New login subsystem, still using JWT, but working correctly from every part of the back and front end.

[gloriajw]

JWT timeouts should vary for admin and super-admin users (see the roles in our current implementation). The subsystem should have an is_logged_in() call which returns user data upon True. What user data will be attached will be determined later, but please provide the ability to do DB lookups and attach data to the user object returned if is_logged_in() API call is True.

[nnguyenquangg]

Report 29/08/2024:

• Implementing the new codebase using FastAPI, Postgresql, Ariadne, GrapqhQL

[nnguyenquangg]

Report 30/08/2024:

• Pushed code into branch refactor/core-v2
  • Finished new codebase
  • Created User table and create_test_users.py
  • Testing GraphQL

[gloriajw]

Nice use of alembic. I haven't used that for DB migrations in a while. Also the bootstrap way of registering a catch-all exception handler is clever. Very nice :)

[nnguyenquangg]

Report 02/09/20024

• Created user session table, Google profile, Facebook profile, Apple profile
• Implementing login and logout

[gloriajw]

Please keep your middleware in the config dir, and call it CORS.py. Other middleware methods can go here as well. Please try to keep middleware to a minimum, since it can easily turn into bloatware if it becomes too big.

[gloriajw]

In the global settings file, provide and ENV variable. When it is not set to 'Production', CORS is off, otherwise it is on. Please start providing unit tests for this code, and add it to a pycoverage script. Even setting up a "dummy" endpoint to test CORS would be fine for now, then convert it to a legit JWT call later.

[nnguyenquangg]

Report 09/03/204

• Implemented login, logout, fresh token API by GraphQL
• Writing unit tests

@gloriajw Pls help to assign new tasks

[nnguyenquangg]

Report 09/04/2024

• Implemented get current user API, whoiam API

[gloriajw]

Your validation.py is not validating for empty string or anything. Please add a bit of code to do some basic validation using pydantic, like we discussed. usernames should not be longer than 100 characters. passwords should be no longer than 256 chars.

Also in your error messages, pls remove any numeric codes like the 17 here: "Bad email or password (17)"

What's a PIM API? app = FastAPI(title="PIM API", lifespan=lifespan)

[nnguyenquangg]

app = FastAPI(title="PIM API", lifespan=lifespan) it's name of swagger , we can remove it or rename like UpStage

[gloriajw]

Yep, please call all external names on this system "upstage".

[nnguyenquangg]

Your validation.py is not validating for empty string or anything. Please add a bit of code to do some basic validation using pydantic, like we discussed. usernames should not be longer than 100 characters. passwords should be no longer than 256 chars.

Also in your error messages, pls remove any numeric codes like the 17 here: "Bad email or password (17)"

What's a PIM API? app = FastAPI(title="PIM API", lifespan=lifespan)

I also added validation for input

[gloriajw]

Perfect, thank you! I added a new task re: the "guts" of stage asset handling. Feel free to start it when you are ready.

[nnguyenquangg]

Yes, I'm checking it first, it seems a complexity module

[gloriajw]

Yes, I'm checking it first, it seems a complexity module

This is the core of the system. It will seem complex, but take it in small pieces, and take your time, following the patterns you have established. Starting with licensing may be a good idea, and working your way up to assets and then scene, and then stage.

[nnguyenquangg]

Yes, I got it , let me check , thank for your support

[helenvarley]

Report 02/09/20024

* Created user session table, Google profile, Facebook profile, Apple profile

* Implementing login and logout

hi, just wondering what are the google, facebook and apple profiles for?

[gloriajw]

We won't be doing this, don't worry.

On Sun, Sep 8, 2024, 10:52 AM Helen Varley Jamieson < @.***> wrote:

Report 02/09/20024

• Created user session table, Google profile, Facebook profile, Apple profile

• Implementing login and logout

hi, just wondering what are the google, facebook and apple profiles for?

— Reply to this email directly, view it on GitHub https://github.com/upstage-org/upstage/issues/1323#issuecomment-2336715491, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAATMARPOXK4YYMZJ7TGIUTZVRQDFAVCNFSM6AAAAABNKWWCJWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZWG4YTKNBZGE . You are receiving this because you were mentioned.Message ID: @.***>

[nnguyenquangg]

I saw the previous development has developed them I'm not sure if they are unused, so I migrated them to new repository to avoid data breaking changes

[nnguyenquangg]

We won't be doing this, don't worry. … On Sun, Sep 8, 2024, 10:52 AM Helen Varley Jamieson < @.> wrote: Report 02/09/20024 Created user session table, Google profile, Facebook profile, Apple profile Implementing login and logout hi, just wondering what are the google, facebook and apple profiles for? — Reply to this email directly, view it on GitHub <#1323 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAATMARPOXK4YYMZJ7TGIUTZVRQDFAVCNFSM6AAAAABNKWWCJWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMZWG4YTKNBZGE . You are receiving this because you were mentioned.Message ID: @.>

Yes, If it doesn't make any breaking change, I will remove it later