[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GSoC weekly report of Alexandre Viau for week 2


This is my weekly report for week 2.

= authentication =

Much of week 2 was spent on authenticaiton. I have completed an oauth2
authentication module which allows autodeb administrators to point the
autodeb master to any oauth2 provider. Much of the testing was done with
salsa.debian.org. It is now possible to log into autodeb with your
salsa.debian.org credentials.

I have also gotten in touch with the developers on the new
sso.debian.org, asking for details about how SSO will work. They have
informed me that it will work much like salsa, allowing me to switch to
sso.debian.org when it is released.

I made sure that authentication is built in such a way that it is easy
to write new authentication modules. For now, there are two available
 - oauth: point autodeb to an oauth provider
 - disabled: authentication is disabled.

In the future, it will be trivial to implement new authentication
backends such as:
 - debug: allows you to log in as any user without any validation,
useful when developing the application.

= pgp =

I have developed an interface where users can add GPG keys to their
account. In order to add a key to their account, they have to submit it
along with a signed proof stating that "As of $date, I am $userid on

Autodeb-servers now refuses uploads that are not signed. Signed uploads
are associated to the user with the corresponding key. Unrecognized
signatures are rejected.

= server refactor =

The App package was getting big. I have split it into appCtx and
Services. AppCtx is a simple struct that holds everything that is needed
to serve a request. Services contains sub-packages that implement the
bulk of the application's logic:
 - Uploads
 - Jobs
 - PGP

= web frontend =

Created an http/sessions package that wraps github.com/gorilla/sessions.
This allows for protecting autodeb against any API changes. I have
greatly limited the exposed API surface so that it is easy to switch to
another sessions library. At the same time, I have added an easy-to-use
flash API, allowing for the backend to add error messages that will be
displayed to the user on its next request.

Refactored the page handlers to avoid code duplication:
 - getting the user
 - getting the user's session and flashes

Rewritten the home page, adding more information on the project and a
guide on getting started with autodeb.

Implemented bootstrap 4, making the website much nicer.

= infrastructure =

Obtained an https for auto.debian.net (I was ratelimited by Let's
Encrypt last week and I had lost my last certificate)

Configure OAuth for the production environment.

= Packaging =

Made a new release and adapted pacakging:
 - new command-line flags
 - new dependencies
 - copyright section for bootstrap
 - copyright section for the debian logo SVG


Alexandre Viau

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: