-
Notifications
You must be signed in to change notification settings - Fork 0
Sprint 4 is an authentication and onboarding sprint focused on introducing the access-control foundation needed for the next phase of Insightful Phish. The sprint moves the project from simple base login/registration behaviour toward a role-aware authentication system that supports Insightful Phish admins, organisation admins, organisation trainees, and individual trainees. This includes secure token-based authentication, local email capture, password and email management flows, invite-based onboarding, and role-based redirects into the appropriate dashboard areas.
The goal of the sprint is to make organisation onboarding and user access management possible before campaign assignment and reporting work expands in later sprints. This includes allowing organisations to request registration, allowing platform admins to approve organisations and invite the initial organisation admin, allowing organisation admins to invite employees, introducing organisation admin permissions and organisation-level security settings, and improving the frontend/backend structure around authentication flows.
Start: 2026-06-19
List view
0 of 22 selected 0 issues of 22 selected
feat: build frontend shared Sprint 4 authentication shell and components
area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#224 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate Sprint 4 auth client and protected route behaviour
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#226 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate email verification flow
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#236 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate forgot password flow
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#240 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate reset password flow
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#243 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: build frontend token-link error handling
area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#244 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate token-link error handling
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#246 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;docs: define SRS use case UC-04 request organisation registration
area:docsWork related to project documentation and supporting written artefacts.Work related to project documentation and supporting written artefacts.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:docsDocumentation work such as SRS, README, diagrams, guides, or comments.Documentation work such as SRS, README, diagrams, guides, or comments.Status: Open.#249 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;docs: define SRS use case UC-06 complete first organisation admin setup
area:docsWork related to project documentation and supporting written artefacts.Work related to project documentation and supporting written artefacts.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:docsDocumentation work such as SRS, README, diagrams, guides, or comments.Documentation work such as SRS, README, diagrams, guides, or comments.Status: Open.#261 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;docs: define SRS use case UC-07 accept organisation invitation
area:docsWork related to project documentation and supporting written artefacts.Work related to project documentation and supporting written artefacts.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:docsDocumentation work such as SRS, README, diagrams, guides, or comments.Documentation work such as SRS, README, diagrams, guides, or comments.Status: Open.#263 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: implement backend invitation acceptance and role change endpoints
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#265 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate accept invite and role change flows
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#266 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: build frontend minimal Sprint 4 dashboards
area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#282 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate minimal Sprint 4 dashboards and role redirects
area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#283 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: implement backend account settings and user session endpoints
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#290 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;test: add backend account and security settings API integration coverage
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.misc:testingWork focused on tests, test coverage, validation, or QA-related changes.Work focused on tests, test coverage, validation, or QA-related changes.priority:highImportant work that should be handled as soon as possible.Important work that should be handled as soon as possible.type:choreMaintenance or housekeeping work that supports development but is not a feature or bug fix.Maintenance or housekeeping work that supports development but is not a feature or bug fix.Status: Open.#291 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: integrate account settings and session management
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.area:frontendWork related to the web UI, pages, components, or client-side logic.Work related to the web UI, pages, components, or client-side logic.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.priority:mediumNormal-priority work that should be completed in the usual sprint flow.Normal-priority work that should be completed in the usual sprint flow.type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#292 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;fix: add resend verification cooldown response handling
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.type:bugSomething is broken, incorrect, or not working as expected.Something is broken, incorrect, or not working as expected.Status: Open.#313 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;fix: make login timing safer for unknown emails
area:backendWork related to APIs, services, business logic, or server-side code.Work related to APIs, services, business logic, or server-side code.misc:securitySecurity-related work, risks, vulnerabilities, or hardening tasks.Security-related work, risks, vulnerabilities, or hardening tasks.type:bugSomething is broken, incorrect, or not working as expected.Something is broken, incorrect, or not working as expected.Status: Open.#323 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: add accept-invite token context endpoint
type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open.#331 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;feat: implement invitation acceptance API with strict Zod validation,…
type:featureNew functionality or enhancement to existing functionality.New functionality or enhancement to existing functionality.Status: Open (in progress).COS301-SE-2026/Cybersecurity-Awareness-Training-Platformnumber 336#336 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;issue #263 docs: define SRS
area:docsWork related to project documentation and supporting written artefacts.Work related to project documentation and supporting written artefacts.Status: Open (in progress).COS301-SE-2026/Cybersecurity-Awareness-Training-Platformnumber 347#347 In COS301-SE-2026/Cybersecurity-Awareness-Training-Platform;