The Content Security Policy setup is not quite finished.

Backend:

• Generate the CSP nonce for scripts per request. Currently, scripts are using unsafe rules.

Frontend:

• Configure Angular to utilize the CSP nonces

I need to identify places where my frontend client code is doing things that my service should be doing, so that I can ensure clean separation between the two components.

Identified

• Job Page - needs rewrite
• Data Model - Relationship IS_INTERVIEWING_FOR needs to lose interviewDate parameter. That belongs in the Applicant model. The field can simply be null in absence of relationship.

Note: The db will need to be dropped 😄.

Indexes

• CREATE INDEX node_range_index_applicant_interviewingwith IF NOT EXISTS FOR (a:Applicant) ON (a.interviewingWith)
• CREATE INDEX node_range_index_applicant_interviewdate IF NOT EXISTS FOR (a:Applicant) ON (a.interviewDate)
• CREATE TEXT INDEX node_text_index_job_status IF NOT EXISTS FOR (j:Job) ON (j.status)
• CREATE INDEX rel_range_index_hasappliedto_rejected IF NOT EXISTS FOR ()-[r:HAS_APPLIED_TO]-() ON (r.rejected)

Relationships

• Remove interviewDate from IS_INTERVIEWING_FOR and assign/query it directly on an Applicant.

Models

• Store interviewDate in Applicant

The Program.cs file for project matts is too long and messy.
Clean it up! 🛁

Tasks System:

Solution Diagram 1

Solution Diagram 2

Tasks Table

Azure Table Storage supports multiple entity types, see docs, so here are the entities that will be within the Tasks Table.

Task

Represents a pending business task that end users need to perform.

Partition Key: Employer UUID or all
Row Key: <Unix Epoch in ms>_<nonce>

Subject

Represents any additional 'what' or 'whom' that are associated with a given task.

Partition Key: The parent task's row key.
Row Key: An integer: [0, ∞)

Setup:

• Setup Tasks table
• Setup Tasks queue

Development:

• #28
• #29
• #30

Prerequisites: CSP #17

Job Descriptions are lame and boring. Let's make them exciting by putting a rich text edit component on the Create Job page.

Found in: Staging

Description:

The APPLY NOW button will forever show 'Uploading...' if the upload fails.

There will be no failure toasts, button text changes, or anything at all to say that something didn't work.

There is either no failure handling code, or the failure handling code didn't catch this error because it was triggered by the misconfigured CSP, #22.

Errors from Dev tools console:

polyfills.97c30d9b562dcb24.js:1
 Refused to connect to 'https://matthews-ats-funcs-staging.azurewebsites.net/api/resumes/upload?code=L-qga1hk20NND03eR97YGEgkrLs6xcMu41x57qrxRL3DAzFu1t_rkg==' because it violates the following Content Security Policy directive: "connect-src 'self'".

main.e785639af97d11a5.js:1 
 ERROR 
pe {headers: oe, status: 0, statusText: 'Unknown Error', url: 'https://matthews-ats-funcs-staging.azurewebsites.net/api/resumes/upload', ok: false, …}
error
: 
ProgressEvent
isTrusted
: 
true
bubbles
: 
false
cancelBubble
: 
false
cancelable
: 
false
composed
: 
false
currentTarget
: 
XMLHttpRequest {__zone_symbol__xhrSync: false, __zone_symbol__xhrURL: 'https://matthews-ats-funcs-staging.azurewebsites.n…k20NND03eR97YGEgkrLs6xcMu41x57qrxRL3DAzFu1t_rkg==', __zone_symbol__loadfalse: null, __zone_symbol__errorfalse: null, __zone_symbol__timeoutfalse: null, …}
defaultPrevented
: 
false
eventPhase
: 
0
lengthComputable
: 
false
loaded
: 
0
returnValue
: 
true
srcElement
: 
XMLHttpRequest {__zone_symbol__xhrSync: false, __zone_symbol__xhrURL: 'https://matthews-ats-funcs-staging.azurewebsites.n…k20NND03eR97YGEgkrLs6xcMu41x57qrxRL3DAzFu1t_rkg==', __zone_symbol__loadfalse: null, __zone_symbol__errorfalse: null, __zone_symbol__timeoutfalse: null, …}
target
: 
XMLHttpRequest {__zone_symbol__xhrSync: false, __zone_symbol__xhrURL: 'https://matthews-ats-funcs-staging.azurewebsites.n…k20NND03eR97YGEgkrLs6xcMu41x57qrxRL3DAzFu1t_rkg==', __zone_symbol__loadfalse: null, __zone_symbol__errorfalse: null, __zone_symbol__timeoutfalse: null, …}
timeStamp
: 
8452125.200000286
total
: 
0
type
: 
"error"
[[Prototype]]
: 
ProgressEvent
headers
: 
oe {normalizedNames: Map(0), lazyUpdate: null, headers: Map(0)}
message
: 
"Http failure response for https://matthews-ats-funcs-staging.azurewebsites.net/api/resumes/upload: 0 Unknown Error"
name
: 
"HttpErrorResponse"
ok
: 
false
status
: 
0
statusText
: 
"Unknown Error"
url
: 
"https://matthews-ats-funcs-staging.azurewebsites.net/api/resumes/upload"
[[Prototype]]
: 
We

Remediation:

1. Handle failures
2. Display failure toasts upon failure
3. Reset form and all that jazz upon failure

Reorganize & Cleanup Project Structure

Reorganize & Cleanup Project Structure

SSO

So far, the LinkedIn OAuth integration only retrieves some profile information for a user. To enable SSO, this must happen:

• Retrieve the sub claim, pass it to the frontend for the "responsive sign up piece". It will become the username for SSO folks. The username/pw fields should "gray out".
• SSO Login will look up the user from the JWT and create a session if the JWT passes signature verification using the JWK from LinkedIn

Old description

Rework User related code to enable SSO down-the-line:

• User registration (required fields, etc...)
• User storage in DB (models and more)

The multi-container build is great for local but not for the cloud.

Use two separate container instances for deployments: 1) Application 2) Database

Migrate HTTP Functions to AspNetCore Types

REFERENCE: How to Migrate to ASP.NET Core Types

I want my HTTP-triggered Azure Functions to use the Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore model over the built-in model, so that I may use the UnitTestEx library across-the-board to cleanly test my Azure Function code.

Migration TODO Checklist:

• QueueTaskCreateFunction (rewrite tests)
• UploadResumeFunction (no tests, write new)

I want to develop a library that handles Neo4J Query Generation as part of a data access refactor, so that swathes of database-concerned code may be eliminated from the main matts application.

Address the Warning Avalanche

It seems the static analysis plugins weren't working properly. After doing #34, they are now working.

It's a Warning Avalanche! 🥶

The login page does not have the toast container, but errors are being propagated to the toast service. When errors (if any) happen, they will not appear until logging in to the application.

Reproduce:

1. Mistype password on the login page or cause a failure x times
2. Login
3. See x failure toasts upon loading the home page.

Found in: Staging

Description:

After successfully authenticating into LinkedIn, the popup will close before the profile data for the registration form is returned thru the websocket. The "Sign Up with LinkedIn" button is not a monitored button and there is indication of any kind that something's happening.

It took ~2s after the popup closed before the form populated. I could've started typing and then had my stuff replaced. 😅

Remediation:

1. Make the "Sign Up with LinkedIn" button a monitored button so that there's an indication of work being done.
2. Show some text above the form.
3. Work with ngx-loading-bar to show the loading bar until a SERVER_OAUTH_COMPLETED or SERVER_OAUTH_ABORTFAIL is received.

Create the "Create Task" Function.

It will take the tasks from the Tasks Queue and create them into the Tasks table.

I want to replace the over-complicated DAO implementations with clean invocations to the classes being developed in #42 , so that my application remains maintainable as it grows in size.

V2 API: GraphQL

There is much technical debt from first milestone code. Adopting GraphQL and refactoring the application will remediate much of the accumulated technical debt.

Current Architecture Problems:

• Too many REST endpoints
• Complicated data access

Create the "Query/Lookup Task" Function.

It will provide the ability to retrieve the Tasks from the Tasks table.

Found In: Staging

The _makeResumeDownloadLink() function in the Job Page Component is creating the download link without the new /api/v1/ prefix, causing it to fail.

Remap routes in the backend api to follow the /api/v1/xxx pattern.

Create the "Queue Task Create" Function.

Input Trigger

• HTTP Post
• Accepts the JSON of a Task

Behavior

• Posts the JSON of a Task to the Tasks Queue

Response

• Success/Failure Code with a body
• Successful: 200 with the response from Azure
• Failure: 4xx/5xx with a failure message

BUG: List doesn't refresh after posting new job

After posting a new job, the user must refresh the window to see the new job.
 

Reproduction Steps:

1. Login as Employer
2. Post New Job
3. Observe that the newly posted job does not show up

Workaround:

1. Refresh the window
2. (?) Trigger a navigation to / - I don't remember if this also did the trick or not.

Found in: Staging

Description:

In the Applicant Portal, any applicant will be unable to upload their resume because the CSP is blocking connections to the Azure Functions endpoints. See below as to why.

In the Employer Portal, any employer will be unable to download any resume because the CSP is blocking connections to the Azure Functions endpoints. See below as to why.
 

Handy-Dandy Issues Tab Summary:

Error from Developer Tools:

polyfills.97c30d9b562dcb24.js:1  Refused to connect to 'https://matthews-ats-funcs-staging.azurewebsites.net/api/resumes/upload?code=L-qga1hk20NND03eR97YGEgkrLs6xcMu41x57qrxRL3DAzFu1t_rkg==' because it violates the following Content Security Policy directive: "connect-src 'self'".

Remediation:

1. Add the Azure functions' FQDN to the connect-src directive of the CSP.

Address the warnings raised by the code analyzers in the backend code.