From 6f18583cacfeba88c467dd7efde32b4dadf3841b Mon Sep 17 00:00:00 2001
From: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>
Date: Wed, 11 Dec 2024 14:56:48 +0545
Subject: [PATCH 01/15] OData Connection for Submission Analysis

Signed-off-by: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>
---
 .../OData Connection for Submission Analysis  | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs/manuals/OData Connection for Submission Analysis

diff --git a/docs/manuals/OData Connection for Submission Analysis b/docs/manuals/OData Connection for Submission Analysis
new file mode 100644
index 0000000000..b5cc0867d4
--- /dev/null
+++ b/docs/manuals/OData Connection for Submission Analysis	
@@ -0,0 +1,27 @@
+If you want to visualise the submissions and create custom charts
+and diagrams using FMTM submissions, then you can follow the steps 
+below and load the submissions on any data analysis platform using OData. 
+OData endpoints are a standardised way to ingest 
+this data into other tools: PowerBI, Tableau, Redash, Grafana
+
+Why PowerBI? You can use other tools too like Tableau, Redash, Grafana or even
+Excel. However, PowerBI is free to use, very powerful, and user friendly though its Proprietary Microsoft. 
+
+The steps shows how to use powerBI and create custom visualisations. 
+ODK already has good docs on this which you can refer to. 
+https://docs.getodk.org/tutorial-mapping-households/ 
+
+Step 1: Start a new project, add a new data source 'OData Feed'
+https://private-user-images.githubusercontent.com/78538841/366426499-376de20e-61e5-452e-ab76-669bf1940c72.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzM5MDgwMTUsIm5iZiI6MTczMzkwNzcxNSwicGF0aCI6Ii83ODUzODg0MS8zNjY0MjY0OTktMzc2ZGUyMGUtNjFlNS00NTJlLWFiNzYtNjY5YmYxOTQwYzcyLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMTElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjExVDA5MDE1NVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPThiMWYzOTBiMDQyNGEzNDI1ZjBjZDg1Mjg2ZmE0NGU4Yzg1MGQyZWIyN2Q5YjQ4MGJmZmRlYzYzMWI3OWMxZWQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.riSVz4Y2tiFXqjkaSWsmsOvLjhx8M_5YiA-LSQ7FBys
+Step 2: Use the OData URLs shown in the ODK docs:
+a. Submission data: /v1/projects/{projectId}/forms/{xmlFormId}.svc
+e.g. https://odk.hotosm.org/v1/projects/86/forms/df9135c8-84b1-4753-b348-e8963a8b4088.svc
+a. Entity data: /v1/projects/{projectId}/datasets/{name}.svc
+e.g. https://odk.hotosm.org/v1/projects/86/datasets/features.svc
+
+Step 3: Enter your credentials using Basic Auth
+
+Step 4: Preview the data
+
+Step 5: Transform data as needed, load into charts, graphs, etc, to create the dashboard you need.
+

From 1b0ed1bdbcd87a597a60aa8f425b73b463059ecb Mon Sep 17 00:00:00 2001
From: Sam <78538841+spwoodcock@users.noreply.github.com>
Date: Thu, 12 Dec 2024 02:49:05 +0545
Subject: [PATCH 02/15] fix: finalise auth setup between frontends (#1981)

* refactor(frontend): remove DebugConsole, conflicting with CheckLoginState

* fix: rework authentication logic between two frontends
---
 src/backend/app/auth/auth_deps.py             |  84 ++++++++++--
 src/backend/app/auth/auth_routes.py           | 123 ++++++------------
 src/backend/app/auth/auth_schemas.py          |  39 ++++--
 src/backend/app/auth/providers/osm.py         |  15 ++-
 src/frontend/src/App.tsx                      |  59 ++++-----
 src/frontend/src/components/LoginPopup.tsx    |   2 +-
 src/frontend/src/store/slices/LoginSlice.ts   |   1 -
 src/frontend/src/utilfunctions/login.ts       |  34 +++--
 src/frontend/src/utilities/CustomDrawer.tsx   |  14 +-
 src/frontend/src/utilities/DebugConsole.tsx   |  51 --------
 src/frontend/src/utilities/PrimaryAppBar.tsx  |   8 +-
 src/frontend/src/views/OsmAuth.tsx            |  63 +++++----
 .../src/views/PlaywrightTempLogin.tsx         |  36 ++---
 src/frontend/src/views/ProjectDetailsV2.tsx   |  18 ---
 src/mapper/src/lib/components/header.svelte   |  14 +-
 src/mapper/src/lib/components/login.svelte    |   2 +-
 src/mapper/src/lib/utils/login.ts             |  34 +++++
 src/mapper/src/routes/[projectId]/+page.ts    |  22 ++--
 src/mapper/src/store/login.svelte.ts          |  25 +---
 19 files changed, 326 insertions(+), 318 deletions(-)
 delete mode 100644 src/frontend/src/utilities/DebugConsole.tsx

diff --git a/src/backend/app/auth/auth_deps.py b/src/backend/app/auth/auth_deps.py
index fcd24db6f9..2044b851c8 100644
--- a/src/backend/app/auth/auth_deps.py
+++ b/src/backend/app/auth/auth_deps.py
@@ -18,11 +18,12 @@
 
 """Auth dependencies, for restricted routes and cookie handling."""
 
-import time
+from time import time
 from typing import Optional
 
 import jwt
 from fastapi import Header, HTTPException, Request, Response
+from fastapi.responses import JSONResponse
 from loguru import logger as log
 
 from app.auth.auth_schemas import AuthUser
@@ -67,14 +68,16 @@ def set_cookie(
 
 
 def set_cookies(
+    response: Response,
     access_token: str,
     refresh_token: str,
     cookie_name: str = settings.cookie_name,
     refresh_cookie_name: str = f"{settings.cookie_name}_refresh",
-) -> Response:
+) -> JSONResponse:
     """Set cookies for the access and refresh tokens.
 
     Args:
+        response (str): The response to attach the cookies to.
         access_token (str): The access token to be stored in the cookie.
         refresh_token (str): The refresh token to be stored in the cookie.
         cookie_name (str, optional): The name of the cookie to store the access token.
@@ -82,13 +85,8 @@ def set_cookies(
             refresh token.
 
     Returns:
-        Response: A response with attached cookies (set-cookie headers).
+        JSONResponse: A response with attached cookies (set-cookie headers).
     """
-    # NOTE if needed we can return the token in the JSON response, but we don't for now
-    # response = JSONResponse(status_code=HTTPStatus.OK,
-    # content={"token": access_token})
-    response = Response(status_code=HTTPStatus.OK)
-
     secure = not settings.DEBUG
     domain = settings.FMTM_DOMAIN
 
@@ -123,7 +121,7 @@ def create_jwt_tokens(input_data: dict) -> tuple[str, str]:
     """
     access_token_data = input_data.copy()
     # Set refresh token expiry to 7 days
-    refresh_token_data = {**input_data, "exp": int(time.time()) + 86400 * 7}
+    refresh_token_data = {**input_data, "exp": int(time()) + 86400 * 7}
 
     encryption_key = settings.ENCRYPTION_KEY.get_secret_value()
     algorithm = settings.JWT_ENCRYPTION_ALGORITHM
@@ -140,7 +138,7 @@ def refresh_jwt_token(
     expiry_seconds: int = 86400,
 ) -> str:
     """Generate a new JTW token with expiry."""
-    payload["exp"] = int(time.time()) + expiry_seconds
+    payload["exp"] = int(time()) + expiry_seconds
     return jwt.encode(
         payload,
         settings.ENCRYPTION_KEY.get_secret_value(),
@@ -188,6 +186,58 @@ def verify_jwt_token(token: str, ignore_expiry: bool = False) -> dict:
         ) from e
 
 
+async def refresh_cookies(
+    request: Request,
+    current_user: AuthUser,
+    cookie_name: str,
+    refresh_cookie_name: str,
+):
+    """Reusable function to renew the expiry on cookies.
+
+    Used by both management and mapper refresh endpoints.
+    """
+    if settings.DEBUG:
+        return JSONResponse(
+            status_code=HTTPStatus.OK,
+            content={**current_user.model_dump()},
+        )
+
+    access_token = get_cookie_value(request, cookie_name)
+    if not access_token:
+        raise HTTPException(
+            status_code=HTTPStatus.UNAUTHORIZED,
+            detail="No access token provided",
+        )
+
+    refresh_token = get_cookie_value(request, refresh_cookie_name)
+    if not refresh_token:
+        raise HTTPException(
+            status_code=HTTPStatus.UNAUTHORIZED,
+            detail="No refresh token provided",
+        )
+
+    # Decode JWT and get data from both cookies,
+    # checking refresh expiry is valid first
+    refresh_token_data = verify_jwt_token(refresh_token)
+    access_token_data = verify_jwt_token(access_token, ignore_expiry=True)
+
+    try:
+        # Refresh token + refresh token
+        new_access_token = refresh_jwt_token(access_token_data)
+        new_refresh_token = refresh_jwt_token(refresh_token_data)
+    except Exception as e:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail=f"Failed to refresh tokens: {e}",
+        ) from e
+
+    # NOTE Append the user data to the JSONResponse so we can display in the
+    # frontend header. For the mapper frontend this is enough, but for the
+    # management frontend we instead use the return from /auth/me
+    response = JSONResponse(status_code=HTTPStatus.OK, content=access_token_data)
+    return set_cookies(response, new_access_token, new_refresh_token)
+
+
 ### Endpoint Dependencies ###
 
 
@@ -219,7 +269,19 @@ async def mapper_login_required(
         settings.cookie_name,  # OSM cookie
         f"{settings.cookie_name}_temp",  # Temp cookie
     )
-    return await _authenticate_user(extracted_token)
+
+    # Verify login and continue
+    if extracted_token:
+        return await _authenticate_user(extracted_token)
+
+    # Else user has no token, so we provide login data automatically
+    username = "svcfmtm"
+    temp_user = {
+        "sub": "fmtm|20386219",
+        "username": username,
+        "role": UserRole.MAPPER,
+    }
+    return AuthUser(**temp_user)
 
 
 async def _authenticate_user(access_token: Optional[str]) -> AuthUser:
diff --git a/src/backend/app/auth/auth_routes.py b/src/backend/app/auth/auth_routes.py
index 7a8f9a4ba3..247c3ced2a 100644
--- a/src/backend/app/auth/auth_routes.py
+++ b/src/backend/app/auth/auth_routes.py
@@ -19,7 +19,7 @@
 """Auth routes, to login, logout, and get user details."""
 
 from time import time
-from typing import Annotated
+from typing import Annotated, Optional
 
 from fastapi import APIRouter, Depends, HTTPException, Request, Response
 from fastapi.responses import JSONResponse
@@ -29,12 +29,10 @@
 
 from app.auth.auth_deps import (
     create_jwt_tokens,
-    get_cookie_value,
     login_required,
     mapper_login_required,
-    refresh_jwt_token,
+    refresh_cookies,
     set_cookies,
-    verify_jwt_token,
 )
 from app.auth.auth_schemas import AuthUser, FMTMUser
 from app.auth.providers.osm import handle_osm_callback, init_osm_auth
@@ -80,6 +78,7 @@ async def callback(
     Also returns a cookie containing the access token for persistence in frontend apps.
     """
     try:
+        # This includes the main cookie, refresh cookie, osm token cookie
         response_plus_cookies = await handle_osm_callback(request, osm_auth)
         return response_plus_cookies
     except Exception as e:
@@ -164,7 +163,7 @@ async def get_or_create_user(
                 {
                     "user_id": user_data.id,
                     "username": user_data.username,
-                    "profile_img": user_data.picture or "",
+                    "profile_img": user_data.profile_img or "",
                     "role": UserRole(user_data.role).name,
                 },
             )
@@ -211,64 +210,7 @@ async def my_data(
     return await get_or_create_user(db, current_user)
 
 
-async def refresh_fmtm_cookies(request: Request, current_user: AuthUser):
-    """Reusable function to renew the expiry on the FMTM and expiry tokens.
-
-    Used by both management and mapper refresh endpoints.
-    """
-    if settings.DEBUG:
-        return JSONResponse(
-            status_code=HTTPStatus.OK,
-            content={**current_user.model_dump()},
-        )
-
-    try:
-        access_token = get_cookie_value(
-            request,
-            settings.cookie_name,  # OSM cookie
-        )
-        if not access_token:
-            raise HTTPException(
-                status_code=HTTPStatus.UNAUTHORIZED,
-                detail="No access token provided",
-            )
-
-        refresh_token = get_cookie_value(
-            request,
-            f"{settings.cookie_name}_refresh",  # OSM refresh cookie
-        )
-        if not refresh_token:
-            raise HTTPException(
-                status_code=HTTPStatus.UNAUTHORIZED,
-                detail="No refresh token provided",
-            )
-
-        # Decode JWT and get data from both cookies
-        access_token_data = verify_jwt_token(access_token, ignore_expiry=True)
-        refresh_token_data = verify_jwt_token(refresh_token)
-
-        # Refresh token + refresh token
-        new_access_token = refresh_jwt_token(access_token_data)
-        new_refresh_token = refresh_jwt_token(refresh_token_data)
-
-        response = set_cookies(new_access_token, new_refresh_token)
-        # Append the user data to the JSONResponse
-        # We use this in the frontend to determine if the token user matches the
-        # currently logged in user. If no, we clear the frontend auth state.
-        return JSONResponse(
-            status=response.status,
-            headers=response.headers,
-            content=access_token_data,
-        )
-
-    except Exception as e:
-        raise HTTPException(
-            status_code=HTTPStatus.BAD_REQUEST,
-            detail=f"Failed to refresh the access token: {e}",
-        ) from e
-
-
-@router.get("/refresh/management", response_model=AuthUser)
+@router.get("/refresh/management", response_model=FMTMUser)
 async def refresh_management_cookies(
     request: Request,
     current_user: Annotated[AuthUser, Depends(login_required)],
@@ -278,16 +220,20 @@ async def refresh_management_cookies(
     This endpoint is specific to the management desktop frontend.
     Any temp auth cookies will be ignored and removed.
     OSM login is required.
+
+    NOTE this endpoint has no db calls and returns in ~2ms.
     """
-    response = await refresh_fmtm_cookies(request, current_user)
+    response = await refresh_cookies(
+        request,
+        current_user,
+        settings.cookie_name,
+        f"{settings.cookie_name}_refresh",
+    )
 
     # Invalidate any temp cookies from mapper frontend
-    fmtm_cookie_name = settings.cookie_name
-    temp_cookie_name = f"{fmtm_cookie_name}_temp"
-    temp_refresh_cookie_name = f"{fmtm_cookie_name}_temp_refresh"
     for cookie_name in [
-        temp_cookie_name,
-        temp_refresh_cookie_name,
+        f"{settings.cookie_name}_temp",
+        f"{settings.cookie_name}_temp_refresh",
     ]:
         log.debug(f"Resetting cookie in response named '{cookie_name}'")
         response.set_cookie(
@@ -305,7 +251,7 @@ async def refresh_management_cookies(
     return response
 
 
-@router.get("/refresh/mapper", response_model=AuthUser)
+@router.get("/refresh/mapper", response_model=Optional[FMTMUser])
 async def refresh_mapper_token(
     request: Request,
     current_user: Annotated[AuthUser, Depends(mapper_login_required)],
@@ -315,34 +261,41 @@ async def refresh_mapper_token(
     This endpoint is specific to the mapper mobile frontend.
     By default the user will be logged in with a temporary auth cookie.
     OSM auth is optional, if the user wishes to be attributed for contributions.
+
+    NOTE this endpoint has no db calls and returns in ~2ms.
     """
     try:
-        response = await refresh_fmtm_cookies(request, current_user)
+        # If standard login cookie is passed, use that
+        response = await refresh_cookies(
+            request,
+            current_user,
+            settings.cookie_name,
+            f"{settings.cookie_name}_refresh",
+        )
         return response
     except HTTPException:
         # NOTE we allow for token verification to fail for the main cookie
         # and fallback to to generate a temp auth cookie
         pass
 
-    username = "svcfmtm"
-    jwt_data = {
-        "sub": "fmtm|20386219",
+    # Refresh the temp cookies (we must re-create the 'sub' field)
+    temp_jwt_details = {
+        **current_user.model_dump(exclude=["id"]),
+        "sub": f"fmtm|{current_user.id}",
         "aud": settings.FMTM_DOMAIN,
         "iat": int(time()),
         "exp": int(time()) + 86400,  # set token expiry to 1 day
-        "username": username,
-        "picture": None,
-        "role": UserRole.MAPPER,
     }
-    access_token, refresh_token = create_jwt_tokens(jwt_data)
-    response = set_cookies(
-        access_token,
+
+    fmtm_token, refresh_token = create_jwt_tokens(temp_jwt_details)
+    # NOTE be sure to not append content=current_user.model_dump() to this JSONResponse
+    # as we want the login state on the frontend to remain empty (allowing the user to
+    # log in via OSM instead / override)
+    response = JSONResponse(status_code=HTTPStatus.OK, content={})
+    return set_cookies(
+        response,
+        fmtm_token,
         refresh_token,
         f"{settings.cookie_name}_temp",
         f"{settings.cookie_name}_temp_refresh",
     )
-    return JSONResponse(
-        status=response.status,
-        headers=response.headers,
-        content=jwt_data,
-    )
diff --git a/src/backend/app/auth/auth_schemas.py b/src/backend/app/auth/auth_schemas.py
index db1527e0fb..baa8f2f826 100644
--- a/src/backend/app/auth/auth_schemas.py
+++ b/src/backend/app/auth/auth_schemas.py
@@ -38,15 +38,22 @@ class ProjectUserDict(TypedDict):
     project: DbProject
 
 
-class AuthUser(BaseModel):
-    """The user model returned from OSM OAuth2."""
+class BaseUser(BaseModel):
+    """Base user model to inherit."""
 
     model_config = ConfigDict(use_enum_values=True)
 
     username: str
+    # TODO any usage of profile_img should be refactored out
+    # in place of 'picture'
+    profile_img: Optional[str] = None
     picture: Optional[str] = None
     role: Optional[UserRole] = UserRole.MAPPER
 
+
+class AuthUser(BaseUser):
+    """The user model returned from OSM OAuth2."""
+
     _sub: str = PrivateAttr()  # it won't return this field
 
     def __init__(self, sub: str, **data):
@@ -61,6 +68,14 @@ def id(self) -> int:
         sub = self._sub
         return int(sub.split("|")[1])
 
+    def model_post_init(self, ctx):
+        """Temp workaround to convert oauth picture --> profile_img.
+
+        TODO profile_img is used in the db for now, but will be refactored.
+        """
+        if self.picture:
+            self.profile_img = self.picture
+
 
 # NOTE we no longer use this, but is present as an example
 # class AuthUserWithToken(AuthUser):
@@ -68,16 +83,18 @@ def id(self) -> int:
 #     token: str
 
 
-class FMTMUser(BaseModel):
-    """User details returned to the frontend.
-
-    TODO this should inherit from AuthUser and extend.
-    TODO profile_img should be refactored to `picture`.
-    """
+class FMTMUser(BaseUser):
+    """User details returned to the frontend."""
 
     id: int
-    username: str
-    profile_img: str
-    role: UserRole
     project_roles: Optional[dict[int, ProjectRole]] = None
     orgs_managed: Optional[list[int]] = None
+
+    def model_post_init(self, ctx):
+        """Add to picture field, and remove the value for profile_img.
+
+        We need this workaround as OSM returns profile_img in the response.
+        """
+        if self.profile_img:
+            self.picture = self.profile_img
+            self.profile_img = None
diff --git a/src/backend/app/auth/providers/osm.py b/src/backend/app/auth/providers/osm.py
index 728e984a19..04268275ca 100644
--- a/src/backend/app/auth/providers/osm.py
+++ b/src/backend/app/auth/providers/osm.py
@@ -21,13 +21,13 @@
 import os
 from time import time
 
-from fastapi import Request
+from fastapi import Request, Response
 from loguru import logger as log
 from osm_login_python.core import Auth
 
 from app.auth.auth_deps import create_jwt_tokens, set_cookies
 from app.config import settings
-from app.db.enums import UserRole
+from app.db.enums import HTTPStatus, UserRole
 
 if settings.DEBUG:
     # Required as callback url is http during dev
@@ -82,9 +82,14 @@ async def handle_osm_callback(request: Request, osm_auth: Auth):
 
     # Create our JWT tokens from user data
     fmtm_token, refresh_token = create_jwt_tokens(user_data)
-    response_plus_cookies = set_cookies(fmtm_token, refresh_token)
-
-    # Get OSM token from response (serialised in cookie, deserialise to use)
+    response = Response(status_code=HTTPStatus.OK)
+    response_plus_cookies = set_cookies(response, fmtm_token, refresh_token)
+
+    # NOTE Here we create a separate cookie to store the OSM token, for later
+    # workflows such as conflation (OSM changesets) or OSM messaging.
+    # First, we get the OSM token from response.
+    # The token is serialised in the cookie & must be deserialised using
+    # osm_login_python.auth.deserialize_data.
     serialised_osm_token = tokens.get("oauth_token")
     cookie_name = settings.cookie_name
     osm_cookie_name = f"{cookie_name}_osm"
diff --git a/src/frontend/src/App.tsx b/src/frontend/src/App.tsx
index e60181f685..92e3d1b603 100755
--- a/src/frontend/src/App.tsx
+++ b/src/frontend/src/App.tsx
@@ -2,8 +2,8 @@ import React, { useEffect } from 'react';
 import { RouterProvider } from 'react-router-dom';
 import { Provider, useDispatch } from 'react-redux';
 import { PersistGate } from 'redux-persist/integration/react';
-import CoreModules from '@/shared/CoreModules';
 import { LoginActions } from '@/store/slices/LoginSlice';
+import { refreshCookies, getUserDetailsFromApi } from '@/utilfunctions/login';
 
 // import '@hotosm/ui/components/Tracking';
 import '@hotosm/ui/dist/style.css';
@@ -14,40 +14,35 @@ import AppRoutes from '@/routes';
 import { store, persistor } from '@/store/Store';
 import OfflineReadyPrompt from '@/components/OfflineReadyPrompt';
 
-const CheckLoginState = () => {
+const RefreshUserCookies = () => {
   const dispatch = useDispatch();
-  const authDetails = CoreModules.useAppSelector((state) => state.login.authDetails);
 
-  const checkIfUserLoginValid = () => {
-    fetch(`${import.meta.env.VITE_API_URL}/auth/refresh/management`, { credentials: 'include' })
-      .then((resp) => {
-        if (resp.status !== 200) {
-          dispatch(LoginActions.signOut());
-          return;
-        }
-        return resp.json();
-      })
-      .then((apiUser) => {
-        if (!apiUser) return;
-
-        if (apiUser.username !== authDetails?.username) {
-          // Mismatch between store user and logged in user via api
-          dispatch(LoginActions.signOut());
+  useEffect(() => {
+    const refreshUserDetails = async () => {
+      try {
+        if (!window.location.pathname.includes('osmauth')) {
+          // Do not do this on the /osmauth page after OSM callback / redirect
+          const refreshSuccess = await refreshCookies();
+          if (refreshSuccess) {
+            // Call /auth/me to populate the user details in the header
+            const apiUser = await getUserDetailsFromApi();
+            if (apiUser) {
+              dispatch(LoginActions.setAuthDetails(apiUser));
+              // To prevent calls to /auth/me in future (on mapper frontend)
+              // We still require this here to retrieve role info for the user
+              localStorage.setItem('fmtm-user-exists', 'true');
+            } else {
+              console.error('Failed to fetch user details after cookie refresh.');
+            }
+          }
         }
-      })
-      .catch((error) => {
-        console.log(error);
-      });
-  };
+      } catch (err) {
+        console.error('Unexpected error in RefreshUserCookies:', err);
+      }
+    };
 
-  useEffect(() => {
-    // Check current login state (omit callback url)
-    if (!window.location.pathname.includes('osmauth')) {
-      // No need for token refresh check if user details are not set
-      if (!authDetails) return;
-      checkIfUserLoginValid();
-    }
-  }, [authDetails]);
+    refreshUserDetails();
+  }, [dispatch]);
 
   return null; // Renders nothing
 };
@@ -57,7 +52,7 @@ const App = () => {
     <Provider store={store}>
       <PersistGate loading={null} persistor={persistor}>
         <RouterProvider router={AppRoutes} />
-        <CheckLoginState />
+        <RefreshUserCookies />
         <OfflineReadyPrompt />
         <hot-tracking site-id={environment.matomoTrackingId} domain={'fmtm.hotosm.org'}></hot-tracking>
       </PersistGate>
diff --git a/src/frontend/src/components/LoginPopup.tsx b/src/frontend/src/components/LoginPopup.tsx
index 9031430305..bcc9ef4247 100644
--- a/src/frontend/src/components/LoginPopup.tsx
+++ b/src/frontend/src/components/LoginPopup.tsx
@@ -33,7 +33,7 @@ const LoginPopup = () => {
 
   const handleSignIn = async (selectedOption: string) => {
     if (selectedOption === 'osm_account') {
-      localStorage.setItem('requestedPath', from);
+      sessionStorage.setItem('requestedPath', from);
       osmLoginRedirect();
     }
   };
diff --git a/src/frontend/src/store/slices/LoginSlice.ts b/src/frontend/src/store/slices/LoginSlice.ts
index f1b420a61e..075ccad4ae 100755
--- a/src/frontend/src/store/slices/LoginSlice.ts
+++ b/src/frontend/src/store/slices/LoginSlice.ts
@@ -15,7 +15,6 @@ const LoginSlice = CoreModules.createSlice({
       state.authDetails = action.payload;
     },
     signOut(state) {
-      storage.removeItem('persist:login');
       state.authDetails = null;
     },
     setLoginModalOpen(state, action) {
diff --git a/src/frontend/src/utilfunctions/login.ts b/src/frontend/src/utilfunctions/login.ts
index 777fcc2137..a50a04ec3b 100644
--- a/src/frontend/src/utilfunctions/login.ts
+++ b/src/frontend/src/utilfunctions/login.ts
@@ -1,19 +1,35 @@
 // The /auth/me endpoint does an UPSERT in the database, ensuring the user
 // exists in the FMTM DB
 export const getUserDetailsFromApi = async () => {
-  const resp = await fetch(`${import.meta.env.VITE_API_URL}/auth/me`, {
-    credentials: 'include',
-  });
+  try {
+    const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/me`, {
+      credentials: 'include',
+    });
 
-  if (resp.status !== 200) {
-    return false;
+    if (!response.ok) {
+      throw new Error(`Status: ${response.status}`);
+    }
+
+    return response.json();
+  } catch (err) {
+    console.error('Error retrieving user details:', err);
   }
+};
 
-  const apiUser = await resp.json();
+export const refreshCookies = async () => {
+  try {
+    const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/refresh/management`, {
+      credentials: 'include',
+    });
 
-  if (!apiUser) return false;
+    if (!response.ok) {
+      return false;
+    }
 
-  return apiUser;
+    return true;
+  } catch (err) {
+    return false;
+  }
 };
 
 export const osmLoginRedirect = async () => {
@@ -26,7 +42,7 @@ export const osmLoginRedirect = async () => {
   }
 };
 
-export const revokeCookie = async () => {
+export const revokeCookies = async () => {
   try {
     const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/logout`, { credentials: 'include' });
     if (!response.ok) {
diff --git a/src/frontend/src/utilities/CustomDrawer.tsx b/src/frontend/src/utilities/CustomDrawer.tsx
index 19468b4bb3..60d3ce610f 100644
--- a/src/frontend/src/utilities/CustomDrawer.tsx
+++ b/src/frontend/src/utilities/CustomDrawer.tsx
@@ -4,11 +4,10 @@ import Button from '@/components/common/Button';
 import CoreModules from '@/shared/CoreModules';
 import AssetModules from '@/shared/AssetModules';
 import { NavLink } from 'react-router-dom';
-import { revokeCookie } from '@/utilfunctions/login';
+import { revokeCookies } from '@/utilfunctions/login';
 import { CommonActions } from '@/store/slices/CommonSlice';
 import { LoginActions } from '@/store/slices/LoginSlice';
 import { ProjectActions } from '@/store/slices/ProjectSlice';
-import DebugConsole from '@/utilities/DebugConsole';
 import { useAppSelector } from '@/types/reduxTypes';
 
 type customDrawerType = {
@@ -74,7 +73,6 @@ export default function CustomDrawer({ open, size, type, onClose, setOpen }: cus
   const dispatch = CoreModules.useAppDispatch();
 
   const defaultTheme = useAppSelector((state) => state.theme.hotTheme);
-  const [showDebugConsole, setShowDebugConsole] = useState(false);
   const authDetails = CoreModules.useAppSelector((state) => state.login.authDetails);
 
   const onMouseEnter = (event: React.MouseEvent<HTMLElement>) => {
@@ -112,7 +110,7 @@ export default function CustomDrawer({ open, size, type, onClose, setOpen }: cus
   const handleOnSignOut = async () => {
     setOpen(false);
     try {
-      await revokeCookie();
+      await revokeCookies();
       dispatch(LoginActions.signOut());
       dispatch(ProjectActions.clearProjects([]));
     } catch {
@@ -129,7 +127,6 @@ export default function CustomDrawer({ open, size, type, onClose, setOpen }: cus
 
   return (
     <div>
-      <DebugConsole showDebugConsole={showDebugConsole} setShowDebugConsole={setShowDebugConsole} />
       <React.Fragment>
         <SwipeableDrawer swipeAreaWidth={0} onOpen={onClose} anchor={'right'} open={open} onClose={onClose}>
           <CoreModules.Stack sx={{ display: 'flex', flexDirection: 'column', padding: 3 }}>
@@ -153,12 +150,12 @@ export default function CustomDrawer({ open, size, type, onClose, setOpen }: cus
                 ml={'3%'}
                 spacing={1}
               >
-                {authDetails['profile_img'] !== 'null' && authDetails['profile_img'] ? (
+                {authDetails['picture'] !== 'null' && authDetails['picture'] ? (
                   <CoreModules.Stack
                     className="fmtm-w-7 fmtm-h-7 fmtm-flex fmtm-items-center fmtm-justify-center fmtm-overflow-hidden fmtm-rounded-full fmtm-border-[1px]"
                     sx={{ display: { xs: 'block', md: 'none' }, mt: '3%' }}
                   >
-                    <img src={authDetails['profile_img']} alt="Profile Picture" />
+                    <img src={authDetails['picture']} alt="Profile Picture" />
                   </CoreModules.Stack>
                 ) : (
                   <AssetModules.PersonIcon color="success" sx={{ display: { xs: 'block', md: 'none' }, mt: '1%' }} />
@@ -223,9 +220,6 @@ export default function CustomDrawer({ open, size, type, onClose, setOpen }: cus
                   </NavLink>
                 ),
               )}
-              {import.meta.env.MODE === 'development' && (
-                <Button onClick={() => setShowDebugConsole(true)} btnText="Open Console" btnType="secondary" />
-              )}
               <div className="fmtm-ml-4 fmtm-mt-2 lg:fmtm-hidden">
                 {authDetails ? (
                   <div
diff --git a/src/frontend/src/utilities/DebugConsole.tsx b/src/frontend/src/utilities/DebugConsole.tsx
deleted file mode 100644
index 9b064f6d53..0000000000
--- a/src/frontend/src/utilities/DebugConsole.tsx
+++ /dev/null
@@ -1,51 +0,0 @@
-import React, { useEffect, useState } from 'react';
-
-type DebugConsolePropsType = {
-  showDebugConsole: boolean;
-  setShowDebugConsole: (showStatus: boolean) => void;
-};
-
-const DebugConsole = ({ showDebugConsole, setShowDebugConsole }: DebugConsolePropsType) => {
-  const [logs, setLogs] = useState([]);
-  useEffect(() => {
-    if (import.meta.env.MODE === 'development') {
-      // Override console.log to capture logs
-      const originalConsoleLog = console.log;
-      console.log = (...args) => {
-        originalConsoleLog.apply(console, args);
-        setLogs((prevLogs) => [
-          ...prevLogs,
-          args.map((arg) => (typeof arg === 'object' ? JSON.stringify(arg) : arg)).join(' '),
-        ]);
-      };
-
-      // Restore original console.log when component unmounts
-      return () => {
-        console.log = originalConsoleLog;
-      };
-    }
-  }, []);
-
-  return (
-    <div>
-      {import.meta.env.MODE === 'development' && (
-        <div>
-          <div
-            className={`fmtm-fixed fmtm-bottom-0 fmtm-w-full fmtm-h-[33vh] fmtm-bg-white fmtm-border fmtm-px-4 fmtm-py-8 fmtm-flex-col fmtm-z-[1000] fmtm-overflow-y-auto ${
-              showDebugConsole ? '!fmtm-flex' : '!fmtm-hidden'
-            }`}
-          >
-            <button style={{ alignSelf: 'flex-end', marginBottom: '10px' }} onClick={() => setShowDebugConsole(false)}>
-              Close
-            </button>
-            {logs.map((log, index) => (
-              <p key={index}>{log}</p>
-            ))}
-          </div>
-        </div>
-      )}
-    </div>
-  );
-};
-
-export default DebugConsole;
diff --git a/src/frontend/src/utilities/PrimaryAppBar.tsx b/src/frontend/src/utilities/PrimaryAppBar.tsx
index 116933a960..60ad39516b 100755
--- a/src/frontend/src/utilities/PrimaryAppBar.tsx
+++ b/src/frontend/src/utilities/PrimaryAppBar.tsx
@@ -6,7 +6,7 @@ import AssetModules from '@/shared/AssetModules';
 import { CommonActions } from '@/store/slices/CommonSlice';
 import { LoginActions } from '@/store/slices/LoginSlice';
 import { ProjectActions } from '@/store/slices/ProjectSlice';
-import { revokeCookie } from '@/utilfunctions/login';
+import { revokeCookies } from '@/utilfunctions/login';
 import { useState } from 'react';
 import { Link, useLocation, useNavigate } from 'react-router-dom';
 import logo from '@/assets/images/hotLog.png';
@@ -48,7 +48,7 @@ export default function PrimaryAppBar() {
   const handleOnSignOut = async () => {
     setOpen(false);
     try {
-      await revokeCookie();
+      await revokeCookies();
       dispatch(LoginActions.signOut());
       dispatch(ProjectActions.clearProjects([]));
     } catch {
@@ -111,12 +111,12 @@ export default function PrimaryAppBar() {
               alignItems="center"
               className="fmtm-text-ellipsis fmtm-max-w-[9.5rem]"
             >
-              {authDetails['profile_img'] !== 'null' && authDetails['profile_img'] ? (
+              {authDetails['picture'] !== 'null' && authDetails['picture'] ? (
                 <CoreModules.Stack
                   className="fmtm-w-7 fmtm-h-7 fmtm-flex fmtm-items-center fmtm-justify-center fmtm-overflow-hidden fmtm-rounded-full fmtm-border-[1px]"
                   sx={{ display: { xs: 'none', md: 'block' }, mt: '3%' }}
                 >
-                  <img src={authDetails['profile_img']} alt="Profile Picture" />
+                  <img src={authDetails['picture']} alt="Profile Picture" />
                 </CoreModules.Stack>
               ) : (
                 <AssetModules.PersonIcon color="success" sx={{ mt: '3%' }} />
diff --git a/src/frontend/src/views/OsmAuth.tsx b/src/frontend/src/views/OsmAuth.tsx
index 21e6fa8527..416c3917b4 100644
--- a/src/frontend/src/views/OsmAuth.tsx
+++ b/src/frontend/src/views/OsmAuth.tsx
@@ -9,7 +9,8 @@ function OsmAuth() {
   const location = useLocation();
   const dispatch = CoreModules.useAppDispatch();
   const [isReadyToRedirect, setIsReadyToRedirect] = useState(false);
-  const requestedPath = localStorage.getItem('requestedPath');
+  const [error, setError] = useState<string | null>(null);
+  const requestedPath = sessionStorage.getItem('requestedPath');
 
   useEffect(() => {
     // Redirect workaround required for localhost, until PR is merged:
@@ -27,33 +28,51 @@ function OsmAuth() {
     const loginRedirect = async () => {
       // authCode is passed from OpenStreetMap redirect, so get cookie, then redirect
       if (authCode) {
-        const callbackUrl = `${import.meta.env.VITE_API_URL}/auth/callback?code=${authCode}&state=${state}`;
-
-        const completeLogin = async () => {
-          // NOTE this encapsulates async methods to call sequentially
-          // Sets a cookie in the browser that is used for auth
-          await fetch(callbackUrl, { credentials: 'include' });
-          const apiUser = await getUserDetailsFromApi();
-          dispatch(LoginActions.setAuthDetails(apiUser));
-        };
-        await completeLogin();
-      }
+        try {
+          const response = await fetch(
+            `${import.meta.env.VITE_API_URL}/auth/callback?code=${authCode}&state=${state}`,
+            { credentials: 'include' },
+          );
+
+          if (!response.ok) {
+            throw new Error(`Callback request failed with status ${response.status}`);
+          }
 
-      setIsReadyToRedirect(true);
-      dispatch(LoginActions.setLoginModalOpen(false));
+          setIsReadyToRedirect(true);
+          dispatch(LoginActions.setLoginModalOpen(false));
 
-      if (requestedPath) {
-        if (requestedPath.includes('mapnow')) {
-          // redirect to mapper frontend (navigate doesn't work as it's on svelte)
-          window.location.href = `${window.location.origin}${requestedPath}`;
-        } else {
-          navigate(`${requestedPath}`);
-          localStorage.removeItem('requestedPath');
+          if (requestedPath) {
+            sessionStorage.removeItem('requestedPath');
+            if (requestedPath.includes('mapnow')) {
+              // redirect to mapper frontend (navigate doesn't work as it's on svelte)
+              window.location.href = `${window.location.origin}${requestedPath}`;
+            } else {
+              // Call /auth/me to populate the user details in the header
+              const apiUser = await getUserDetailsFromApi();
+              if (apiUser) {
+                dispatch(LoginActions.setAuthDetails(apiUser));
+                // To prevent calls to /auth/me in future
+                localStorage.setItem('fmtm-user-exists', 'true');
+              } else {
+                console.error('Failed to fetch user details after cookie refresh.');
+              }
+              // Then navigate to the originally requested url
+              navigate(`${requestedPath}`);
+            }
+          }
+        } catch (err) {
+          console.error('Error during callback:', err);
+          setError('Failed to authenticate. Please try again.');
         }
       }
     };
+
     loginRedirect();
-  }, [dispatch, location.search, navigate]);
+  }, [dispatch, location.search, navigate, requestedPath]);
+
+  if (error) {
+    return <div>Error: {error}</div>;
+  }
 
   return <>{!isReadyToRedirect ? null : <div>redirecting</div>}</>;
 }
diff --git a/src/frontend/src/views/PlaywrightTempLogin.tsx b/src/frontend/src/views/PlaywrightTempLogin.tsx
index ec8b34f8a3..d5c2dbe236 100644
--- a/src/frontend/src/views/PlaywrightTempLogin.tsx
+++ b/src/frontend/src/views/PlaywrightTempLogin.tsx
@@ -2,8 +2,7 @@
 // the auth is overridden when testing due to DEBUG=True on the backend,
 // but we need to update the frontend state to show we are logged in
 
-import axios from 'axios';
-import { getUserDetailsFromApi } from '@/utilfunctions/login';
+import { refreshCookies, getUserDetailsFromApi } from '@/utilfunctions/login';
 import { CommonActions } from '@/store/slices/CommonSlice';
 import CoreModules from '@/shared/CoreModules.js';
 import { LoginActions } from '@/store/slices/LoginSlice';
@@ -11,22 +10,25 @@ import { LoginActions } from '@/store/slices/LoginSlice';
 async function PlaywrightTempAuth() {
   const dispatch = CoreModules.useAppDispatch();
   // Sets a cookie in the browser that is used for auth
-  await axios.get(`${import.meta.env.VITE_API_URL}/auth/refresh/management`);
-
-  const apiUser = await getUserDetailsFromApi();
-  if (!apiUser) {
-    dispatch(
-      CommonActions.SetSnackBar({
-        open: true,
-        message: 'Temp login failed. Try OSM.',
-        variant: 'error',
-        duration: 2000,
-      }),
-    );
-    return;
+  await refreshCookies();
+  const refreshSuccess = await refreshCookies();
+  if (!refreshSuccess) {
+    const apiUser = await getUserDetailsFromApi();
+    if (!apiUser) {
+      dispatch(
+        CommonActions.SetSnackBar({
+          open: true,
+          message: 'Temp login failed. Try OSM.',
+          variant: 'error',
+          duration: 2000,
+        }),
+      );
+      return;
+    }
+    dispatch(LoginActions.setAuthDetails(apiUser));
+  } else {
+    console.error('Failed to refresh cookies.');
   }
-
-  dispatch(LoginActions.setAuthDetails(apiUser));
 }
 
 export default PlaywrightTempAuth;
diff --git a/src/frontend/src/views/ProjectDetailsV2.tsx b/src/frontend/src/views/ProjectDetailsV2.tsx
index 4438fefe73..b1cb292918 100644
--- a/src/frontend/src/views/ProjectDetailsV2.tsx
+++ b/src/frontend/src/views/ProjectDetailsV2.tsx
@@ -34,7 +34,6 @@ import { useAppSelector } from '@/types/reduxTypes';
 import Comments from '@/components/ProjectDetailsV2/Comments';
 import { Geolocation } from '@/utilfunctions/Geolocation';
 import Instructions from '@/components/ProjectDetailsV2/Instructions';
-import DebugConsole from '@/utilities/DebugConsole';
 import { CustomCheckbox } from '@/components/common/Checkbox';
 import useDocumentTitle from '@/utilfunctions/useDocumentTitle';
 import QrcodeComponent from '@/components/QrcodeComponent';
@@ -252,13 +251,8 @@ const ProjectDetailsV2 = () => {
     dispatch(GetEntityInfo(`${import.meta.env.VITE_API_URL}/projects/${projectId}/entities/statuses`));
   }, []);
 
-  const [showDebugConsole, setShowDebugConsole] = useState(false);
-
   return (
     <div className="fmtm-bg-[#f5f5f5] !fmtm-h-[100dvh] sm:!fmtm-h-full">
-      {/* only used to display debug console */}
-
-      <DebugConsole showDebugConsole={showDebugConsole} setShowDebugConsole={setShowDebugConsole} />
       {/* Customized Modal For Generate Tiles */}
       <div>
         <GenerateBasemap projectInfo={state.projectInfo} />
@@ -409,18 +403,6 @@ const ProjectDetailsV2 = () => {
                 windowSize.width <= 640 ? '!fmtm-h-[100dvh]' : '!fmtm-h-full'
               }`}
             >
-              {import.meta.env.MODE === 'development' && (
-                <div className="fmtm-block sm:fmtm-hidden fmtm-absolute fmtm-top-6 fmtm-left-16 fmtm-z-50">
-                  <CustomCheckbox
-                    label="Toggle-Console"
-                    checked={showDebugConsole}
-                    onCheckedChange={(status) => {
-                      setShowDebugConsole(status);
-                    }}
-                    className="fmtm-text-black !fmtm-w-full"
-                  />
-                </div>
-              )}
               <LayerSwitcherControl visible={customBasemapUrl ? 'custom' : 'osm'} pmTileLayerUrl={customBasemapUrl} />
 
               {taskBoundariesLayer && taskBoundariesLayer?.features?.length > 0 && (
diff --git a/src/mapper/src/lib/components/header.svelte b/src/mapper/src/lib/components/header.svelte
index bbebeab6ab..bbaf1fe7b1 100644
--- a/src/mapper/src/lib/components/header.svelte
+++ b/src/mapper/src/lib/components/header.svelte
@@ -1,5 +1,4 @@
 <script lang="ts">
-	import { onMount } from 'svelte';
 	import HotLogo from '$assets/images/hot-logo.svg';
 	import HotLogoText from '$assets/images/hot-logo-text.svg';
 	import Login from '$lib/components/login.svelte';
@@ -12,11 +11,6 @@
 	const loginStore = getLoginStore();
 	const alertStore = getAlertStore();
 
-	onMount(() => {
-		// retrieve persisted auth details from local storage and set auth details to store
-		loginStore.retrieveAuthDetailsFromLocalStorage();
-	});
-
 	const handleSignOut = async () => {
 		try {
 			await revokeCookies();
@@ -36,9 +30,9 @@
 	</div>
 	<div class="flex items-center gap-4">
 		<!-- profile image and username display -->
-		{#if loginStore?.getAuthDetails}
+		{#if loginStore?.getAuthDetails.username}
 			<div class="flex items-center gap-2">
-				{#if !loginStore?.getAuthDetails?.profile_img}
+				{#if !loginStore?.getAuthDetails?.picture}
 					<hot-icon
 						name="person-fill"
 						class="!text-[1.5rem] text-[#52525B] leading-0 cursor-pointer text-red-600 duration-200"
@@ -49,7 +43,7 @@
 					></hot-icon>
 				{:else}
 					<img
-						src={loginStore?.getAuthDetails?.profile_img}
+						src={loginStore?.getAuthDetails?.picture}
 						alt="profile"
 						class="w-[1.8rem] h-[1.8rem] min-w-[1.8rem] min-h-[1.8rem] max-w-[1.8rem] max-h-[1.8rem] rounded-full"
 					/>
@@ -106,7 +100,7 @@
 				class="hover:text-red-600 cursor-pointer duration-200 decoration-none text-black">{menu.name}</a
 			>
 		{/each}
-		{#if loginStore?.getAuthDetails}
+		{#if loginStore?.getAuthDetails.username}
 			<sl-button
 				class="primary rounded"
 				variant="primary"
diff --git a/src/mapper/src/lib/components/login.svelte b/src/mapper/src/lib/components/login.svelte
index 3f9b2f542c..3cb45c78a3 100644
--- a/src/mapper/src/lib/components/login.svelte
+++ b/src/mapper/src/lib/components/login.svelte
@@ -31,7 +31,7 @@
 	const handleSignIn = async (selectedOption: string) => {
 		if (selectedOption === 'osm_account') {
 			// store current url in local storage so that the user can be redirected to current page after login
-			localStorage.setItem('requestedPath', window.location.pathname);
+			sessionStorage.setItem('requestedPath', window.location.pathname);
 			osmLoginRedirect();
 		}
 	};
diff --git a/src/mapper/src/lib/utils/login.ts b/src/mapper/src/lib/utils/login.ts
index a3568e1805..fb54a6c18c 100644
--- a/src/mapper/src/lib/utils/login.ts
+++ b/src/mapper/src/lib/utils/login.ts
@@ -1,3 +1,21 @@
+// The /auth/me endpoint does an UPSERT in the database, ensuring the user
+// exists in the FMTM DB
+export const getUserDetailsFromApi = async () => {
+	try {
+		const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/me`, {
+			credentials: 'include',
+		});
+
+		if (!response.ok) {
+			throw new Error(`Status: ${response.status}`);
+		}
+
+		return response.json();
+	} catch (err) {
+		console.error('Error retrieving user details:', err);
+	}
+};
+
 // Note the callback is handled in the management frontend under /osmauth,
 // then the user is redirected back to the mapper frontend URL requested
 export const osmLoginRedirect = async () => {
@@ -8,6 +26,22 @@ export const osmLoginRedirect = async () => {
 	} catch (error) {}
 };
 
+export const refreshCookies = async () => {
+	try {
+		const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/refresh/mapper`, {
+			credentials: 'include',
+		});
+
+		if (!response.ok) {
+			throw new Error(`Status: ${response.status}`);
+		}
+
+		return response.json();
+	} catch (err) {
+		console.error('Error refreshing user cookie:', err);
+	}
+};
+
 export const revokeCookies = async () => {
 	try {
 		const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/logout`, { credentials: 'include' });
diff --git a/src/mapper/src/routes/[projectId]/+page.ts b/src/mapper/src/routes/[projectId]/+page.ts
index 370aa8a237..9e4f8e7b6e 100644
--- a/src/mapper/src/routes/[projectId]/+page.ts
+++ b/src/mapper/src/routes/[projectId]/+page.ts
@@ -1,6 +1,7 @@
 import { error } from '@sveltejs/kit';
 import type { PageLoad } from '../$types';
 import { getLoginStore } from '$store/login.svelte.ts';
+import { refreshCookies, getUserDetailsFromApi } from '$lib/utils/login';
 
 const API_URL = import.meta.env.VITE_API_URL;
 
@@ -12,20 +13,17 @@ export const load: PageLoad = async ({ parent, params, fetch }) => {
 	/*
 	Login + user details
 	*/
-	const userResponse = await fetch(`${API_URL}/auth/refresh/mapper`, { credentials: 'include' });
-	if (userResponse.status === 401) {
-		// TODO redirect to different error page to handle login
-		loginStore.signOut();
-		throw error(401, { message: `You must log in first` });
+	let apiUser = await refreshCookies();
+	const fmtmUserExists = localStorage.getItem('fmtm-user-exists');
+	if (!fmtmUserExists) {
+		// Call /auth/me to populate the user details in the header
+		apiUser = await getUserDetailsFromApi();
 	}
-	const userObj = await userResponse.json();
-
-	// Clear stored auth state if mismatch (but skip for localadmin id=1)
-	if (userObj.id !== 1 && userObj.username !== loginStore.getAuthDetails?.username) {
+	if (!apiUser) {
 		loginStore.signOut();
-		throw error(401, { message: `Please log in again` });
+		throw error(401, { message: `You must log in first` });
 	} else {
-		loginStore.setAuthDetails(userObj);
+		loginStore.setAuthDetails(apiUser);
 	}
 
 	/*
@@ -46,7 +44,7 @@ export const load: PageLoad = async ({ parent, params, fetch }) => {
 	return {
 		project: await projectResponse.json(),
 		projectId: parseInt(projectId),
-		userId: userObj.id,
+		userId: apiUser.id,
 		entityStatus: await entityStatusResponse.json(),
 		// db: db,
 	};
diff --git a/src/mapper/src/store/login.svelte.ts b/src/mapper/src/store/login.svelte.ts
index 122043f369..f88662ee11 100644
--- a/src/mapper/src/store/login.svelte.ts
+++ b/src/mapper/src/store/login.svelte.ts
@@ -1,10 +1,13 @@
 type authDetailsType = {
 	id: number;
 	username: string;
-	profile_img: string;
+	picture: string;
 	role: string;
-	project_roles: string | null;
-	orgs_managed: number[];
+	// Here we omit project_roles and orgs_managed as they are not needed
+	// for mapping. The token refresh endpoints do not call the db for this
+	// data, in order to be more performant / separate concerns.
+	// project_roles: string | null;
+	// orgs_managed: number[];
 };
 
 let authDetails: authDetailsType | null = $state(null);
@@ -13,6 +16,7 @@ let isLoginModalOpen: boolean = $state(false);
 function getLoginStore() {
 	return {
 		get getAuthDetails() {
+			console.log(authDetails);
 			return authDetails;
 		},
 		get isLoginModalOpen() {
@@ -20,26 +24,11 @@ function getLoginStore() {
 		},
 		setAuthDetails: (authData: authDetailsType) => {
 			authDetails = authData;
-			// the react frontend uses redux-persist to store the authDetails in
-			// the local storage, so we maintain the same schema to store data here also
-			localStorage.setItem(
-				'persist:login',
-				JSON.stringify({
-					authDetails: JSON.stringify(authData),
-					_persist: JSON.stringify({ version: -1, rehydrated: true }),
-				}),
-			);
-		},
-		retrieveAuthDetailsFromLocalStorage: () => {
-			const persistedAuth = localStorage.getItem('persist:login');
-			if (!persistedAuth) return;
-			authDetails = JSON.parse(JSON.parse(persistedAuth).authDetails);
 		},
 		toggleLoginModal: (status: boolean) => {
 			isLoginModalOpen = status;
 		},
 		signOut: () => {
-			localStorage.removeItem('persist:login');
 			authDetails = null;
 		},
 	};

From 4efd7980e22272cb426c1917019b00a9531906ae Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Wed, 11 Dec 2024 22:34:32 +0000
Subject: [PATCH 03/15] fix(auth): final fixes to temp/osm auth across
 frontends

---
 src/backend/app/auth/auth_deps.py           | 32 +++++++++++++++++----
 src/backend/app/auth/auth_routes.py         | 24 ++--------------
 src/frontend/src/App.tsx                    |  3 --
 src/frontend/src/views/OsmAuth.tsx          |  2 --
 src/mapper/src/lib/components/header.svelte |  4 +--
 src/mapper/src/lib/utils/login.ts           |  8 +++---
 src/mapper/src/routes/[projectId]/+page.ts  | 19 ++++++------
 src/mapper/src/store/login.svelte.ts        |  7 +++--
 8 files changed, 49 insertions(+), 50 deletions(-)

diff --git a/src/backend/app/auth/auth_deps.py b/src/backend/app/auth/auth_deps.py
index 2044b851c8..bc3276e9fd 100644
--- a/src/backend/app/auth/auth_deps.py
+++ b/src/backend/app/auth/auth_deps.py
@@ -235,7 +235,27 @@ async def refresh_cookies(
     # frontend header. For the mapper frontend this is enough, but for the
     # management frontend we instead use the return from /auth/me
     response = JSONResponse(status_code=HTTPStatus.OK, content=access_token_data)
-    return set_cookies(response, new_access_token, new_refresh_token)
+    response_plus_cookies = set_cookies(response, new_access_token, new_refresh_token)
+
+    # Invalidate any temp cookies from mapper frontend
+    for cookie_name in [
+        f"{settings.cookie_name}_temp",
+        f"{settings.cookie_name}_temp_refresh",
+    ]:
+        log.debug(f"Resetting cookie in response named '{cookie_name}'")
+        response_plus_cookies.set_cookie(
+            key=cookie_name,
+            value="",
+            max_age=0,  # Set to expire immediately
+            expires=0,  # Set to expire immediately
+            path="/",
+            domain=settings.FMTM_DOMAIN,
+            secure=False if settings.DEBUG else True,
+            httponly=True,
+            samesite="lax",
+        )
+
+    return response_plus_cookies
 
 
 ### Endpoint Dependencies ###
@@ -248,11 +268,12 @@ async def login_required(
     if settings.DEBUG:
         return AuthUser(sub="fmtm|1", username="localadmin", role=UserRole.ADMIN)
 
-    # Extract access token only from the OSM cookie
+    # Extract access token only from the FMTM cookie
     extracted_token = access_token or get_cookie_value(
         request,
-        settings.cookie_name,  # OSM cookie
+        settings.cookie_name,  # FMTM cookie
     )
+    print("manage")
     return await _authenticate_user(extracted_token)
 
 
@@ -263,15 +284,16 @@ async def mapper_login_required(
     if settings.DEBUG:
         return AuthUser(sub="fmtm|1", username="localadmin", role=UserRole.ADMIN)
 
-    # Extract access token from OSM cookie, fallback to temp auth cookie
+    # Extract access token from FMTM cookie, fallback to temp auth cookie
     extracted_token = access_token or get_cookie_value(
         request,
-        settings.cookie_name,  # OSM cookie
+        settings.cookie_name,  # FMTM cookie
         f"{settings.cookie_name}_temp",  # Temp cookie
     )
 
     # Verify login and continue
     if extracted_token:
+        print("mapper")
         return await _authenticate_user(extracted_token)
 
     # Else user has no token, so we provide login data automatically
diff --git a/src/backend/app/auth/auth_routes.py b/src/backend/app/auth/auth_routes.py
index 247c3ced2a..438f2355bf 100644
--- a/src/backend/app/auth/auth_routes.py
+++ b/src/backend/app/auth/auth_routes.py
@@ -223,33 +223,13 @@ async def refresh_management_cookies(
 
     NOTE this endpoint has no db calls and returns in ~2ms.
     """
-    response = await refresh_cookies(
+    return await refresh_cookies(
         request,
         current_user,
         settings.cookie_name,
         f"{settings.cookie_name}_refresh",
     )
 
-    # Invalidate any temp cookies from mapper frontend
-    for cookie_name in [
-        f"{settings.cookie_name}_temp",
-        f"{settings.cookie_name}_temp_refresh",
-    ]:
-        log.debug(f"Resetting cookie in response named '{cookie_name}'")
-        response.set_cookie(
-            key=cookie_name,
-            value="",
-            max_age=0,  # Set to expire immediately
-            expires=0,  # Set to expire immediately
-            path="/",
-            domain=settings.FMTM_DOMAIN,
-            secure=False if settings.DEBUG else True,
-            httponly=True,
-            samesite="lax",
-        )
-
-    return response
-
 
 @router.get("/refresh/mapper", response_model=Optional[FMTMUser])
 async def refresh_mapper_token(
@@ -291,7 +271,7 @@ async def refresh_mapper_token(
     # NOTE be sure to not append content=current_user.model_dump() to this JSONResponse
     # as we want the login state on the frontend to remain empty (allowing the user to
     # log in via OSM instead / override)
-    response = JSONResponse(status_code=HTTPStatus.OK, content={})
+    response = JSONResponse(status_code=HTTPStatus.OK, content=temp_jwt_details)
     return set_cookies(
         response,
         fmtm_token,
diff --git a/src/frontend/src/App.tsx b/src/frontend/src/App.tsx
index 92e3d1b603..c5d83aa561 100755
--- a/src/frontend/src/App.tsx
+++ b/src/frontend/src/App.tsx
@@ -28,9 +28,6 @@ const RefreshUserCookies = () => {
             const apiUser = await getUserDetailsFromApi();
             if (apiUser) {
               dispatch(LoginActions.setAuthDetails(apiUser));
-              // To prevent calls to /auth/me in future (on mapper frontend)
-              // We still require this here to retrieve role info for the user
-              localStorage.setItem('fmtm-user-exists', 'true');
             } else {
               console.error('Failed to fetch user details after cookie refresh.');
             }
diff --git a/src/frontend/src/views/OsmAuth.tsx b/src/frontend/src/views/OsmAuth.tsx
index 416c3917b4..ea43a4c8b0 100644
--- a/src/frontend/src/views/OsmAuth.tsx
+++ b/src/frontend/src/views/OsmAuth.tsx
@@ -51,8 +51,6 @@ function OsmAuth() {
               const apiUser = await getUserDetailsFromApi();
               if (apiUser) {
                 dispatch(LoginActions.setAuthDetails(apiUser));
-                // To prevent calls to /auth/me in future
-                localStorage.setItem('fmtm-user-exists', 'true');
               } else {
                 console.error('Failed to fetch user details after cookie refresh.');
               }
diff --git a/src/mapper/src/lib/components/header.svelte b/src/mapper/src/lib/components/header.svelte
index bbaf1fe7b1..5d98fddb60 100644
--- a/src/mapper/src/lib/components/header.svelte
+++ b/src/mapper/src/lib/components/header.svelte
@@ -30,7 +30,7 @@
 	</div>
 	<div class="flex items-center gap-4">
 		<!-- profile image and username display -->
-		{#if loginStore?.getAuthDetails.username}
+		{#if loginStore?.getAuthDetails?.username}
 			<div class="flex items-center gap-2">
 				{#if !loginStore?.getAuthDetails?.picture}
 					<hot-icon
@@ -100,7 +100,7 @@
 				class="hover:text-red-600 cursor-pointer duration-200 decoration-none text-black">{menu.name}</a
 			>
 		{/each}
-		{#if loginStore?.getAuthDetails.username}
+		{#if loginStore?.getAuthDetails?.username}
 			<sl-button
 				class="primary rounded"
 				variant="primary"
diff --git a/src/mapper/src/lib/utils/login.ts b/src/mapper/src/lib/utils/login.ts
index fb54a6c18c..952ae8b425 100644
--- a/src/mapper/src/lib/utils/login.ts
+++ b/src/mapper/src/lib/utils/login.ts
@@ -1,8 +1,8 @@
 // The /auth/me endpoint does an UPSERT in the database, ensuring the user
 // exists in the FMTM DB
-export const getUserDetailsFromApi = async () => {
+export const getUserDetailsFromApi = async (fetchClient = fetch) => {
 	try {
-		const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/me`, {
+		const response = await fetchClient(`${import.meta.env.VITE_API_URL}/auth/me`, {
 			credentials: 'include',
 		});
 
@@ -26,9 +26,9 @@ export const osmLoginRedirect = async () => {
 	} catch (error) {}
 };
 
-export const refreshCookies = async () => {
+export const refreshCookies = async (fetchClient = fetch) => {
 	try {
-		const response = await fetch(`${import.meta.env.VITE_API_URL}/auth/refresh/mapper`, {
+		const response = await fetchClient(`${import.meta.env.VITE_API_URL}/auth/refresh/mapper`, {
 			credentials: 'include',
 		});
 
diff --git a/src/mapper/src/routes/[projectId]/+page.ts b/src/mapper/src/routes/[projectId]/+page.ts
index 9e4f8e7b6e..a4b28d831a 100644
--- a/src/mapper/src/routes/[projectId]/+page.ts
+++ b/src/mapper/src/routes/[projectId]/+page.ts
@@ -13,17 +13,16 @@ export const load: PageLoad = async ({ parent, params, fetch }) => {
 	/*
 	Login + user details
 	*/
-	let apiUser = await refreshCookies();
-	const fmtmUserExists = localStorage.getItem('fmtm-user-exists');
-	if (!fmtmUserExists) {
+	let apiUser = await refreshCookies(fetch);
+	if (apiUser?.username !== 'svcfmtm') {
 		// Call /auth/me to populate the user details in the header
-		apiUser = await getUserDetailsFromApi();
-	}
-	if (!apiUser) {
-		loginStore.signOut();
-		throw error(401, { message: `You must log in first` });
-	} else {
-		loginStore.setAuthDetails(apiUser);
+		apiUser = await getUserDetailsFromApi(fetch);
+		if (!apiUser) {
+			loginStore.signOut();
+			throw error(401, { message: `You must log in first` });
+		} else {
+			loginStore.setAuthDetails(apiUser);
+		}
 	}
 
 	/*
diff --git a/src/mapper/src/store/login.svelte.ts b/src/mapper/src/store/login.svelte.ts
index f88662ee11..f896422d0b 100644
--- a/src/mapper/src/store/login.svelte.ts
+++ b/src/mapper/src/store/login.svelte.ts
@@ -10,13 +10,14 @@ type authDetailsType = {
 	// orgs_managed: number[];
 };
 
+import { refreshCookies } from '$lib/utils/login';
+
 let authDetails: authDetailsType | null = $state(null);
 let isLoginModalOpen: boolean = $state(false);
 
 function getLoginStore() {
 	return {
 		get getAuthDetails() {
-			console.log(authDetails);
 			return authDetails;
 		},
 		get isLoginModalOpen() {
@@ -28,8 +29,10 @@ function getLoginStore() {
 		toggleLoginModal: (status: boolean) => {
 			isLoginModalOpen = status;
 		},
-		signOut: () => {
+		signOut: async () => {
 			authDetails = null;
+			// Re-add temp auth cookies
+			await refreshCookies();
 		},
 	};
 }

From aa6f1db1f4c1d09ece5ac3c88c5d9e744bc5a001 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Wed, 11 Dec 2024 23:26:54 +0000
Subject: [PATCH 04/15] =?UTF-8?q?bump:=20version=202024.4.1=20=E2=86=92=20?=
 =?UTF-8?q?2024.5.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                   | 100 +++++++++++++++++++++++++++++++++
 chart/Chart.yaml               |   2 +-
 src/backend/app/__version__.py |   2 +-
 src/backend/pyproject.toml     |   4 +-
 src/frontend/package.json      |   2 +-
 5 files changed, 105 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 94165287a6..8d0a8e64e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,105 @@
 # Changelog
 
+## 2024.5.0 (2024-12-11)
+
+### Feat
+
+- update auth cookie logic for both backend and frontend (#1974)
+- **mapper**: add navigation mode to map (pitch angle / rotate) (#1973)
+- **debug**: add cloudflare tunnel config to simple configurable frontend button
+- **frontend**: add 'Start Mapping' call to action button on homepage cards (#1968)
+- **mapper**: add new point geom in maplibre terradraw, inject to ODK collect (#1966)
+- **projects**: add organisation_logo field to ProjectSummary model (#1956)
+- **mapper**: add zoom to extent button to map (#1947)
+- **frontend**: all uploaded submission features/geometries on submission instance page (#1931)
+- **mapper**: frontend pmtile basemap management pt2 (#1925)
+- **mapper**: set entity (feature) color based on it's mapping status (#1921)
+- **mapper**: basemap control component + opfs pmtile support (pt1) (#1922)
+- **mapper**: frontend login + remove temp auth from React frontend (#1903)
+- **splitTasks**: additional entities feature count add to split tasks section (#1906)
+- **mapper**: basemap layer switcher integration for maplibre (#1835)
+- **submission**: add project_contributors dependency for permission … (#1873)
+- **splitTasks**: add total number of features on split tasks section (#1880)
+- **mapper**: map new feature in odk btn (#1879)
+- **frontend**: visualise submission photos via slider (#1857)
+- **backend**: API to delete user account #1661 (#1848)
+- **mapper**: start improved mapper flow (#1854)
+- **mapper**: flatgeobuf maplibre component for loading features (#1851)
+- update API to use events and task states + fixes to backend refactor (#1838)
+- **backend**: remove SQLAlchemy and replace with async psycopg db driver (#1834)
+- **frontend**: mapper UI frontend refactor (#1830)
+- **frontend**: mapper frontend continuation (#1823)
+- mapper frontend using ElectricSQL ShapeStream (live updates) (#1760)
+
+### Fix
+
+- **auth**: final fixes to temp/osm auth across frontends
+- finalise auth setup between frontends (#1981)
+- **backend**: correctly return JSONResponse content on refresh endpoints
+- apply pagination after fetch submissions from odk (#1971)
+- **mapper**: remove extra semicolon from new_feature odk field injection
+- **mapper**: correctly inject username into qrcode from logged in details
+- **frontend**: update token refresh calls to match updates in PR #1948
+- **backend**: ambiguous project_id reference in project summaries .all()
+- **frontend**: update min height of project home page card, move start mapping button
+- **backend**: including num_contribotors and total_tasks to the project response
+- **frontend**: default do not show map on home page
+- **mapper**: attempt fixing missing basemap download buttons on mobile
+- **backend**: login enforced for management, additional temp login option for mappers (#1948)
+- **+page**: remove user details from localStorage in case of session expiration (#1965)
+- **backend**: polygon geometries; remove holes, fix right hand rule (#1961)
+- Submission Instance Page, Create Project (#1958)
+- odk credentials are passed without encrypting at first to avoid double encryption (#1957)
+- **mapper**: better distinguish create project layer colours (#1936)
+- **frontend**: remove trailing slash from activity endpoint (#1932)
+- **backend**: use pydantic SecretStr for all sensitive env vars
+- edit multi additional entities names replacing space with '_' (#1926)
+- **backend**: resolve route ambiguity for /tasks/activity endpoint (#1924)
+- **frontend**: update the body of generate-project-data;parse null as a json instead of form data (#1919)
+- **mapper**: geolocation layerswitch bug (#1914)
+- **mapper**: frontend enhancements, add more instructions (#1905)
+- **mapper**: mobile broser map control placement fix (#1899)
+- **project**: allow users to view project cards without login (#1902)
+- **frontend**: project creation wording form --> survey (#1858)
+- **frontend**: minor fixes including bottom sheet drag up (#1895)
+- trailing slashes from endpoints, fix check_access for backend roles (#1893)
+- **backend**: update check_access logic to allow checking for org_manager to a project (#1892)
+- **backend**: create and delete organisation (#1867)
+- **backend**: fix permissions for backend project routes (#1885)
+- **backend**: building of extra cors origins, type mismatch
+- **backend**: update project xlsform SQL after backend refactor (#1872)
+- **mapper**: disable mobile browsers to pull-to-refresh functionality (#1878)
+- **mapper**: loading of electric shapestreams, api call ordering
+- **backend**: cors origin list building when DEBUG not set on localhost
+- **mapper**: task comment events for mapper frontend (#1871)
+- **backend**: remove auth bypass in for HOTOSM org #1785 (#1845)
+- **formUpdateTab**: xFormId undefined issue fix on form update (#1863)
+- **createProjectService**: replace all spaces with underscore (#1862)
+- **frontend**: pass additional entity file name to backend (#1860)
+- **additional-entity**: allow custom properties to create entities list (#1861)
+- **backend**: s3 upload and db insertion for submission photos (#1856)
+- **frontend**: after backend refactoring to events (#1844)
+- mapper frontend task display and event POSTs (#1842)
+- add temp ?sslmode=disable to electric url due to electric#1792
+- **backend**: allow empty task id in entity statuses for new geopoint (#1822)
+- dockerfile warning such as Casing and whitespace separator
+- updated osm-fieldwork -> 0.16.8 (#1814)
+- **files**: cleanup function remove
+- **QrcodeComponent**: reduce qrcode skeleton size
+- **dialogTaskActions**: add task id filter on odk redirect
+- **qrcode**: increase qrcode size
+- **createProject**: xlsform key update, fix customForm upload issue
+- **editor**: solve editor empty issue on manageProject on initial render
+- **submissionsTable**: on filter reset, set task_id to null
+
+### Refactor
+
+- **mapper**: improve logic for rendering basemap action buttons
+- **logging**: enhance error logging with stack information across multiple modules (#1887)
+- **mapper**: upgrade mapper frontend to Svelte 5 Runes (#1846)
+- remove unnecessary db injection where not needed
+- update link to custom ODK build (renamed to -FMTM)
+
 ## 2024.4.1 (2024-10-24)
 
 ### Fix
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index a691476355..04bdfb10ef 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -3,7 +3,7 @@ type: application
 name: fmtm
 description: Field Mapping Tasking Manager - coordinated field mapping.
 version: "0.1.0"
-appVersion: "2024.4.1"
+appVersion: "2024.5.0"
 maintainers:
 - email: sam.woodcock@hotosm.org
   name: Sam Woodcock
diff --git a/src/backend/app/__version__.py b/src/backend/app/__version__.py
index a0bd8e5131..ff12fec95d 100644
--- a/src/backend/app/__version__.py
+++ b/src/backend/app/__version__.py
@@ -1 +1 @@
-__version__ = "2024.4.1"
+__version__ = "2024.5.0"
diff --git a/src/backend/pyproject.toml b/src/backend/pyproject.toml
index 1e658f59fe..8fe70c5451 100644
--- a/src/backend/pyproject.toml
+++ b/src/backend/pyproject.toml
@@ -18,7 +18,7 @@
 
 [project]
 name = "fmtm"
-version = "2024.4.1"
+version = "2024.5.0"
 description = "Field Mapping Tasking Manager - coordinated field mapping."
 authors = [
     {name = "HOTOSM", email = "sysadmin@hotosm.org"},
@@ -127,7 +127,7 @@ asyncio_default_fixture_loop_scope="session"
 
 [tool.commitizen]
 name = "cz_conventional_commits"
-version = "2024.4.1"
+version = "2024.5.0"
 version_files = [
     "pyproject.toml:version",
     "app/__version__.py",
diff --git a/src/frontend/package.json b/src/frontend/package.json
index 225da2fa82..48b0284154 100755
--- a/src/frontend/package.json
+++ b/src/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "fmtm",
-  "version": "2024.4.1",
+  "version": "2024.5.0",
   "scripts": {
     "build": "vite build",
     "build:dev": "vite build --mode development",

From 135d886a6d72fa7567405cdd51371f02052135fa Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Wed, 11 Dec 2024 23:30:17 +0000
Subject: [PATCH 05/15] docs: relock uv file after version update

---
 Justfile            | 2 +-
 src/backend/uv.lock | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Justfile b/Justfile
index d8f5a16171..a2afd8002e 100644
--- a/Justfile
+++ b/Justfile
@@ -57,7 +57,7 @@ bump:
     && git config --global user.name svcfmtm \
     && git config --global user.email fmtm@hotosm.org \
     && cd src/backend \
-    && cz bump --check-consistency'
+    && cz bump --check-consistency --no-verify'
 
 # Run docs website locally
 docs:
diff --git a/src/backend/uv.lock b/src/backend/uv.lock
index 7ab97cf6d5..052e96adef 100644
--- a/src/backend/uv.lock
+++ b/src/backend/uv.lock
@@ -493,7 +493,7 @@ sdist = { url = "https://files.pythonhosted.org/packages/3e/0d/424de6e5612f1399f
 
 [[package]]
 name = "fmtm"
-version = "2024.4.1"
+version = "2024.5.0"
 source = { virtual = "." }
 dependencies = [
     { name = "asgi-lifespan" },

From 53dd8a49fffc7eb6cac70ff86d2d6c049880d9bd Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Thu, 12 Dec 2024 00:53:03 +0000
Subject: [PATCH 06/15] build: remove usage of NODE_ENV (build is always prod,
 required devDeps)

---
 docker-compose.development.yml | 1 -
 docker-compose.main.yml        | 1 -
 src/Dockerfile.ui.debug        | 1 -
 src/Dockerfile.ui.prod         | 8 +++-----
 4 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/docker-compose.development.yml b/docker-compose.development.yml
index 467f95f8d0..5035e31b97 100644
--- a/docker-compose.development.yml
+++ b/docker-compose.development.yml
@@ -123,7 +123,6 @@ services:
         APP_VERSION: ${GIT_BRANCH}
         VITE_API_URL: https://${FMTM_API_DOMAIN:-api.${FMTM_DOMAIN}}
         VITE_SYNC_URL: https://${FMTM_SYNC_DOMAIN:-sync.${FMTM_DOMAIN}}
-        NODE_ENV: development
     volumes:
       - fmtm_frontend:/frontend
     network_mode: none
diff --git a/docker-compose.main.yml b/docker-compose.main.yml
index da8683b784..475f9f88b0 100644
--- a/docker-compose.main.yml
+++ b/docker-compose.main.yml
@@ -113,7 +113,6 @@ services:
         APP_VERSION: main
         VITE_API_URL: https://${FMTM_API_DOMAIN:-api.${FMTM_DOMAIN}}
         VITE_SYNC_URL: https://${FMTM_SYNC_DOMAIN:-sync.${FMTM_DOMAIN}}
-        NODE_ENV: production
     volumes:
       - fmtm_frontend:/frontend
     network_mode: none
diff --git a/src/Dockerfile.ui.debug b/src/Dockerfile.ui.debug
index 9510364990..c01d3698ae 100755
--- a/src/Dockerfile.ui.debug
+++ b/src/Dockerfile.ui.debug
@@ -11,5 +11,4 @@ ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 RUN corepack enable && corepack use pnpm@9.3.0
 RUN pnpm install
-ENV NODE_ENV development
 ENTRYPOINT ["pnpm", "run", "dev"]
diff --git a/src/Dockerfile.ui.prod b/src/Dockerfile.ui.prod
index 70bf2db8bb..9eed9fbd08 100644
--- a/src/Dockerfile.ui.prod
+++ b/src/Dockerfile.ui.prod
@@ -1,10 +1,8 @@
-FROM docker.io/node:20 AS base
-ARG NODE_ENV
+FROM docker.io/node:20-slim AS base
 ARG VITE_API_URL
 ARG VITE_SYNC_URL
 ENV VITE_API_URL=${VITE_API_URL} \
     VITE_SYNC_URL=${VITE_SYNC_URL} \
-    NODE_ENV=${NODE_ENV} \
     PNPM_HOME="/pnpm" \
     PATH="$PATH:/pnpm"
 RUN corepack enable && corepack use pnpm@9.3.0
@@ -15,14 +13,14 @@ FROM base AS manager-frontend
 COPY frontend/package.json frontend/pnpm-lock.yaml ./
 RUN pnpm install
 COPY frontend/ .
-RUN pnpm run build --mode ${NODE_ENV}
+RUN pnpm run build
 
 
 FROM base AS mapper-frontend
 COPY mapper/package.json mapper/pnpm-lock.yaml ./
 RUN pnpm install
 COPY mapper/ .
-RUN pnpm run build --mode ${NODE_ENV}
+RUN pnpm run build
 
 
 FROM docker.io/rclone/rclone:1 AS prod

From ae1b964f456d3d76341250e14041c5097419c7f5 Mon Sep 17 00:00:00 2001
From: Sujan Adhikari <109404840+Sujanadh@users.noreply.github.com>
Date: Thu, 12 Dec 2024 16:29:37 +0545
Subject: [PATCH 07/15] fix: parse geojson to featcol in generate data extract
 (#1983)

---
 src/backend/app/projects/project_routes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/app/projects/project_routes.py b/src/backend/app/projects/project_routes.py
index dbc626f06c..0f8e5032f6 100644
--- a/src/backend/app/projects/project_routes.py
+++ b/src/backend/app/projects/project_routes.py
@@ -638,7 +638,7 @@ async def get_data_extract(
     TODO allow config file (YAML/JSON) upload for data extract generation
     TODO alternatively, direct to raw-data-api to generate first, then upload
     """
-    boundary_geojson = json.loads(await geojson_file.read())
+    boundary_geojson = parse_geojson_file_to_featcol(await geojson_file.read())
     clean_boundary_geojson = merge_polygons(boundary_geojson)
 
     # Get extract config file from existing data_models

From 4d81e09af3cc0866772caaf3b14b750318cc8b70 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Thu, 12 Dec 2024 14:36:28 +0000
Subject: [PATCH 08/15] docs: add page documenting user-generated field guides

---
 docs/manuals/field-mapping-examples.md | 10 ++++++++++
 mkdocs.yml                             |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 docs/manuals/field-mapping-examples.md

diff --git a/docs/manuals/field-mapping-examples.md b/docs/manuals/field-mapping-examples.md
new file mode 100644
index 0000000000..35af752980
--- /dev/null
+++ b/docs/manuals/field-mapping-examples.md
@@ -0,0 +1,10 @@
+# Field Mapping Examples
+
+Users often write their own guides for the team they are working with.
+
+This page provides some links to user-generated guides of FMTM over time.
+
+## Know Your City Africa: Ghana Slum Mapping
+
+[Link](https://docs.google.com/document/d/1i6LPj3Ah860BaSQCLvmxqbLmcQB3fM0_W8n15NEeZPo/edit?tab=t.0)
+to project document, including detail on the mapping workflow.
diff --git a/mkdocs.yml b/mkdocs.yml
index 8a3e3497fe..eb962b95f7 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -80,6 +80,7 @@ nav:
       - Project Manager Guide: manuals/project-managers.md
       - XLSForm Design: manuals/xlsform-design.md
       - ODKCollect Offline Maps: https://docs.getodk.org/collect-offline-maps
+      - Field Mapping Examples: manuals/field-mapping-examples.md
   - Developer Guide:
       - Dev Practices: https://docs.hotosm.org/dev-practices
       - Setup: dev/Setup.md

From d6451248b33a83ff4dc502f59cdbb879e55abfc2 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Thu, 12 Dec 2024 17:06:06 +0000
Subject: [PATCH 09/15] docs: update user roadmap and timeline

---
 README.md        | 15 ++++++++++-----
 docs/timeline.md | 24 ++++++++++++++++++++++--
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index d70e423f7c..a9b0d9a688 100644
--- a/README.md
+++ b/README.md
@@ -118,15 +118,20 @@ Alternatively see the [docs](https://docs.fmtm.dev) for various deployment guide
 |✅| 🖥️ view mapper submissions in the FMTM dashboard |
 |✅| 📢 Beta Release |
 |✅| 🖥️ & 📱 basic user tutorials and usage guides |
-|⚙️| 📱 open ODK Collect with feature already selected |
-|⚙️| 📱 live updates during mapping (if online) |
-| | 🖥️ export (+merge) the final data to OpenStreetMap |
-| | 🖥️ organization creation |
+|✅| 📱 open ODK Collect with feature already selected |
+|✅| 📱 live updates during mapping (if online) |
+|✅| 📱 features turn green once mapped |
+|⚙️| 📱 better support for mapping **new** points, lines, polygons |
+|⚙️| 📱 navigation and capability for routing to map features |
+| | 📱 integrate ODK Web Forms (to avoid switching apps) |
+| | 📱 fully offline field mapping |
+| | 🖥️ organization creation and management |
 | | 🖥️ simplify project creation with basic / advanced workflows |
 | | 🖥️ refinements to task splitting algorithm |
 | | 🖥️ improvements to the validation criteria and workflow |
+| | 🖥️ export (+merge) the final data to OpenStreetMap |
+| | 🖥️ better data visualisation and export options |
 | | 🖥️ Field Admin role |
-| | 📱 fully offline FMTM (± small field-based device) |
 <!-- prettier-ignore-end -->
 
 > [!Note]
diff --git a/docs/timeline.md b/docs/timeline.md
index c18cb779ff..8b3057d586 100644
--- a/docs/timeline.md
+++ b/docs/timeline.md
@@ -9,14 +9,34 @@ In reverse chronological order, with most recent events first.
 
 > <div class="timeline-container">
 >     <div class="timeline-entry">
+>         <div class="timeline-date">2025-01</div>
+>         <h3>Project: KYC, Ghana</h3>
+>         💼 Another SDI project, mapping informal settlements in Ghana.
+>         <div class="timeline-dot"></div>
+>     </div>
+>     <div class="timeline-entry">
+>         <div class="timeline-date">2025-01</div>
+>         <h3>Project: Tokha, Nepal</h3>
+>         💼 A project to map all buildings, and associated roads,
+>         in the Tokha municipality in Nepal.
+>         <div class="timeline-dot"></div>
+>     </div>
+>     <div class="timeline-entry">
+>         <div class="timeline-date">2024-12</div>
+>         <h3>Mapper Frontend Release</h3>
+>         📱 Release of the 'mapper frontend', a streamlined and
+>         intuitive mapping experience optimised for mobile devices.
+>         <div class="timeline-dot"></div>
+>     </div>
+>     <div class="timeline-entry">
 >         <div class="timeline-date">2024-10</div>
 >         <h3>Project: Mwanza, Tanzania</h3>
->         💼 Project alongside Slum Dwellers International, mapping
+>         💼 Project alongside Slum Dwellers International (SDI), mapping
 >         informal settlements in the Mwanza region.
 >         <div class="timeline-dot"></div>
 >     </div>
 >     <div class="timeline-entry">
->         <div class="timeline-date">2024-9</div>
+>         <div class="timeline-date">2024-09</div>
 >         <h3>Project: Freetown, Sierra Leone</h3>
 >         💼 Part of an E2E household enumeration survey together with the
 >         community of Jai-Mata, an informal settlement in Freetown.

From f8853b4b5308d9727dca523ad01a2219a2451e60 Mon Sep 17 00:00:00 2001
From: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>
Date: Thu, 12 Dec 2024 23:35:14 +0545
Subject: [PATCH 10/15] docs: add page documenting the new mapper workflow
 (#1937)

* Mapper_frontend Documentation

Added step by step guide for mapper frontend

Signed-off-by: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>

* Updated workflow steps

* finalised the mapper frontend

* Resolved requested changes

Signed-off-by: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>

* docs: update to mapper workflow docs on mapper frontend

---------

Signed-off-by: Manjita Pandey <97273021+manjitapandey@users.noreply.github.com>
Co-authored-by: spwoodcock <sam.woodcock@protonmail.com>
---
 docs/manuals/mapping.md | 109 ++++++++++++++++++++++++++++++++++++++++
 mkdocs.yml              |   1 +
 2 files changed, 110 insertions(+)
 create mode 100644 docs/manuals/mapping.md

diff --git a/docs/manuals/mapping.md b/docs/manuals/mapping.md
new file mode 100644
index 0000000000..fcc40ec6ae
--- /dev/null
+++ b/docs/manuals/mapping.md
@@ -0,0 +1,109 @@
+# Mapper Frontend Documentation
+
+The **Mapper Frontend** was developed to provide a simpler, more intuitive
+mapping experience.
+
+## Part (A): Setup For Mapping
+
+### Step 1: Install The Custom ODK Collect Mobile App
+
+- The first time you load the project, you should be prompted to download
+  the custom `.apk` from the sidebar.
+- Once downloaded, you should install the custom ODK Collect application.
+
+!!! tip
+
+      If you already have ODK Collect installed, you may have to uninstall
+      it first.
+
+      You may have to enable installing from unknown sources in your device
+      settings too.
+
+### Step 2: Access the Mapper Frontend
+
+- **Option 1:** Click the **Start Mapping** button on the project cards of
+  explore project page.
+- **Option 2:** Click the **Start Mapping** button on the project details page.
+- **Option 3:** Go to `https://fmtm.hotosm.org/mapnow/<project_id>` to open
+  the Mapper Frontend for a specific project.
+
+!!! note
+
+      This functionality is designed for mappers in the field, so it is
+      recommended to use a mobile device to access it.
+
+### Step 3: Configure ODK Collect (once only)
+
+- **Option 1:** Scan the QR code displayed on the Mapper Frontend using
+  the custom ODK Collect mobile application.
+
+- **Option 2:** Download the QR code and import it into ODK Collect to
+  load the project. Follow the steps below:
+
+  1. Open ODK Collect.
+  2. Click the project name in the top right corner.
+  3. Tap the **menu** icon (three horizontal dots).
+  4. Select **Import QR Code**.
+  5. Browse to the downloaded QR image and load the project.
+
+!!! tip
+
+      For a demonstration of the process above, click the **i** info icon
+      on the QR Code tab of the mapper frontend.
+
+### Step 4: Load Imagery (optional)
+
+- You can load the reference base imagery by clicking on offline mode option
+  (second tab on bottom navigation bar).
+- Choose the layer you want to load and click on **Show on Map** to visualise
+  the layer on map.
+- The layer can also be stored for offline mapping by clicking
+  **Store Offline**.
+
+## Part (B): Mapping Features
+
+### Select An Existing Feature
+
+In most cases we are submitting a survey about a feature that already exists.
+
+- Click on a task area: the features within will be displayed.
+- Now click on a feature you wish to map: a popup will appear.
+- Now click 'Map Feature In ODK': ODK Collect will open, with the
+  feature pre-selected in the survey (no need to open the ODK map!).
+- Complete the survey and submit.
+
+!!! note
+
+      You may manually click 'Start Mapping' for a task area.
+
+      However, the task will be automatically locked for you
+      if you map a feature within the task area.
+
+### Mapping A New Feature
+
+Sometimes the feature does not exist on the map yet!
+
+- Click on a task area: a popup will display.
+- At the top right, there is a button **Map New Feature**.
+- Click on the map to create a new geometry.
+- ODK Collect will be opened automatically to fill out the survey
+  data for the newly created feature.
+
+### Repeat The Process
+
+- Once the form is submitted, you have to get back to FMTM and select the
+  another feature for mapping.
+- You also also have to click the **Sync Status** button to see the feature
+  turn green.
+- Select another feature to map (repeat from step 5)!
+
+!!! note
+
+      You need internet access to update the feature status.
+
+      In a future release, this process will be handled seamlessly
+      without user interaction.
+
+## Upcoming improvements
+
+Refer the milestone: <https://github.com/hotosm/fmtm/milestone/50>
diff --git a/mkdocs.yml b/mkdocs.yml
index eb962b95f7..173ffa495c 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -77,6 +77,7 @@ nav:
       - Video Guides: manuals/videos.md
       - User Types Explanation: manuals/user-breakdown.md
       - Workflow Diagrams: manuals/workflow-diagrams.md
+      - Mapper Guide: manuals/mapping.md
       - Project Manager Guide: manuals/project-managers.md
       - XLSForm Design: manuals/xlsform-design.md
       - ODKCollect Offline Maps: https://docs.getodk.org/collect-offline-maps

From 5888d34e83ef9f10b1d51837d9449bd7e0099858 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Thu, 12 Dec 2024 23:57:10 +0000
Subject: [PATCH 11/15] refactor(mapper): add mapping guide to sidebar + update
 links

---
 src/frontend/src/utilities/CustomDrawer.tsx |  2 +-
 src/mapper/src/constants/drawerItems.ts     | 12 ++++--------
 src/mapper/src/lib/components/header.svelte |  2 +-
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/frontend/src/utilities/CustomDrawer.tsx b/src/frontend/src/utilities/CustomDrawer.tsx
index 60d3ce610f..6000c47a81 100644
--- a/src/frontend/src/utilities/CustomDrawer.tsx
+++ b/src/frontend/src/utilities/CustomDrawer.tsx
@@ -51,7 +51,7 @@ const MenuItems = [
   },
   {
     name: 'About',
-    ref: 'https://docs.fmtm.dev/About/',
+    ref: 'https://docs.fmtm.dev/about/about/',
     isExternalLink: true,
     isActive: true,
   },
diff --git a/src/mapper/src/constants/drawerItems.ts b/src/mapper/src/constants/drawerItems.ts
index 714ac2beca..3a2962fb3f 100644
--- a/src/mapper/src/constants/drawerItems.ts
+++ b/src/mapper/src/constants/drawerItems.ts
@@ -5,16 +5,12 @@ type drawerItemsType = {
 
 export const drawerItems: drawerItemsType[] = [
 	{
-		name: 'Explore Projects',
-		path: `${window.location.origin}`,
-	},
-	{
-		name: 'Learn',
-		path: 'https://hotosm.github.io/fmtm',
+		name: 'About',
+		path: 'https://docs.fmtm.dev/about/about/',
 	},
 	{
-		name: 'About',
-		path: 'https://docs.fmtm.dev/About/',
+		name: 'Guide For Mappers',
+		path: 'https://docs.fmtm.dev/manuals/mapping/',
 	},
 	{
 		name: 'Support',
diff --git a/src/mapper/src/lib/components/header.svelte b/src/mapper/src/lib/components/header.svelte
index 5d98fddb60..f5f173f135 100644
--- a/src/mapper/src/lib/components/header.svelte
+++ b/src/mapper/src/lib/components/header.svelte
@@ -25,7 +25,7 @@
 
 <div class="p-3 flex items-center justify-between">
 	<div class="flex items-center gap-1">
-		<img src={HotLogo} alt="hot-logo" class="h-[2.2rem] sm:h-[3rem]" />
+		<a href={window.location.origin}><img src={HotLogo} alt="hot-logo" class="h-[2.2rem] sm:h-[3rem]" /></a>
 		<img src={HotLogoText} alt="hot-logo" class="h-[2.2rem] sm:h-[3rem]" />
 	</div>
 	<div class="flex items-center gap-4">

From 1d5ab61a5c9ddfc3d5de67dc26c332da9301ba49 Mon Sep 17 00:00:00 2001
From: Sam <78538841+spwoodcock@users.noreply.github.com>
Date: Fri, 13 Dec 2024 15:51:54 +0545
Subject: [PATCH 12/15] feat(mapper): prompt user to download custom ODK
 Collect on first load (#1989)

* feat(mapper): prompt user to download odk collect on first load

* refactor: update text for custom odk prompt tooltip
---
 src/mapper/src/lib/components/header.svelte | 51 ++++++++++++++++-----
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/src/mapper/src/lib/components/header.svelte b/src/mapper/src/lib/components/header.svelte
index f5f173f135..1a7848c112 100644
--- a/src/mapper/src/lib/components/header.svelte
+++ b/src/mapper/src/lib/components/header.svelte
@@ -6,10 +6,16 @@
 	import { drawerItems as menuItems } from '$constants/drawerItems.ts';
 	import { revokeCookies } from '$lib/utils/login';
 	import { getAlertStore } from '$store/common.svelte';
+	import { getProjectSetupStepStore } from '$store/common.svelte.ts';
+	import { projectSetupStep as projectSetupStepEnum } from '$constants/enums.ts';
 
 	let drawerRef: any = $state();
+	let drawerOpenButtonRef: any = $state();
 	const loginStore = getLoginStore();
 	const alertStore = getAlertStore();
+	const projectSetupStepStore = getProjectSetupStepStore();
+
+	let isFirstLoad = $derived(+projectSetupStepStore.projectSetupStep === projectSetupStepEnum['odk_project_load']);
 
 	const handleSignOut = async () => {
 		try {
@@ -74,19 +80,40 @@
 			</sl-button>
 		{/if}
 
-		<!-- drawer component toggle trigger -->
-		<hot-icon
-			name="list"
-			class="!text-[1.8rem] text-[#52525B] leading-0 cursor-pointer hover:text-red-600 duration-200"
-			onclick={() => {
-				drawerRef.show();
-			}}
-			onkeydown={() => {
-				drawerRef.show();
+		<!-- drawer component toggle trigger (snippet to reuse below) -->
+		{#snippet drawerOpenButton()}
+			<hot-icon
+				name="list"
+				class="!text-[1.8rem] text-[#52525B] leading-0 cursor-pointer hover:text-red-600 duration-200"
+				style={isFirstLoad ? 'background-color: var(--sl-color-yellow-300);' : ''}
+				onclick={() => {
+					drawerRef.show();
+				}}
+				onkeydown={() => {
+					drawerRef.show();
+				}}
+				role="button"
+				tabindex="0"
+			></hot-icon>
+	  	{/snippet}
+		<!-- add tooltip on first load -->
+		{#if isFirstLoad}
+		<hot-tooltip
+			bind:this={drawerOpenButtonRef}
+			content="First download the custom ODK Collect app here"
+			open={true}
+			placement="bottom"
+			onsl-after-hide={() => {
+				// Always keep tooltip open
+				drawerOpenButtonRef.show();
 			}}
-			role="button"
-			tabindex="0"
-		></hot-icon>
+		>
+			{@render drawerOpenButton()}
+		</hot-tooltip>
+		<!-- else render with no tooltip -->
+		{:else}
+			{@render drawerOpenButton()}
+		{/if}
 	</div>
 </div>
 <Login />

From 0065687a713551abfe6b2e71768745d0c92f3894 Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Fri, 13 Dec 2024 14:38:16 +0000
Subject: [PATCH 13/15] docs: add info about cloning repo on unstable
 connections to FAQ

---
 docs/about/faq.md | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/docs/about/faq.md b/docs/about/faq.md
index 29f86c9ec6..f56d4e7f94 100644
--- a/docs/about/faq.md
+++ b/docs/about/faq.md
@@ -275,7 +275,7 @@ into your language.
 ### What technologies are used in FMTM?
 
 FMTM is built using several technologies, including FastAPI,
-Postgres, React, and web components. The codebase is written in
+Postgres, React, Svelte, and web components. The codebase is written in
 Python & TypeScript mostly.
 
 ---
@@ -288,6 +288,50 @@ Please follow the instructions in the setup guide on this site.
 
 ---
 
+### Help! Cloning the repo doesn't work for me
+
+If you are receiving errors cloning the repo, it may be an unstable internet
+connection causing issues.
+
+First, please check your internet connection, or use another connection if
+possible.
+
+One option to reduce the amount of content that needs to be downloaded
+is to do a shallow clone:
+
+    ```bash
+    # Shallow clone only the `development` branch
+    git clone --depth 1 --no-single-branch https://github.com/hotosm/fmtm.git
+    ```
+
+To pull additional branches as you need them (for example, to work on them):
+
+    ```bash
+    git fetch origin branch-name
+    git checkout branch-name
+    ```
+
+As an **absolute last resort**, you could try the following:
+
+    ```bash
+    # Set HTTP version to 1.1 for stability (multiple connections vs multiplexing)
+    git config --global http.version HTTP/1.1
+
+    # Increase timeout to 3 minutes
+    git config --global http.lowSpeedTime 180
+
+    # Allow retries in case of failure
+    git config --global http.retry 3
+
+    # Disable integrity checks for easier resume
+    git config --global fetch.fsckObjects false
+    git config --global fetch.writeCommitGraph false
+
+    # Your clone command here...
+    ```
+
+---
+
 ### How can I report a bug or suggest a new feature for FMTM?
 
 You can report bugs or suggest new features by opening an issue on

From bc2399da90c086a2f0b906eeac49e463024790d6 Mon Sep 17 00:00:00 2001
From: Nishit Suwal <81785002+NSUWAL123@users.noreply.github.com>
Date: Fri, 13 Dec 2024 23:50:01 +0545
Subject: [PATCH 14/15] fix(mapper): offline mode button visibility & basemap
 component TS type error (#1990)

* fix(basemaps): fix ts type errors

* fix(basemaps): use target instead of originalTarget
---
 .../lib/components/offline/basemaps.svelte    | 185 +++++++++---------
 src/mapper/src/lib/utils/basemaps.ts          |   6 +-
 2 files changed, 94 insertions(+), 97 deletions(-)

diff --git a/src/mapper/src/lib/components/offline/basemaps.svelte b/src/mapper/src/lib/components/offline/basemaps.svelte
index 8ff8fa9917..f8af87e6aa 100644
--- a/src/mapper/src/lib/components/offline/basemaps.svelte
+++ b/src/mapper/src/lib/components/offline/basemaps.svelte
@@ -1,20 +1,20 @@
 <script lang="ts">
-    import { onMount } from 'svelte';
+	import { onMount } from 'svelte';
 	import type { Snippet } from 'svelte';
-    import type { SlSelectEvent } from '@shoelace-style/shoelace/dist/events';
-    // FIXME this is a workaround to re-import, as using hot-select
-    // and hot-option prevents selection of values!
-    // TODO should raise an issue in hotosm/ui about this / test further
+	import type { SlSelectEvent } from '@shoelace-style/shoelace/dist/events';
+	// FIXME this is a workaround to re-import, as using hot-select
+	// and hot-option prevents selection of values!
+	// TODO should raise an issue in hotosm/ui about this / test further
 	import '@shoelace-style/shoelace/dist/components/select/select.js';
 	import '@shoelace-style/shoelace/dist/components/option/option.js';
 	import '@shoelace-style/shoelace/dist/components/button/button.js';
 
-    import type { Basemap } from '$lib/utils/basemaps';
-    import { getProjectBasemapStore } from '$store/common.svelte.ts';
+	import type { Basemap } from '$lib/utils/basemaps';
+	import { getProjectBasemapStore } from '$store/common.svelte.ts';
 	import { loadOnlinePmtiles, writeOfflinePmtiles } from '$lib/utils/basemaps';
 
 	interface Props {
-        projectId: number;
+		projectId: number;
 		children?: Snippet;
 	}
 
@@ -22,103 +22,100 @@
 	const basemapStore = getProjectBasemapStore();
 	let selectedBasemap: Basemap | null = $state(null);
 
-    // Reactive variables
+	// Reactive variables
 	let basemapsAvailable: boolean = $derived(basemapStore.projectBasemaps && basemapStore.projectBasemaps.length > 0);
 
 	onMount(() => {
-        basemapStore.refreshBasemaps(projectId);
+		basemapStore.refreshBasemaps(projectId);
 	});
 </script>
 
 <div class="flex flex-col items-center p-4 space-y-4">
-    <!-- Text above the basemap selector -->
-    <div class="text-center w-full">
-        <div class="font-bold text-lg font-barlow-medium">
-            <span class="mr-1">Manage Basemaps</span>
-        </div>
-    </div>
+	<!-- Text above the basemap selector -->
+	<div class="text-center w-full">
+		<div class="font-bold text-lg font-barlow-medium">
+			<span class="mr-1">Manage Basemaps</span>
+		</div>
+	</div>
 
-    <!-- Basemap selector -->
-    <div class="flex justify-center w-full max-w-sm">
-        {#if basemapsAvailable}
-            <!-- Note here we cannot two way bind:var to the web-component,
+	<!-- Basemap selector -->
+	<div class="flex justify-center w-full max-w-sm">
+		{#if basemapsAvailable}
+			<!-- Note here we cannot two way bind:var to the web-component,
             so use event instead -->
-            <sl-select
-                placeholder="Select a basemap"
-                onsl-change={(event: SlSelectEvent) => {
-                    const selectedId = event.originalTarget.value
-                    selectedBasemap = basemapStore.projectBasemaps?.find((basemap: Basemap) => basemap.id === selectedId) || null
-                }}
-            >
-                {#each basemapStore.projectBasemaps as basemap}
-                {#if basemap.status === "SUCCESS"}
-                    <sl-option value={basemap.id}>
-                        {basemap.tile_source} {basemap.format}
-                    </sl-option>
-                {/if}
-                {/each}
-            </sl-select>
-        {:else}
-            <div class="text-center w-full">
-                <div class="text-sm font-barlow-medium">
-                    There are no basemaps available for this project.
-                </div>
-                <div class="text-sm font-barlow-medium pt-2">
-                    Please ask the project manager to create basemaps.
-                </div>
-            </div>
-        {/if}
-    </div>
+			<sl-select
+				placeholder="Select a basemap"
+				onsl-change={(event: SlSelectEvent) => {
+					const selectedId = event.target.value;
+					selectedBasemap = basemapStore.projectBasemaps?.find((basemap: Basemap) => basemap.id === selectedId) || null;
+				}}
+			>
+				{#each basemapStore.projectBasemaps as basemap}
+					{#if basemap.status === 'SUCCESS'}
+						<sl-option value={basemap.id}>
+							{basemap.tile_source}
+							{basemap.format}
+						</sl-option>
+					{/if}
+				{/each}
+			</sl-select>
+		{:else}
+			<div class="text-center w-full">
+				<div class="text-sm font-barlow-medium">There are no basemaps available for this project.</div>
+				<div class="text-sm font-barlow-medium pt-2">Please ask the project manager to create basemaps.</div>
+			</div>
+		{/if}
+	</div>
 
-    <!-- Load baselayer & download to OPFS buttons -->
-    {#if selectedBasemap && selectedBasemap.format === 'pmtiles' }
-        <hot-button
-            onclick={() => loadOnlinePmtiles(selectedBasemap.url)}
-            onkeydown={(e: KeyboardEvent) => {
-                e.key === 'Enter' && loadOnlinePmtiles(selectedBasemap.url);
-            }}
-            role="button"
-            tabindex="0"
-            size="small"
-            class="secondary w-full max-w-[200px]"
-        >
-            <hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
-            ></hot-icon>
-            <span class="font-barlow-medium text-base uppercase">Show On Map</span>
-        </hot-button>
+	<!-- Load baselayer & download to OPFS buttons -->
+	{#if selectedBasemap && selectedBasemap.format === 'pmtiles'}
+		<hot-button
+			onclick={() => loadOnlinePmtiles(selectedBasemap?.url)}
+			onkeydown={(e: KeyboardEvent) => {
+				e.key === 'Enter' && loadOnlinePmtiles(selectedBasemap?.url);
+			}}
+			role="button"
+			tabindex="0"
+			size="small"
+			class="secondary w-full max-w-[200px]"
+		>
+			<hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
+			></hot-icon>
+			<span class="font-barlow-medium text-base uppercase">Show On Map</span>
+		</hot-button>
 
-        <hot-button
-            onclick={() => writeOfflinePmtiles(projectId, selectedBasemap.url)}
-            onkeydown={(e: KeyboardEvent) => {
-                e.key === 'Enter' && writeOfflinePmtiles(projectId, selectedBasemap.url);
-            }}
-            role="button"
-            tabindex="0"
-            size="small"
-            class="secondary w-full max-w-[200px]"
-        >
-            <hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
-            ></hot-icon>
-            <span class="font-barlow-medium text-base uppercase">Store Offline</span>
-        </hot-button>
+		<hot-button
+			onclick={() => writeOfflinePmtiles(projectId, selectedBasemap?.url)}
+			onkeydown={(e: KeyboardEvent) => {
+				e.key === 'Enter' && writeOfflinePmtiles(projectId, selectedBasemap?.url);
+			}}
+			role="button"
+			tabindex="0"
+			size="small"
+			class="secondary w-full max-w-[200px]"
+		>
+			<hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
+			></hot-icon>
+			<span class="font-barlow-medium text-base uppercase">Store Offline</span>
+		</hot-button>
 
-    <!-- Download Mbtiles Button -->
-    {:else if selectedBasemap && selectedBasemap.format === 'mbtiles' }
-        <hot-button
-            onclick={() => window.open(selectedBasemap.url)}
-            onkeydown={(e: KeyboardEvent) => {
-                e.key === 'Enter' && window.open(selectedBasemap.url);
-            }}
-            role="button"
-            tabindex="0"
-            size="small"
-            class="secondary w-full max-w-[200px]"
-        >
-            <hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
-            ></hot-icon>
-            <span class="font-barlow-medium text-base uppercase">Download MBTiles</span>
-        </hot-button>
-    {/if}
+		<!-- Download Mbtiles Button -->
+	{:else if selectedBasemap && selectedBasemap.format === 'mbtiles'}
+		<hot-button
+			onclick={() => window.open(selectedBasemap?.url)}
+			onkeydown={(e: KeyboardEvent) => {
+				e.key === 'Enter' && window.open(selectedBasemap?.url);
+			}}
+			role="button"
+			tabindex="0"
+			size="small"
+			class="secondary w-full max-w-[200px]"
+		>
+			<hot-icon slot="prefix" name="download" class="!text-[1rem] text-[#b91c1c] cursor-pointer duration-200"
+			></hot-icon>
+			<span class="font-barlow-medium text-base uppercase">Download MBTiles</span>
+		</hot-button>
+	{/if}
 
-    {@render children?.()}
+	{@render children?.()}
 </div>
diff --git a/src/mapper/src/lib/utils/basemaps.ts b/src/mapper/src/lib/utils/basemaps.ts
index 485ec106da..f300ae40b8 100644
--- a/src/mapper/src/lib/utils/basemaps.ts
+++ b/src/mapper/src/lib/utils/basemaps.ts
@@ -38,7 +38,7 @@ export async function getBasemapList(projectId: number): Promise<Basemap[]> {
 	}
 }
 
-export async function loadOnlinePmtiles(url: string | null) {
+export async function loadOnlinePmtiles(url: string | undefined) {
 	if (!url) return;
 
 	const pmtilesUrl = `pmtiles://${url}`;
@@ -60,7 +60,7 @@ export async function loadOfflinePmtiles(projectId: number) {
 	basemapStore.setProjectPmtilesUrl(pmtilesUrl);
 }
 
-async function downloadBasemap(url: string | null): Promise<ArrayBuffer> {
+async function downloadBasemap(url: string | undefined): Promise<ArrayBuffer> {
 	let basemapData: ArrayBuffer = new ArrayBuffer(0);
 
 	if (!url) return basemapData;
@@ -87,7 +87,7 @@ async function downloadBasemap(url: string | null): Promise<ArrayBuffer> {
 	}
 }
 
-export async function writeOfflinePmtiles(projectId: number, url: string | null) {
+export async function writeOfflinePmtiles(projectId: number, url: string | undefined) {
 	const data = await downloadBasemap(url);
 
 	// Copy to OPFS filesystem for offline use

From 259c2564880fbfd3a218a05e10911d2ebfe5834f Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Sun, 15 Dec 2024 23:33:51 +0000
Subject: [PATCH 15/15] fix(frontend): small fix to reset frontend login if
 cookie refresh fails

---
 src/frontend/src/App.tsx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/frontend/src/App.tsx b/src/frontend/src/App.tsx
index c5d83aa561..8138f0a963 100755
--- a/src/frontend/src/App.tsx
+++ b/src/frontend/src/App.tsx
@@ -31,6 +31,9 @@ const RefreshUserCookies = () => {
             } else {
               console.error('Failed to fetch user details after cookie refresh.');
             }
+          } else {
+            // Reset frontend login state on 401
+            dispatch(LoginActions.setAuthDetails(null));
           }
         }
       } catch (err) {