Merge branch 'main' into addauction

9962281f · aapekaur · ae07b989 · 7048d5e2 · 9962281f · 9962281f
Commit 9962281f authored 2 years ago by aapekaur
--- a/README.md
+++ b/README.md
@@ -5,6 +5,8 @@ This is the template for 2023 TJTS5901 Continuous Software Engineering -course.
 Sisu: <https://sisu.jyu.fi/student/courseunit/otm-38b7f26b-1cf9-4d2d-a29b-e1dcb5c87f00>
 Moodle: <https://moodle.jyu.fi/course/view.php?id=20888>

+Application address/deployment url : https://team13-webapp.azurewebsites.net/
+
 ## Start the app

 Repository provides an `docker-compose` file to start the app:

--- a/docs/week1.md
+++ b/docs/week1.md
@@ -2,6 +2,7 @@

 Radek Valigura from now on just **Radek**.
 Olli Mehtonen from now on just **Olli**.
+Aapo Kauranen from now on just **Aapo**.

 What have we done so far:
 ---
@@ -17,10 +18,14 @@ Olli:
 - Set up my local dev environment
 - Set up Azure resource group

+Aapo: (Added February 2nd)
+- Had plenty of issues with docker daemon and almost gave up.
+- Wrote some user stories.
+
 ## OWASP security risks

 1. Broken access control - We should secure our API, so that only a request to the pre-specified paths is possible.
 2. Cryptographic failure - We should hash (salt and paper) all the passwords of our users. Creating a secure environment for our users.
 3. Injection - all our database manipulation should go trough predefined API.
 4. Security Logging and Monitoring Failures - We should establish logging for failed password attempt and also create a temporary time block on an account in case of password hard cracking.
-5. Security Logging and Monitoring Failures - We should store our logs on a local machine and remote server as well.
\ No newline at end of file
+5. Security Logging and Monitoring Failures - We should store our logs on a local machine and remote server as well.
--- a/docs/week2.md
+++ b/docs/week2.md
@@ -2,6 +2,7 @@

 Radek Valigura from now on just **Radek**.
 Olli Mehtonen from now on just **Olli**.
+Aapo Kauranen from now on just **Aapo**.

 What have we done so far:
 ---
@@ -13,10 +14,13 @@ Radek:
 - wrote OWASP security risks considerations

 Olli:
- Wrote multiple user stories
- Wrote some of the ways of working stuff 
- Set up my local dev environment
- Set up Azure resource group
+- Wrote some user stories/created the template for gitlab
+- Got the pipeline to work/some DB initializing on Azure
+- Will check on the testing stage tomorrow
+
+Aapo:
+-Wrote one user story.
+-Created webpage template and frontend code to handle most of the bid submission. Actual request to backend will be written on 2nd or 3rd February.

 ## OWASP security risks

@@ -24,4 +28,4 @@ Olli:
 2. Cryptographic failure -Usage of outdated or cracked crypto/ hashing algorithms should be avoided.
 3. Injection - Prevent the too many argument injection, giving the user higher privileges.
 4. Injection - We should implement some form of validation of incoming data.
-5. Insecure design - We will only use widely used, regularly updated and verified libraries, to prevent inclusion of unsecured code.
\ No newline at end of file
+5. Insecure design - We will only use widely used, regularly updated and verified libraries, to prevent inclusion of unsecured code.