Skip to content

Feat/email login#67

Open
hamzabouissi wants to merge 2 commits intomainfrom
feat/email_login
Open

Feat/email login#67
hamzabouissi wants to merge 2 commits intomainfrom
feat/email_login

Conversation

@hamzabouissi
Copy link

@hamzabouissi hamzabouissi commented May 5, 2025

PR Type

Enhancement


Description

  • Replace GitHub OAuth with email-based login

  • Remove all GitHub OAuth-related code and dependencies

  • Update Slack notification to use submitted email address

  • Clean up unused imports and environment variables


Changes walkthrough 📝

Relevant files
Enhancement
app.py
Switch from GitHub OAuth to email-based login and simplify flow

app.py

  • Replaced GitHub OAuth login flow with a simple email-based POST login.
  • Removed all GitHub OAuth-related code, endpoints, and environment
    variables.
  • Updated Slack notification to report the submitted email address only.
  • Cleaned up unused imports and improved error handling for Slack
    notifications.
  • +18/-62 
    Dependencies
    requirements.txt
    Remove OAuth dependency from requirements                               

    requirements.txt

  • Removed the requests-oauthlib dependency as GitHub OAuth is no longer
    used.
  • +0/-1     

    Need help?
  • Type /help how to ... in the comments thread for any questions about Qodo Merge usage.
  • Check out the documentation for more information.
  • @codiumai-pr-agent-free
    Copy link

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
    🧪 No relevant tests
    🔒 Security concerns

    Email data exposure:
    The implementation logs the user's email address (line 47) which could expose sensitive personal information in log files. Consider removing or masking the email in logs, especially since this information is already being sent to Slack.

    ⚡ Recommended focus areas for review

    Email Validation

    The new login endpoint accepts email input without any validation. Consider adding email format validation to prevent invalid submissions.

    email = request.form.get('email')
    session['email'] = email
    Error Handling

    The login route doesn't handle the case where the email parameter is missing from the form submission.

    email = request.form.get('email')
    session['email'] = email

    Copy link

    Copilot AI left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Pull Request Overview

    This PR implements a shift from GitHub OAuth login to an email-based login system while removing OAuth-related functionality.

    • Changes the login route to accept only POST requests.
    • Eliminates GitHub OAuth and related endpoints.
    • Updates the Slack notification to include the submitted email address.
    Comments suppressed due to low confidence (1)

    app.py:43

    • Changing the root login route to accept only POST requests may break clients expecting a GET request for rendering the login form. Consider providing a separate GET route or ensuring the frontend aligns with this change.
    @app.route('/', methods=["POST"])
    

    @app.route('/')
    @app.route('/', methods=["POST"])
    def login():
    email = request.form.get('email')
    Copy link

    Copilot AI May 5, 2025

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    The email input is used without validation – if an empty or invalid email is submitted, it may lead to issues downstream. It is recommended to add basic validation or error handling for this input.

    Suggested change
    email = request.form.get('email')
    email = request.form.get('email')
    if not email or not re.match(r"[^@]+@[^@]+\.[^@]+", email):
    logger.error(f"Invalid email submitted: {email}")
    return "Invalid email address. Please try again.", 400

    Copilot uses AI. Check for mistakes.
    Copy link
    Author

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    @venkatamutyala do you wanna add this ?

    @codiumai-pr-agent-free
    Copy link

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Impact
    Security
    Sanitize user input

    Sanitize the email input before including it in the Slack message to prevent
    potential injection attacks. Directly including user input in formatted messages
    can be risky.

    app.py [49-60]

    +# Sanitize email by removing any markdown formatting characters
    +safe_email = email.replace('*', '').replace('`', '').replace('_', '').replace('~', '')
     response = slack_client.chat_postMessage(
         channel=slack_channel,
         blocks=[
             {
                 "type": "section",
                 "text": {
                     "type": "mrkdwn",
    -                "text": f"*New signup*\n*Email Addresses:*\n{email}"
    +                "text": f"*New signup*\n*Email Address:*\n`{safe_email}`"
                 }
             }
         ]
     )
    • Apply this suggestion
    Suggestion importance[1-10]: 8

    __

    Why: The suggestion correctly points out that user-provided email is directly embedded into a Slack message using mrkdwn. Sanitizing the input prevents potential formatting injection or manipulation of the Slack message, which is a valid security concern. The proposed fix is appropriate.

    Medium
    General
    Add email validation

    Add validation for the email input to prevent storing empty or invalid email
    addresses. This will ensure that only valid email addresses are processed and
    sent to Slack.

    app.py [43-47]

     @app.route('/', methods=["POST"])
     def login():
         email = request.form.get('email')
    +    if not email or '@' not in email:
    +        logger.warning('Invalid email submitted')
    +        return redirect(redirect_url)
         session['email'] = email
         logger.info(f'email: {email}')
    • Apply this suggestion
    Suggestion importance[1-10]: 6

    __

    Why: The suggestion correctly identifies that the email input from the form is not validated. Adding basic validation (checking if it's empty or lacks '@') improves data quality and prevents sending potentially useless notifications to Slack.

    Low
    • More

    Copy link
    Contributor

    @venkatamutyala venkatamutyala left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    not relevant since we are using wordpress. let's keep the PR in case we want to use it in the future

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Projects

    None yet

    Development

    Successfully merging this pull request may close these issues.

    3 participants