As a developer,
I need to verify if a user is requested for some action,
so that I can prevent actions with invalid users.
Implementation options by order of optimal solution (best -> worst) as discussed on project weekly:
2 hours
Still no @sys-bot showing up, just testing to get timestamp
@isabelcosta I am working on this issue !
Okay! @SwethasriKavuri :D any doubt tell me, I don't mind scheduling a call with you to help you with something
@SwethasriKavuri are you still working on this?
@SwethasriKavuri are you still working on this? if not, no problem at all, I can set this to be available again, for another contributor to work on this
I'm making this available again since there are no updates on this issue's work
@isabelcosta I would like to work on this issue
@LordGameleo sure! so ahead :)
@isabelcosta can you guide me a bit.... where should I write code for creation of new decorator?
I'm not sure about it, since I haven't done a lot of research for it. Can you look into the code and suggest me a solution? cc @ramitsawhney27
@LordGameleo I'd recommend looking into the DAO itself. That's the first place any operations would take place. Ensure your decorator wraps methods like 'update_user_profile' that would ensure that such an authorization operation is done before any further processing. cc @isabelcosta
Last week, I answered this on Slack:
we only get our authentication access token after verifying our email. I guess this decorator will not be needed.
I can be authenticated and verified. One of the things that come to my mind is, I can't send a mentorship request to someone unverified. Use an ID from a user which is not verified. The android application does not allow that. But if you do things using the api only through swagger ui, then you are allowed to do that. Think of edge cases like this. Look into the api and think in what cases this could happen.
@isabelcosta Let me look into that.