Summary of feature

users should be able to request a password reset from the /password/forgot page.

• user enters their email and is told they will receive an email.
• passwordReset record is created in the database with a unique ID, userId ref, and a "expiry" column that is 30 minutes in the future
• event is sent to the workers to send password reset email
• password reset email is sent to the email with a link to /password/reset?id=<pwreset_id>
• They can then submit a new password

Summary of bug

currently password rules aren't working; I need to implement a password strength indicator on the signup / password reset page that makes it clear if you're password is strong enough to be used.

summary of feature

when users request a booking from /calendar/ it should kick off an approval flow:

• user submits booking form on /calendar/
• all admins receive an email with the new request and can click through to the app
• admins can then approve/deny the request
• this will change the request record status accordingly
• users are then sent an email about the status of their request
• users can then see their requests in the app and cancel them or "update" which just sets the status back to "new" and kicks off events based on that

API Changes (estimate)

• calendar API
  • PUT /api/calendar/booking for updating the booking status to approved/denied, can also be used by the user to change notes.
  • DELETE /api/calendar/booking for when the user requests to delete their booking

Other requirements

• Setup Redis for managing notifications / event queuing
• Setup workers to handle changes to the bookings events

User's should be de-activated by default when first signed up. A user signing up should kick off the following workflow:

• User signs up and an email to admins is queued with signup details, user_status is set to "pending"
• All admins get an email that a person signed up for the app
• Admins can click through a link that takes them to a signups request page
• Admins can then approve or deny the signup request.
• Denying the request will set the user_status to denied
• Approving the request will set the user user_status to enabled

Summary of feature

This should be implemented after #2. It will allow you to connect a google account to the application to manage a calendar:

• Admins should be able to sign into a google account on the /admin page under "Integrations"
• the API should take you through the OAuth process and store your token and refresh token for later user
  • GET /api/integrations/google (kick it off)
  • POST /api/integrations/google/callback (provide the long-lived token and refresh token)
• the API should be updated to also update the calendar if appropriate
  • PUT /api/calendar/booking update this route to check if there is a gcal integration, and create event there.
  • DELETE /api/calendar/booking update this route to delete the calendar event if ther eis a gcal integration.

Summary of feature

this should be implemented after #2 and #3. It will improve the booking flow:

• Users can now see their bookings and their status on /calendar/
• The screen where admins approve/deny user flows now shows the availably of those dates in the calendar and link to the gcal.
  • maybe use GET /api/calendar/booking?startDate=DATE&endDate=DATE to get all the bookings in that date range
• There is a custom calendar in the /calendar/ page with a better UI (maybe?)

Summary of feature

Create a basic page that lists all users currently in the application and allows admins to enable/disable their accounts, and do a password reset of necessary.

Summary of feature

Should be done after #5 and will enable admins to invite users to the application

• Admins can fill in a first name, email, and a note from an admin/users/invitation page
  • The user will already have approved status because they were invited but will have no password
  • This will kickoff an event that contains the user ID and a note
• Workers will dequeue that event and start working on it
  • Worker will fetch user and send email to the email with the note and a link to set their password.