
- Included validations to check for valid email format, password
strength, and duplicate email addresses.

2. User Login (Authentication):

- Developed a login system using JWT (JSON Web Token) to
authenticate users and generate a token.
- The token is used for maintaining the session on subsequent
requests.

3. User Profile Management:

- Implemented APIs to allow users to update their profiles (e.g.,
changing their name or email).
- Enabled users to view their profile details.

4. Password Handling:
- Integrated bcrypt for securely hashing user passwords before
storing them in the database.
- Allowed users to reset their passwords through an email-based
reset link.

### 3. Detailed Explanation of Key Sub-Parts

#### 3.1. User Registration
- Validates form fields, checks email format, and ensures password
strength.
- Hashes passwords using bcrypt before saving them to the database
for security.

#### 3.2. User Login and JWT Authentication

- Compares the entered password with the hashed one in the
database.
- Generates JWT tokens for authenticated sessions.

#### 3.3. User Profile Management

- Allows users to update their profiles, ensuring unique emails.

#### 3.4. Password Reset Functionality

- Generates secure tokens for resetting passwords with expiry times.

### 4. Challenges Faced and Solutions

1. Problem: Duplicate Email During Registration
Solution: Added unique constraints on the database and checked for
duplicates.
2. Problem: Weak Passwords
Solution: Implemented password strength validation.
3. Problem: User Session Management
Solution: Set appropriate JWT expiration and implemented a refresh
mechanism.

### 5. Questions You Might Face

1. How did you secure user passwords?
Answer: Used bcrypt for hashing passwords with a salt.

2. Can you explain how JWT works and why you chose it for
authentication?
Answer: JWT is stateless, scalable, and lightweight for managing
user authentication.

3. How did you handle email uniqueness during registration?

Answer: Added a unique constraint in the database and validated
emails in the service layer.