frontend access is restricted, but not backend. We need a decorator for that.

Right now almost nothing is plugged in the admin section

You currently cannot be logged in as an admin and as a user at the same time in a single browser. The backend does not support multiple sessions per user. The current workaround is to use either multiple browsers or private windows.

Unsure of the current behavior

Rendre possible le reset de password would be nice

Add some basic validations for user and team names (i.e. not empty).

Would be nice to be able to preview a challenge's readme on the platform.

It is possible to create a user without name.

It is interesting to note that only one user without name can exist because duplicate in username are forbidden.

https://github.com/JDIS/flaggr/community

TODO

• Code of conduct
• Contribution guidelines
• License
• Issue template
• Pull request template

Basically a profile page.

Rationale

Using different verb make the two actions (Log in | Sign up) more distinct.

TODO

• Reword Sign in to Log in in the app

• Ensure consistency everywhere else (in others places in the app, in documentation, etc.)

Right now, no logging is present on the backend of Flaggr, which poses a monitoring and potential security risk.

Flaggr should have mechanisms for proper logging of user actions (such as connections, failed logins, server errors, etc)

Currently when you edit or create a challenge, you go back to the first challenges page upon saving/cancelling. This behaviour is very annoying when editing multiple challenges as you have to navigate back to the correct page every time.

It would be very useful to remember the page you were on before selecting a challenge.

So we can hide scoreboard for users

Currently, all challenges are independent from each other, meaning that you can complete all challenges in whatever order you want. It would be nice to be able to create ordered tracks, or multi-level challenges, where you have to complete level 1 before attempting level 2 for example.

There seems to be a head conflict when running flask db upgrade

Fix with : flask db merge heads`

right now its the vue icon

Code challenges are challenges where code is executed on the server, and where tests decide the score the user gets.

(more info to come)

Depends on #13

After the creation of user, it should be able to change email address.

Similar to #32

The current format is needlessly precise. It would look better if formatted to something like YYYY-MM-DD HH-MM-SS.

Context

During the Sign up, when the email field is validated, the message Please enter an email address. appear when there is no character before or after the @ (at) symbol.

Problem

This message don't appear when there is no . (dot) after the @ (at) symbol (aka, when a TLD is enter as the email domain).

When we press Sign up, we receive an 400 Bad Request from the server.

Validation of email address should be consistent.

Information

It is technically possible for the owner of a TLD to add MX records in the TLD zone.

Reference

https://serverfault.com/a/721929

Right now its a single flag only but backend already supports multiple flags

make the frontend fetch for the event status so it can react if the event closes.

Make a decorator for routes to make sure that some are only accessible when event is not paused (ex submitting flags)

Rationale

In the Log in - Sign up panel, it seem now that the switch represent the state of the Sign up form. The state of the Log in form is not well represented by the switch.

We can observe something similar in the Manage team panel.

• Tell an admin that their flag doesnt respect the flag format when they enter a flag
• Show the flag format somewhere for the user

Problem

The email field used in Log in and Sign up (maybe somewhere else?) is case sensitive.

Email address should be treated in a case-insensitive manner.

Step to reproduce

1. Access a Flaggr instance. (e.g.: https://jdis-ia.dinf.usherbrooke.ca/1/)
2. Sign up a new user with mixed case email address. (e.g. [email protected])
3. Log in with the same credential, but with different case in email. (e.g. [email protected])

Access should be granted.

Warning

The password field MUST stay case sensitive.

Reference

https://stackoverflow.com/a/9808332

right now its static.