User management and authentication

[elaineg]

What feature(s) would you like to see?

Current behaviour: Coral interface only interacts with one user. Conversations, messages, files, etc are only associated with a single user.

Additional information

Expected behaviour: Add user management to Coral interface. When a user deploys Coral interface, they go to a screen that asks them to authenticate. Then they can only access conversations that are associated with their user ID.

[tianjing-li]

Would like to take this on:

My suggestion for now is to keep the scope to only simple user email/password authentication.

Here is what I would consider part of this initial scope:

• Adding a hashed_password field on the User model, we don't want to store this in plaintext so we would have to stored a hashed password in the DB instead. Login checks would just hash the input password and check against the hashed_password value. We could also salt the value if needed, but since these tools are mostly used internally, might be of minimal use.
• Update the UpdateUser schema to optionally change all possible configurations
• Update the CreateUser schema to take a required password
• Add a /authenticate or /login endpoint to check if the email and hashed password input correspond to a user in the system

TOTAL : ~1 week of work

Mid-term goals:

• Upon authenticating, manage a session for the current user instead of passing User-Id in request headers

TOTAL: ~couple days

Potential long-term goals:

• OAuth
• 2FA

Questions:

• Will anything be accessible cross-user in an org? (eg Conversations/Files/etc)