Enabling User Login

[grapheo12]

User login feature is present in the current version, but it remains disabled. Since this project is of institute importance, we must be strict about not letting spam into our system. A good way to avoid spamming is to enable user attribution.

We need to record which user uploaded/requested a certain question paper and if someone reports a spam, we should be able to ban that user and all their content.

So far, we have been using captcha as the sole safeguard against spamming. This is a stronger safeguard, but it increases (unnecessary) interaction time. So development must be done such that the admin can enable/disable this feature online with the click of a button.

[grapheo12]

@shobhit10058 @vishweshvhavle @dijodaiju7 @j-tesla You are assigned to this issue. Please find 4 disjoint areas where you guys can work. Let's brainstorm in this thread.

[grapheo12]

Please self-assign yourself so that I get to know you have started working.

[shobhit10058]

I can work on presently enabling the login on starting screen. I have seen that function its already there but is not used I guess

[grapheo12]

Start with it @shobhit10058

[shobhit10058]

The login and register options are there but presently for the register the user needs to enter his name and can enter anything followed by @iitkgp.ac.in i.e there is no way to see whether it is valid or not. The page is presently loading with the search options initially only and giving the options of request and upload. So, I was thinking of to give the search options but not the other options of request and upload and a login tab for a non-authenticated user. So, what credentials should I make the user to enter for register.

[j-tesla]

@grapheo12 , @shobhit10058 currently, we can literally write anything before iitkgp.ac.in to create an account. I will make use of validate_email library to check whether the email actually exists.

[shobhit10058]

For now, I have enabled the register pages. A non-authenticated user can see the search options and login options. The register page has the options to go back to login and search utility. Once the user had clicked a option he can't go back to search utility so for that I had kept of option of home. An authenticated user can see all the options

[shobhit10058]

@j-tesla yes that will suffice some issues for now I think. The user can now not enter a wrong e-mail. need to tackle if the user can enter a correct one but not his.

[shobhit10058]

@grapheo12 should I make a PR for now?

[shobhit10058]

before login after login The login options for admin and user are common. The default templates are only used till now with some minor changes

[j-tesla]

@grapheo12 , @shobhit10058 currently, we can literally write anything before iitkgp.ac.in to create an account. I will make use of validate_email library to check whether the email actually exists.

This ain't working. I'll look for any alternatives.

[shobhit10058]

I don't how can we do this but still I am listing it - can we somehow take the credentials of the user that are required to login in erp and check if it logins. Also for security purposes we will not store the credentials in our db. I am not so familiar with web scrapping but saw it could help listing those credentials but how to check the login part is unknown to me. Another thing can be to make the user enter his roll no. and mail but again to check we will need a information of present students in our db where roll nos and mails can be mapped.

[shobhit10058]

Otp idea was also nice like we can use the mail of the admin to send mail and then require the user to enter the otp to login but again that will make the register time high. This could also help in generating the forgot password options.

[shobhit10058]

I have included some more minor changes like if someone tries to use request, upload or report , he/she is redirected to home page if the user is non-authenticated

[grapheo12]

@j-tesla See the main aim of the project is to encourage people to upload papers. If you make the upload process too much complicated, people might not upload at all. So better not include anything fancy here. One thing that you can do for now is to make the validation "@iitkgp.ac.in" and "@iitkgp.ernet.in".

[dijodaiju7]

We can make a change in script such a way that extension after @ must satisfy the college domain.

On Sat, 12 Dec 2020, 8:16 pm Shubham Mishra, notifications@github.com wrote:

@j-tesla https://github.com/j-tesla See the main aim of the project is to encourage people to upload papers. If you make the upload process too much complicated, people might not upload at all. So better not include anything fancy here. One thing that you can do for now is to make the validation "@iitkgp.ac.in" and "@iitkgp.ernet.in".

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/grapheo12/iqps/issues/32#issuecomment-743766378, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOL6NESOFP75OPFJ3FJHYW3SUN62VANCNFSM4UN36O2Q .

[grapheo12]

@dijodaiju7 I believe you are working with the login system itself. @j-tesla Have you started writing code? If not, can you switch to the sub-issue of adding the foreign key of user-id to the Paper and Request models?

[grapheo12]

@dijodaiju7 Yeah! That is a nice idea! Can you make a new variable in app.env to specify which rules to follow to validate emails? This way any other college can take it up and use it as is, without changing a single line of code.

[grapheo12]

I believe adding a script just to check the emails will overly complicate things. Better go for something Regex based.

[grapheo12]

@dijodaiju7 @j-tesla Let me know what you guys think.

[dijodaiju7]

@dijodaiju7 I believe you are working with the login system itself. @j-tesla Have you started writing code? If not, can you switch to the sub-issue of adding the foreign key of user-id to the Paper and Request models?

Yes I'm working on it

[j-tesla]

I did not make any majors changes yet, I only changed the validation such that it includes @*iitkgp.ac.in Should I discard it if @dijodaiju7 is working on it?

[grapheo12]

No, don't discard it. We'll merge it. Start with the sub-issue I mentioned. Raise a combined PR.

[grapheo12]

@j-tesla You know what? Start working afresh. Since we decided to take a different course of action. Start with a new branch. But don't delete the old ones.