Feat/email login

[hamzabouissi]

PR Type

Enhancement

---

Description

• Replace GitHub OAuth with email-based login

• Remove all GitHub OAuth-related code and dependencies

• Update Slack notification to use submitted email address

• Clean up unused imports and environment variables

---

Changes walkthrough 📝

	Relevant files
Enhancement	app.py Switch from GitHub OAuth to email-based login and simplify flow app.py Replaced GitHub OAuth login flow with a simple email-based POST login. Removed all GitHub OAuth-related code, endpoints, and environment variables. Updated Slack notification to report the submitted email address only. Cleaned up unused imports and improved error handling for Slack notifications. +18/-62
Dependencies	requirements.txt Remove OAuth dependency from requirements                                requirements.txt Removed the requests-oauthlib dependency as GitHub OAuth is no longer used. +0/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Email data exposure: The implementation logs the user's email address (line 47) which could expose sensitive personal information in log files. Consider removing or masking the email in logs, especially since this information is already being sent to Slack.

⚡ Recommended focus areas for review Email Validation The new login endpoint accepts email input without any validation. Consider adding email format validation to prevent invalid submissions. email = request.form.get('email') session['email'] = email Error Handling The login route doesn't handle the case where the email parameter is missing from the form submission. email = request.form.get('email') session['email'] = email

[Copilot]

Pull Request Overview

This PR implements a shift from GitHub OAuth login to an email-based login system while removing OAuth-related functionality.

• Changes the login route to accept only POST requests.
• Eliminates GitHub OAuth and related endpoints.
• Updates the Slack notification to include the submitted email address.

Comments suppressed due to low confidence (1)

app.py:43

• Changing the root login route to accept only POST requests may break clients expecting a GET request for rendering the login form. Consider providing a separate GET route or ensuring the frontend aligns with this change.

@app.route('/', methods=["POST"])

[Copilot]

The email input is used without validation – if an empty or invalid email is submitted, it may lead to issues downstream. It is recommended to add basic validation or error handling for this input.

Suggested change

	email = request.form.get('email')
	email = request.form.get('email')
	if not email or not re.match(r"[^@]+@[^@]+\.[^@]+", email):
	logger.error(f"Invalid email submitted: {email}")
	return "Invalid email address. Please try again.", 400

[hamzabouissi]

@venkatamutyala do you wanna add this ?

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Sanitize user input Sanitize the email input before including it in the Slack message to prevent potential injection attacks. Directly including user input in formatted messages can be risky. app.py [49-60] +# Sanitize email by removing any markdown formatting characters +safe_email = email.replace('*', '').replace('`', '').replace('_', '').replace('~', '') response = slack_client.chat_postMessage( channel=slack_channel, blocks=[ { "type": "section", "text": { "type": "mrkdwn", - "text": f"*New signup*\n*Email Addresses:*\n{email}" + "text": f"*New signup*\n*Email Address:*\n`{safe_email}`" } } ] ) Apply this suggestion Suggestion importance[1-10]: 8 __ Why: The suggestion correctly points out that user-provided email is directly embedded into a Slack message using mrkdwn. Sanitizing the input prevents potential formatting injection or manipulation of the Slack message, which is a valid security concern. The proposed fix is appropriate.	Medium
General	Add email validation Add validation for the email input to prevent storing empty or invalid email addresses. This will ensure that only valid email addresses are processed and sent to Slack. app.py [43-47] @app.route('/', methods=["POST"]) def login(): email = request.form.get('email') + if not email or '@' not in email: + logger.warning('Invalid email submitted') + return redirect(redirect_url) session['email'] = email logger.info(f'email: {email}') Apply this suggestion Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that the email input from the form is not validated. Adding basic validation (checking if it's empty or lacks '@') improves data quality and prevents sending potentially useless notifications to Slack.	Low
More

[venkatamutyala]

not relevant since we are using wordpress. let's keep the PR in case we want to use it in the future