ODK Credential Management Best Practices

[susmina94]

Updating ODK (Open Data Kit) credentials, such as usernames and passwords, can have significant implications for existing projects that rely on these credentials. It is interesting to know how existing projects might react to such updates and what best practices should be followed.

Discussion Point 1 :
Suppose, I have a project with some number of submissions in it, if someone change the ODK credentials, I will not have access to those submissions nor the projects.

How could we possibly handle a situation like this?

Potential Solution 1:
When the user updates the ODK credential and try to view the associated project.
Instead of a failure message, maybe send a message stating "Your ODK credentials might have been updated. Please update to view the project" and prompt the users to update the ODK credentials.

[spwoodcock]

Very good idea - we need a informative message to the user if the credentials change.

It should be easy to determine: we get a 404 response from odk central, we catch the exception, provide the message 'ODK Collect credentials are invalid, or may have been updated. Please verify them.', we then halt any further execution.

We also need an easy way for users to update the odk credentials for a project in the frontend. For good UX, this could also be handled in a popup if the user receives the error - they enter the new credentials, submit, and we try again.

[spwoodcock]

I have updated osm_fieldwork to resolve this discussion.

OdkCentral.py:

try:
    central = OdkCentral(
        "https://somerandominvalidurl546456546.xyz",
        "test@hotosm.org",
        "Password1234"
    )
except ConnectionError as conn_error:
    # The error message should be one of (invalid url in the case above):
    # Failed to connect to Central. Is the URL valid?
    # ODK credentials are invalid, or may have changed.
    raise HttpException(status_code=HTTPStatus.BAD_REQUEST, detail=str(conn_error)

OdkCentralAsync.py

try:
    async with OdkCentral(
        "https://somerandominvalidurl546456546.xyz",
        "test@hotosm.org",
        "Password1234"
    ) as central:
        pass
except ConnectionError as conn_error:
    # The error message should be one of (invalid url in the case above):
    # Failed to connect to Central. Is the URL valid?
    # ODK credentials are invalid, or may have changed.
    raise HttpException(status_code=HTTPStatus.BAD_REQUEST, detail=str(conn_error)

@manjitapandey
we should coordinate changes to the backend and frontend here.

• Backend: wrap instantiation of OdkCentral, OdkProject, OdkAppUser, OdkForm, OdkEntity in try/except blocks as above.
• Frontend: if a HTTP 400 BAD_REQUEST is returned from an endpoint, that needs to call ODK Central, then display the message to the user in a toast.

Can go in the release after next, 2024.04 👍