Mentorship-android: Send/Receive photos on Backend

I'd like to work on this issue!

Great @haroldadmin :)

You may have to do some workaround with the Profile Update feature because it's not working properly now, but you can explore and play around in your fork with the testing the API.

@m-murad this can be worked on already right?
You added the URL necessary to upload an image to AWS, right?

I'm not familiar with how the backend works, but I can work on the android app in the meantime. I'm using a personal AWS account to test it for now.

@haroldadmin you don't need to use backend, just how to send a request to update a profile within the Android application, and when you sent the PUT /user request, you want to update photo_url field, I'm not sure how it works the Amazon S3 api, but I'm thinking you upload and then you have to update on our backend calling PUT /user with photo_url. Then whenever we want to show the user photo, we'll receive the URL, from the image stored in AmazonS3

Yes, that's what I had in mind.

We can request the user to select an image using a simple intent. This image will then be uploaded to the S3 storage service, and it's URL would be retrieved. The app will then post this url to the mentorship-backend server in the current user's profile.
There's some file handling involved with this, because the intent doesn't return a file path but a content URI with temporary access permissions. So we first need to create a copy of this file, and then upload it.

There are a few security concerns I have with this system, though. In order to make the profile pictures accessible to the app whenever it is required, we would probably need to make the files public on our S3 storage bucket. This means that anyone can have read access to the pictures, which is not what we want.

I think we should implement this feature in multiple phases:

1. For the first phase let's keep the profile picture URLs public, and store them on the backend.
2. For the second phase we can implement Amazon Cognito to provide guest access to the profile pictures to shut down public access.
3. For the the third and final phase, we can configure our backend to act as an Identity Provider for Cognito. This would remove the need to allow guest access to the profile pictures from our app.

Please provide feedback on what would be the best path to follow for this.

Status Update

I have implemented the following features into the app now:

1. The Profile fragment has an image view for displaying the user profile picture, like this. The grey icon in the picture is a placeholder, which is used while the actual picture is loading, or if the user has not set a picture.
2. Tapping on the profile picture opens a file chooser. The user can select an image here, which is then uploaded to the backend S3 bucket.
3. The uploaded image URL is used to update the user profile on the mentorship-backend system. This image URL will be used to load the profile picture in the future.

The security of these profile pictures is important, so the bucket in which they are stored should not be publicly accessible. The files in the bucket, however, should be publicly accessible via their link (so that they can be loaded by the app). This is how I configured my testing AWS S3 bucket, and it works great. I would like to change this in the future, but for now the only place where these file URLs are stored is the backend-server, so the system is safe from outside access.

AWS credentials problem

The next problem we have to solve is integrating Syster's AWS account with the app. We need an IAM user with read-write access to S3, and this user's Access Key, Secret Key. In my testing environment, I saved a test IAM user's access and secret keys in my ~/.gradle/gradle.properties file. I then added these keys as buildConfigField in the app's build.gradle file. These keys can then be accessed from Kotlin code. However, these keys are local to my system, because their values are saved in my gradle.properties file.

This means that if someone wants to clone the repository and build it, then they would have to supply their own Access Key and Secret Key. Otherwise, their build will fail. This is fine, (and the expected behaviour for some repos) for debug builds of the app, but it will also cause Travis CI builds to fail. For release builds of the app, we would need to use the actual Access Key and Secret Key from Syster's AWS account.

One of the solutions to this problem is travis environment variables. Maintainers of this repository who have admin access to Syster's AWS account and Travis CI account can add the keys as environment variables to release builds of the app. More information here
For debug builds of the app we can just use mock keys. Developers who want to build this repo on their system can supply their own keys.

Again, this is just one possible solution. Please provide feedback and suggest better ways if you can.
@m-murad @isabelcosta @Rimjhim28

@haroldadmin thank you for such a detailed analysis of this problem 🙌
Just as @m-murad said on Slack, I hope we can discuss this further in a Community Open Session.
If you don't manage to go, I'll make sure to talk raise this issue there.

@isabelcosta Thank you! My exams are approaching so I might not make it there, but I'll try my best 😊

@haroldadmin No problem at all, I understand! I want to have @m-murad there, so we might talk sooner or later about this, it depends on everybody's availability. I'll update you if we get to discuss this.

Status Update

Through community discussion, it has been decided that the best way to implement this feature would be to not handle communication to AWS using the mobile app. Instead, the mentorship-backend server should handle it. So we're currently waiting on file upload functionality to be added to the backend server. When it is done, the app will upload the profile pictures to the backend server, and the backend server will handle uploads to AWS S3.

Is this issue still open?
May I work on this?

@Priyansh-Kedia I have assigned this issue to you because no one else has commented on this issue for a long time. 👍

@Priyansh-Kedia since you haven't shown any activity for this issue so I have to make available to someone else. And another reason is you are assigned two other issues.

Hey @aditmehta9
I could not be active for some time due to personal reasons
I would very much like to work on the issues

Hey @aditmehta9
I could not be active for some time due to personal reasons
I would very much like to work on the issues

Of course, I am assigning this issue to you.

@aditmehta9
Hey I am sorry
I was quite unclear on my message before
The thing is I commented on this issue when I was on early phase of GSoC without realising that this is a backend task
Sorry for making a confusion and the inconvenience caused

I would be working on Android Issues

@aditmehta9
Hey I am sorry
I was quite unclear on my message before
The thing is I commented on this issue when I was on early phase of GSoC without realising that this is a backend task
Sorry for making a confusion and the inconvenience caused

I would be working on Android Issues

It's Okay no problem. So should I make it available for others?

@aditmehta9
Hey I am sorry
I was quite unclear on my message before
The thing is I commented on this issue when I was on early phase of GSoC without realising that this is a backend task
Sorry for making a confusion and the inconvenience caused
I would be working on Android Issues

It's Okay no problem. So should I make it available for others?

Sure
Please do
Also if you are handling issue for Mentorship android, could you please help me with an issue?

@aditmehta9
Hey I am sorry
I was quite unclear on my message before
The thing is I commented on this issue when I was on early phase of GSoC without realising that this is a backend task
Sorry for making a confusion and the inconvenience caused
I would be working on Android Issues

It's Okay no problem. So should I make it available for others?

Sure
Please do
Also if you are handling issue for Mentorship android, could you please help me with an issue?

I would love to help but currently, my university lecture and projects are going on. So I am partly looking into the issues. However, you can ping the coding team or have a discussion on zulip if any doubt

@aditmehta9
I actually wanted to work on dependency injection in the application
Who do you suggest I should ask?

@aditmehta9 @isabelcosta I would like to work on this issue.

@aditmehta9
I actually wanted to work on dependency injection in the application
Who do you suggest I should ask?

You can ask coding team or on zulip.

@aditmehta9 @isabelcosta I would like to work on this issue.

ok

@aditmehta9 Could you please tell me how to reach the coding team?

@aditmehta9 Could you please tell me how to reach the coding team?

You can ping @ coding-team on zulip.

@aditmehta9 @isabelcosta currently mentorship-android User data model doesn't have photo_url to update and acquire user profile pic
So should I add this field or there is another workaround

Sorry @rahulshah456 , for the late reply because my project presentation was going on. I am not sure about it please ask in Zulip about it

This is dependent on https://github.com/anitab-org/mentorship-backend/pull/200

@isabelcosta this issue has some conflicts so should I work on this backend issue

@aditmehta9 please unassign me from this issue and add the label onHold because this issue depends on #200 which has some major merge conflicts. As I want to work on other high priority issues.

@aditmehta9 please unassign me from this issue and add the label onHold because this issue depends on #200 which has some major merge conflicts. As I want to work on other high priority issues.

Ok