Description:
Discussion on for how long user session should be kept valid in browser.

Task:

• Add a remember-me variable on sign-in form.
• Keep the default value to false
• Keeps the constant values in a separate config file in order to add flexibility in the system

Concerns:

Concerns raised for @adeel838

• How long does a default user session should stay valid
• How long does a extended user session should stay valid

Description:
Define a single password schema via zod to be utilized all across the application

Task:

• Implement a zod schema for password input across the whole application
• password must be at least 8 characters long
• password must contain at least one uppercase letter A-Z
• password must contain at least one lowercase letter a-z
• password must contain at least one special character from ~!@#$%^&*()-_+={}[]|\;:"<>,./?
• password must contain at least one digit 0-9

Description

In user authentication we are using two different variables to differentiate users

• role - to define the role of the user which is either admin, student or tutor
• group - is to define which category of the provided role does the user belongs to

Concerns

Raised for @adeel838 to answer

• what values of group variable should be used for student role ? parent and student
• what values of group variable should be used for tutor role ? alumni and student
• if above is the case how to differentiate between the tutor => student and student => student group
• what values should be used for admin, since we are not using any differentiation within admin users

Raised for @hammadtariq838 to answer

• should we be hardcoding these values into schema or making these dynamic into database for catering future changes

Description:
Add session management for user via database session. and start and expiry of user session from browser and database.

Tasks:
Implement an abstract sign-in functionality which takes email and password and starts a new user session
Implement an abstract sign-out functionality which deletes the current user session if there is any

Use Cases:

• On plain user sign in
• On user sign up
• On forget password

Concerns
Raised for @adeel838 to answer

• Is user supposed to sign in straight after sign up or after email verification completed?
• Is user supposed to sign in on forgot password or led to sign in page to do that mannually?

Description:

Add two-factor authentication (2FA) for users with the admin role. On admin login, send a 6-digit code via email for verification.

Features: User Authentication API

Requirements:

• Send 6-digit code to admin's registered email on login.
• Implement code entry and verification in the login process.
• Ensure code expiration (e.g., 10 minutes) and implement security measures.

Tasks:

• Implement functionality to generate and email a 6-digit code to admin.
• Update the login process to include a step for entering the 6-digit code.
• Implement code verification logic with expiration.

Concerns

Raised for @hammadtariq838 and @adeel838 to answer

• Should the user session start after entering the code or when requesting for login
• Code is defined to be 6 numbers but should it be in string format or number format