We should be able to have multiple current phases at the same time. Eg submission/registration

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• send a request creating a challenge with groups: [" "]

Current result(s):

• forbidden error (403 code) returns
• group name can be arbitrary characters (like: "$@%")

Expected result(s):

• should return the validation error (400 code)
• group name should follow some patterns

Attachments:

Upgrade to https://github.com/appirio-tech/tc-core-library-js/releases/tag/v2.6.2

• Add a new model for attachments.

{
  id: "UUID",
  url: "String",
  fileSize: "Number",
  "fileName": "String"
}

• Implement an endpoint to upload attachments on an S3 bucket.
• Add an attachments properties to the challenge model that will be an array of Attachments.
• Update all challenge endpoints to support attachments.

1. The winners array currently has handle but not userId. Since handles can change, we should include userId as well so we don't run into trouble with lookups and data integrity.

2. The v4 array has these fields:

submissionTime: "2019-10-14T09:28:04.000Z",
points: 100

I'm assuming they are used/helpful when displaying scores and submission times on the challenge pages. Not sure if this can be handled another way, but just wanted to call it out.

As part of this ticket, we need to add the ability to control who has access to a challenge.

• Add an optional groups array property to the challenge model
• Groups will come from the V5 Groups API (https://github.com/topcoder-platform/groups-api). We may need support for M2M tokens for this (https://github.com/appirio-tech/tc-core-library-js/releases/tag/v2.4.1 appirio-tech/tc-core-library-js.git#v2.4.1)
• On all challenge endpoints, if the challenge has any group(s), we need to check if the caller (user) has access to those groups otherwise we should throw an error.

Add the following endpoints:

• POST /challenges/:id/activate - Activate challenge
• POST /challenges/:id/cancel - Cancel challenge
• POST /challenges/:id/register - Register on challenge
• POST /challenges/:id/unregister - Unregister from challenge

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• send a request searching for any of ChallengeSetting, ChallengeType, Phase, TimelineTemplate, or AuditLog with params: name=?\

Current result(s):

• exception thrown at server side (500 code)
• with name=?^^^ or name=%%%, the filter returns all results

Expected result(s):

• should treat the value of the name query param as text instead of RegExp

Attachments:

Remove the markdown property from the challenge model and all related code.

Observed when working on #43

@ThomasKranitsas Some notes from the developer:

ChallengeTypes

• PATCH requests. In swagger, name, isActive, abbreviation is required. But in source code and POSTMAN they are optional

ChallengePhases

• The model in swagger has more attributes than source code and POSTMAN
• For search, swagger defines 401 and 403 status but POSTMAN and code don't provide this

TimelineTemplates

• The phases in Swagger are different from source code and POSTMAN
• For search, swagger defines 401 and 403 status but POSTMAN and code don't provide this
• For patch, in swagger, name, isactive, phases is required, but in POSTMAN and code these are optional

ChallengeTypeTimelineTemplates

• For create and update, Swagger does not define 404 status for invalid typeId or timelineTemplateId
• For search, swagger defines 401 and 403 status but POSTMAN and code don't provide this

Challenges

• Swagger has not defined 403 status for GET (which happens if user does not have access to the group)

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• send a request creating a challenge with prizeSets.prizes of some of the same items

Current result(s):

• challenge created successfully

Expected result(s):

• should validate duplicated prizeSets.prizes data

Attachments:

Steps to reproduce:

• open the Postman collection
• end requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• send requests to create/update a challenge with endDate in the request's body

Current result(s):

• the challenge is created successfully

Expected result(s):

• should return 400 code ("message": "\"endDate\" is not allowed")

Attachments:

Update tests to cover the changes from 03d5a17

We need to update all endpoints to allow calls using an M2M (machine to machine) token.

• Scopes should be configurable.
• See https://github.com/topcoder-platform/resources-api as an example.
• Use TopcoderService as the user handle if it's M2M (eg in audit fields). This should be configurable.

@rootelement what should happen in the following case:

• Copilot creates a challenge with either no groups or with, let's say, Group1
• A few members who have access to Group1 register on the challenge.
• Copilot modifies the challenge and adds Group2

Possible scenarios:

1. All members who don't have access to Group2 will be automatically removed
2. Copilot should not be able to do that
3. Allow the copilot to do that and leave already registered members (resources) to be registered (doesn't sound like a good approach to me)

cc @cwdcwd

Is it possible to have a platform feature to limit the number of submissions in MMs per day or have a gap between submissions?
We have matches like Single Cell in which we vocally restrict members to make more than 2 submissions a day. Also, members make a lot of submissions in the last day and block the queue for long. In Single-cell we are manually warning or disqualifying the members who are making more than 2 submissions in a day.

If we create a challenge from the UI and we click View challenge immediately, the API will return 404 as the challenge does not yet exist in ES.

We need to fall back to dynamo if we're trying to fetch by ID

Suggestion:

Add fields for the total registrants, submitters, and submissions to the response. This will help do things like display those counts on the listing page without having to iterate through the resource lists...

Current API includes these:

checkpoints: [ ],
numberOfRegistrants: 77,
numberOfSubmissions: 33,
numberOfSubmitters: 33

We need to add support for filtering using projectId.

Env:

export AUTH0_URL=https://topcoder-dev.auth0.com/oauth/token
export AUTH0_PROXY_SERVER_URL=https://topcoder-dev.auth0.com/oauth/token
export AUTH0_AUDIENCE=https://m2m.topcoder-dev.com/
export TOKEN_CACHE_TIME=90
export AUTH0_CLIENT_ID=jGIf2pd3f44B1jqvOai30BIKTZanYBfU
export AUTH0_CLIENT_SECRET=ldzqVaVEbqhwjM5KtZ79sG8djZpAVK8Z7qieVcC3vRjI4NirgcinKSBpPwk6mYYP

export VALID_ISSUERS=[\"https://topcoder-newauth.auth0.com/\",\"https://api.topcoder-dev.com/\",\"https://topcoder-dev.auth0.com/\"]
export JWT_TOKEN_SECRET=secret

Topics:

challenge.action.resource.create
challenge.action.resource.delete
challenge.action.resource.update
challenge.notification.create
challenge.notification.update
submission.notification.create
submission.notification.delete
submission.notification.update
test.new.bus.events

Steps to reproduce:

• run Kafka locally, and add the above topics
• deploy challenge-processor-es, tc-bus-api at port 3001, and 3002 locally with the above variables
• run the app by: BUSAPI_URL=http://localhost:3002/v5 npm start
• open the Postman collection
• send a request to create ChallengeType, or ChallengeSetting, Phase, TimelineTemplate, ChallengeTypeTimelineTemplate if it is a first time
• send a request create challenge by admin
• send a request get challenge 1 by anonymous user, and see that its first phase name is: "phase-1"
• send a request update challenge phase 1, now phase name is "new-phase-1"
• send the request get challenge 1 by anonymous user, check that the challenge' phase name does not change

Current result(s):

• the challenge's phase name is still "phase-1"
• on the console of tc-bus-api, the phase updated event has been sent already
• on the console of challenge-processor-es, this event is not consumed.

Expected result(s):

• the challenge's phases data should be updated also

Attachments:

Steps to reproduce:

• go to README.md (line 79)

Current result(s):

• the Create Elasticsearch index command is the same as init-database command

Expected result(s):

• should be npm run init-es and npm run init-es force

Attachments:

We need:

• A processor to feed ES with data from DynamoDB.
• To update the GET operation to search and fetch challenges from ES instead of DynamoDB for better support for filtering and better performance.

v5 currently returns this structure for resources.

[
{
"id": "string",
"challengeId": "string",
"memberId": "string",
"memberHandle": "string",
"roleId": "string",
"created": "2020-04-09T14:06:23.453Z",
"updated": "2020-04-09T14:06:23.453Z",
"createdBy": "Topcoder User",
"updatedBy": "Topcoder User"
}
]

I'm assuming this is what we'd use to retrieve and display a list of challenge registrants? If so, we may want to add the relevant user rating so we can use it to display the handle color?

Steps to reproduce:

• start the app with BUSAPI_URL pointing to the invalid address: BUSAPI_URL=http://localhost:3002 npm start
• open the Postman collection
• send a request to create , ex: ChallengeType: => 404 code will return
• send this request again: => 409 code will return

Current result(s):

• The request entity has been created even 404 code returning

Expected result(s):

• should support transaction if possible
  (Ref: https://aws.amazon.com/blogs/developer/performing-conditional-writes-using-the-amazon-dynamodb-transaction-library/)

Attachments:

• Make sure all existing POSTMAN tests are up to date with the latest code
• Cover new endpoints with positive/negative POSTMAN tests

• Implement unit testing
• Implement E2E testing

In v4 we have a role defined for each terms item. The use case here is that different roles on the challenge require different terms to be signed.

{
termsOfUseId: 20704,
role: "Reviewer",
agreeabilityType: "Electronically-agreeable",
title: "Standard Reviewer Terms v1.0",
url: ""
},

I'm noticing that we don't have any way to group challenge type by the selected track. For instance, in Topcoder Direct, we have this:

And in the new challenge UI, we have a track selector, but it doesn't change the Type drop down at all because there's no way to associate a type and a track, as far as I can tell.

Based on https://www.elastic.co/guide/en/elasticsearch/reference/current/array.html

An array may contain null values, which are either replaced by the configured null_value or skipped entirely. An empty array [] is treated as a missing field — a field with no values.

As a temp fix, we've done the following:

We need to make the errors more meaningful

Please implement in v5

https://github.com/appirio-tech/ap-challenge-microservice/issues/534

Sample call:

GET https://api.topcoder-dev.com/v5/challengephases

Response:

[]

Expected

A list of challenge phases should be returned. At least that's what the expectation is, based on the swagger doc.

We need to add the following properties to the challenge model:

• reviewType - required String
• markdown - required Boolean
• tags - required Array of String
• projectId - required Number
• forumId - required Number
• Add a required status property (String) to the challenge model. Supported values should be defined in constants. For now, use Draft, Canceled, Active & Completed.

between v4 and v5, we're missing some phase attributes in the phases array.

v4:

{
challengeId: 30103745,
id: 1182935,
phaseType: "Registration",
phaseStatus: "Closed",
scheduledStartTime: "2019-10-01T00:08:58.993Z",
scheduledEndTime: "2019-10-15T00:06:01.206Z",
actualStartTime: "2019-10-01T00:08:58.993Z",
actualEndTime: "2019-10-15T00:06:01.206Z",
fixedStartTime: "2019-10-01T00:08:00.000Z",
duration: 1209120000,
updatedAt: "2019-12-19T20:47Z",
createdAt: "2019-10-01T00:02Z",
createdBy: "23128049",
updatedBy: "22841596"
},

v5:

{
id: "8e183cc8-8287-4902-9574-0d5498dfb540",
actualEndTime: "2019-10-14 20:06:01.206",
actualStartTime: "2019-09-30 20:08:58.993",
scheduledStartTime: "2019-09-30 20:08:58.993",
duration: 1209120000,
isOpen: false
},

I'm not sure if we care as much about the create/update user and dates, but I think we'll at least need the phase type and probably the additional timestamps

How to work with git tickets

The basic flow for handling a ticket is as follows:

1. Assign the ticket to yourself, change the label to "tcx_Assigned", remove the "tcx_OpenForPickup" label. Please only assign tickets to yourself when you are ready to work on it. I don't want tickets assigned to someone and then not have them work on a ticket for 24 hours. The goal here is a quick turnaround for the client. If you can't work on a ticket immediately, leave it for someone else.

2. Complete the ticket and create a merge request within 24 hours. Please ensure your merge request can be merged automatically and that it's against the latest commit in Git when you create it.

3. Change the label on the ticket to "tcx_ReadyForReview"

After seeing a ticket marked as "tcx_ReadyForReview", the copilot will review that ticket, usually within 24 hours.

Note that you are expected to keep your changes in-sync with Git - make sure to do a pull before you push changes to make sure there aren't any merge issues.

Accepted fix

If a fix is accepted, a payment ticket will be created on the Topcoder platform within 5-10 minutes of the issue being closed. You should see the payment in your PACTs within 24 hours.

Rejected fix

If a fix is rejected, a comment, and possibly a screenshot, will be added to the ticket explaining why the fix was rejected. The status will be changed to "tcx_Feedback".

If a fix is rejected, that ticket is your priority. You should not assign yourself any more tickets until you complete the required additional fixes!

Payment amounts

Each ticket in GitLab has a dollar value. That is the amount you will be paid when the ticket is completed, merged, and verified by the copilot. Note that there is still a 30 day waiting period as the payment will be treated as a regular TopCoder challenge payment.

Important Rules:

• You can assign any unassigned issue to yourself with an "Open for pick up" label (first come first serve)

• You can only assign ONE AT A TIME. The nature of it being assigned will indicate it is not available to anyone else.

• You will fix the ticket by committing changes to the master branch.

• After marking a ticket "tcx_ReadyForReview" you are eligible to accept another. You do NOT need to wait for the copilot to validate your fix.

• You can do as many tickets as you want, as long as you follow the rules above.

• If an assigned task is not done in 24 hours, you will need to explain why it is not completed as a comment on the ticket.

• You can ask questions directly on the GitLab ticket.

ANYONE NOT FOLLOWING THE RULES ABOVE WILL BE WARNED AND POTENTIALLY LOSE THEIR GITLAB ACCESS!

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• go to ChallengeSettings -> create challenge setting / or search challenge setting, and send any requests beginning with failure, => the requests are successul
• go to ChallengeSettings -> get challenge setting / or update challenge setting, and send any requests beginning with failure, => the requests are failure

Current result(s):

• create/search routes require no authorization; while get/update require authorization for the same anonymous user

Expected result(s):

• search and get routes should have the same permission

Attachments:

This task includes changes in the following repos:

• https://github.com/topcoder-platform/challenge-api
• https://github.com/topcoder-platform/resources-api
• https://github.com/topcoder-platform/legacy-challenge-processor
• https://github.com/topcoder-platform/challenge-engine-ui
• https://github.com/topcoder-platform/challenge-processor-es
• https://github.com/topcoder-platform/legacy-challenge-migration-script
• https://github.com/topcoder-platform/legacy-challenge-resource-processor
• https://github.com/topcoder-platform/resource-processor
• https://github.com/topcoder-platform/resource-processor-es

Changes needed:

• Update all route definitions from camelCase to kebab-case. For example, the route /challengeTypes should be converted to /challenge-types
• Update all Swagger definitions to reflect the changes.
• Update all Postman collections to reflect the changes.
• Update the routes in the configuration files of each app that call the APIs.
• Check for any hardcoded routes and update those as well.
• Update routes in tests to reflect the above changes.

Submission guidelines

For each repo, use the develop branch.
Once done, upload a zip file here with a patch file for each repo.

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• try to send a request to update a challenge with termsIds: []

Current result(s):

• validation error with 400 code returns

Expected result(s):

• Should be able to update termsIds as empty

Attachments:

Sample request:

GET https://api.topcoder-dev.com/v5/challengetypes?isActive=true

Response:

[]

Expected

The list of active challenge types should be returned.

For dev challenges, we have a Description and we also have finalSubmissionGuidelines. v5 isn't including finalSubmissionGuidelines. This is content that is part of the spec and I think we'll need to include it.

NOTE: I know we want to simplify this going forward, so I'm not sure if pulling over the field 1:1 is the right answer vs. doing something like appending the content to the end of the description field.

For some get methods such as download attachments, it is better to accept the api token as query string opposed to header.

With query string, we can use native download feature of browsers without having to rely on manual save as feature.

We should validate the project ID.

This http://challenges.topcoder-dev.com/projects/112233/challenges/543841b4-bbbb-4b02-bba7-c141855c5d72/edit throws an error because the project ID does not exist.

We should use the project API to verify that the project exists before we create the challenge.

Call the GET https://api.topcoder-dev.com/v4/projects/:projectId endpoint and if that endpoint returns 404, throw a 400 Bad Request error.

Sample request:

GET https://api.topcoder-dev.com/v5/timelinetemplates

Response:

[]

Expected

A list of timeline templates should be returned, as described in the swagger.

Steps to reproduce:

• open the Postman collection
• send requests to create ChallengeSettings, ChallengeTypes, ChallengePhases, TimelineTemplates, ChallengeTypeTimelineTemplates if it is the first time
• check copilot-1 groups: ["group1", "group2"] (which return from mock-api)
• send the request to update the challenge with the additional group ( ex: "group-3")

Current result(s):

• the request is successful

Expected result(s):

• should update the challenge with the groups of his own

Attachments:

Since the query fetches the first N challenges from ES, if the call is unauthenticated, we should add a filter so groups is undefined.

Currently, if the first 20 records belong to a private group, the GET /challenges will always return [] even if there are millions of challenges available.

The challenge API is oddly returning a 404 when a call to the resource API fails. A 404 here isn't appropriate. It should be a 403 or a 500 error, depending on the error from the resource API. Returning a 404 is very confusing and sent me looking at the wrong stuff for a long time. The v5 errors need to be consistent and understandable. If we're already doing wonky stuff now, we're going to have a bad time.

Sample URL:

GET https://api.topcoder-dev.com/v5/challenges?status=Active&page=1&perPage=50&memberId=8547899

If you remove the memberId value, the call succeeds (or at least returns an empty array).

Currently, we're using new Date() to set date properties which takes the timezone from the environment. We need to make sure all dates are set with UTC dates to keep everything consistent across different systems.

Depends on #5

We need to perform AV scan to all attachments.

Updates to the Data Model:

{
    "id": "0624fc78-d985-483b-a1b2-d988ba998221",
    "legacyId": 30061774,
    "typeId": "6950164f-3c5e-4bdc-abc8-22aaf5a1bd49",
    "track": "DEVELOP", //move to legacy object
    "name": "Mjolnir Bug Bash - Round 2 - gauravseta",
    "description": "https://github.com/topcoderinc/mjolnir-app/issues?q=assignee%3AGauravseta+is%3Aclosed+label%3A%22Payment+Required%22<br />\n<br />\n84 pts = $420",
    "reviewType": "INTERNAL", //move to legacy object
    "projectId": 13078,
    "forumId": "39984", //move to legacy object
    "status": "Completed",
    "created": "2018-01-01T09:33:28.000Z",
    "createdBy": "23200120",
    "updated": "2018-01-19T14:08:30.000Z",
    "updateBy": "22841596",
    "timelineTemplateId": "N/A",
    "phases": [
        {
            "id": "9df48e25-6295-4080-9ecf-6a810e6c87bf",
            "duration": 864000000,
            "scheduledStartTime": "2018-01-02T09:00:00.000+0000",
            "isOpen": false
        },
        {
            "id": "b964c6f0-b8d2-46c8-a646-d4122d41a8b8",
            "duration": 863700000,
            "actualStartTime": "2018-01-01T09:35:31.356+0000",
            "scheduledStartTime": "2018-01-01T09:35:31.356+0000",
            "actualEndTime": "2018-01-01T09:35:31.356+0000",
            "isOpen": false
        }
    ],
    "terms": [
        {
            "id": "e3370508-a541-4b9c-b83f-3bad33dcca4c",
            "legacyId": 20704, // remove from this data object
            "title": "Standard Reviewer Terms v1.0", // remove
            "url": "", // remove
            "agreeabilityType": "Electronically-agreeable" // remove
        }
    ],
    "startDate": "2018-01-02T09:00:00.000Z",
    "prizeSets": [
        {
            "type": "Challenge Prize",
            "description": "Challenge Prize",
            "prizes": [
                {
                    "value": 420,
                    "type": "First Placement "
                }
            ]
        }
    ],
   "tags": [
        "Ionic",
        "Mobile"
    ],
    "groups": [],
    "winners": [
        {
            "handle": "gauravseta",
            "placement": 1
        }
    ],
    legacy: { //add this legacy object
      "forumId": 203984, // should be in forums api
      "track": "DEVELOP", //is this used for anything other than direct or OR?
     "reviewType": "INTERNAL", // this should be in the review/scorecard api
    }
    "challengeSettings": [ // rename to metadata
        {
            "type": "allowStockArt", // change from "type" to "name"
            "value": "false"
        },
        {
            "type": "submissionsViewable", // change from "type" to "name"
            "value": "false"
        }
    ],
    "type": "First2Finish"
}```

This will have implications on the api, migration, tests, swagger, postman... 

Update tests to include API Version prefix in routes