This should be true when the user has a password set and false if not.

The created date for user accounts has not been set in the database

Currently the seed is generated by the system time meaning that the multiple choice questions will shuffle per user view.

The answer should be stripped from IsaacMultipleChoiceQuestions and IsaacNumericaQuestions.

Merge two user accounts when they are linked using different 3rd party authenticators and a user elects to link one from the other.

Question{byId}
Concept{byId}
PageFragment{byId}

This should throw an error (not return a 200 with an incorrect response) as it is likely not the users fault.

Endpoint that serves a random problem out of /content/featured_problems/extraordinary_problems

We need a service that allows look ups for school names and postcodes for the registration form.

The tagList collection is not expunged when other cache clearing mechanisms are executed.

This will hopefully improve performance and also make it easier to move away from mongo if we choose to.

Path not being augmented, see: isaacphysics/isaac-app#121

If the log in fails for some reason then the user is left with some raw json output from the api endpoint (try clicking on the facebook and twitter log in buttons in quick succession to simulate a CSRF failure)

Provide an endpoint to allow the frontend to explicitly say that a gameboard should be added to the my boards page.

You will, apparently, know what this means ;-)

It would be nice if the search also went through related content. Example: If you search for Newton, the concepts with Newton in it and questions which are linked to those concepts.

We should possibly store a signed session in a separate long lived cookie that can be used to refresh the users session rather than making them login again every 30minutes and storing it in the servers session database.

We want stop UserDOs from being exposed beyond the user manager class in the architecture.

Currently the initial live version of the site is stored in a config file packaged up in the war. Is is no good if we want to change the initial version of the site as it could regress if the server is restarted.

See isaacphysics/isaac-app#114.

See: isaacphysics/isaac-app#276

The message that's now displayed in the front end is:
Registration Failed: Duplicate key found. An existing account may already exist with the e-mail address specified.

The string "Duplicate key found. An existing account may already exist with the e-mail address specified." comes from the API error message. I would suggest removing "Duplicate key found. " from the start of the string as this is somewhat meaningless to the average joe.

This endpoint should only search for questions / fast track questions.

This is for the my boards page

And refactor current email sending mechanism in UserManager

To repeat:

Sign up with Facebook, making sure you're not already in the DB.
Log out
Notice that the user object is created correctly in the DB.
Attempt to log in with Facebook. Get the following error:

{"responseCode":400,"errorMessage":"A user already exists with the e-mail address specified.","responseCodeType":"Bad Request"}

Horrible concurrency bug: requesting single pages while indexing causes blocking

This feature is to support content editors on staging.

See isaacphysics/isaac-app#115

Improve gameboard composition logic to prevent users from generating game boards that are already totally completed.

Include completed boards count plus total for example.

Currently the units are required by the frontend, so IsaacNumericQuestions should be given a separate units list instead of exposing the correct answers from the api endpoint.

"null" appended to redirect url after 3rd party authentication

Allow users to interact with questions anonymously and then allow saving of these questions if the user subsequently registers.

E.g. Challenge of the month Questions.

Currently security and authentication related config settings are stored in git and represent a barrier to us making this repo public.

We should move these config files in the same way that we have done for the live_version.properties file.

There is a (tiny) bit of debate about this, but the conclusion is that email addresses should always be case-insensitive. See http://stackoverflow.com/a/9808332

Currently the user is redirected (by javascript) directly to the API endpoint which then 307's (Temporary Redirect) the user to the oauth provider's website. The oauth provider's URL could instead be wrapped in a JSON object and returned from the endpoint and then the client could be redirected there via javascript, thus hiding the endpoint.