Public Lab Research note

GSOC Multi Party Auth System

by bansal_sidharth2996 | August 07, 2018 16:59 07 Aug 16:59 | #16878 | #16878

GSoC 2018 Work Product - Sidharth Bansal

Aim

To develop a Multi party authentication system for the website publiclab.org. 😃 The system should enable users to

  • log in through email and password
  • log in through providers
  • log out
  • sign up through the sign up form
  • sign up providers
  • link and unlink providers Four providers were needed to be included in the existing authentication system of public labs, namely Google, Github, Twitter and Facebook.

Project

Sign Up

  1. Sign Up via the sign-up form: One can fill in the sign-up form available at publiclab.org/signup and create his/her account.

  2. Sign Up via provider:

  3. Sign up via provider for New User: If he wants to sign up via provider then he/she logs in via his/her provider's account. Then a new account is generated for the user along with the provider's information as user-tag available on www.publiclab.org/profile/user_name page. An email is sent so that he/she can set their password.

  4. Sign up of existing user: For an existing user, if he/she clicks on Sign Up via providers on the www.publiclab.org then the provider's information is linked to his/her existing account and he/she is logged in. The existing user is checked via the email address in Public Lab database.

Log In

A user can either log in via username and password or via clicking on desired provider's icon on the header or on www.publiclab.org/login.

Linking of providers to the user account

A user can link multiple providers to his account by going to the www.publiclab.org/edit and connecting the desired provider.

Delinking of a provider

A user may want to delete a provider so he/she can go to www.publiclab.org/profile/user_name and can delete the oauth:providers_name:uid usertag.

Linking of account to the same provider again

If a user tries to add another account of the same provider then he is notified with a flash message.

Log Out

User can log out via public labs by clicking on the log out button available on the header of www.publiclab.org

I have contributed to Public labs at multiple issues. My main project is broken down into following sections. The following segments are completed.

Implementation common to all providers

  • Added omniauth gem and fiagro gem
  • Installed Openssl
  • Made localhost work under https connection
  • Write Documentaion for openssl, omniauth and related gems
  • Defined routes
  • Modified UserTag to acts as identiy model
  • Added OmniAuth Capability to User Model
  • Wiki Page

Google Provider

  • Added omniauth-google-oauth2 gem
  • Set up developers app
  • Added OmniAuth Configuration to initializer
  • Wrote user session controller tests for the login through Google
  • Wrote integration tests for the login through Google

Github Provider

  • Added omniauth-github gem
  • Added OmniAuth Configuration to initializer
  • Set up developers app
  • Wrote user session controller tests for the login through Github
  • Wrote integration tests for the login through Github

Twitter Provider

  • Added omniauth-twitter gem
  • Set up developers app
  • Added OmniAuth Configuration to initializer
  • Wrote user sessions controller tests for the login through Twitter
  • Wrote integration tests for the login through Twitter

Facebook Provider

  • Added omniauth-facebook gem
  • Set up developers app
  • Added OmniAuth Configuration to initializer
  • Write user session controller tests for the login through Facebook
  • Write integration tests for the login through Facebook

Handling Security Vulnerabilities

  • Introduction of Password checker field into user model
  • Uid field filter on profile page - only the admin and the user himself can see the usertag
  • Uid field filter on profile page - only the admin and the user himself can see the usertag tests

Front End

  • Header
  • Profile Page
  • Login Page
  • Sign Up Page
  • Edit Page

The first project that is Multi Party Authentication System is completed fully. It is tested under BDD and TDD with help of Minitest. Second project of Bootstrap Upgradation could not be started due to other projects going on the website and need of website redesign.

Additional Links

Mentors

Special thanks to the Public Lab collaborators and following mentors.

  • Jeffrey Warren
  • Mayank Kashyap
  • Ujjwal Sharma
  • Emmanuel Hayford
  • Liz Ebarry

0 Comments

Login to comment.

Share

Public Lab is open for anyone and will always be free. By signing up you'll join a diverse group of community researchers and tap into a lot of grassroots expertise.

Sign up