Skip to content

Instantly share code, notes, and snippets.

@chdinesh1089
Last active August 28, 2020 17:41
Show Gist options
  • Save chdinesh1089/39d38cf17601cedd3d5467023411b09a to your computer and use it in GitHub Desktop.
Save chdinesh1089/39d38cf17601cedd3d5467023411b09a to your computer and use it in GitHub Desktop.
Google Summer of Code 2020: Final Report

Google Summer of Code 2020 -- Zulip

This document contains my major contributions to zulip as part of GSoC work which is a combination of several small and medium sized projects. This only lists the major projects but not the few minor yet valuable enhancements and bug fixes that got merged into Zulip's codebase. All of them can be found in commits and Pull requests made by me. My weekly checkins at chat.zulip.org are also great to view my work.

Sign in with Apple

Integrated Sign in with Apple authentication. The work on this was started before GSoC but most of the valuable work was done during early GSoC period. This was a collaboration with my mentor Mateusz Mandera where most of the work on native flow was by him. Working on this was a great learning experience. It had me look into the internals of python-social-auth and gave a better understanding of authentication flow in general.

This required us to override several python-social-auth functions of apple auth class since Apple sent the user details as a POST request which caused variables like state token stored in the session to be cleared. This was handled by storing those fields in redis. These are the two major commits on Sign in with Apple: dc90d54, d308c12 and PRs #15274, #14237. There were also a few enhancements and bug fixes made after those were merged and can be found with https://github.com/zulip/zulip/pulls?q=is%3Apr+author%3Achdinesh1089+apple

Different logger for authentication

Added a separate logger for authentication backends to make it easier to spot auth logs. Along with this change, assertLogs was introduced to zulip's authentication tests to check that certain logging calls have been made. It was previously handled by mocking the logger generating logs. Link to PR: zulip/zulip#15183

Allowed domains table

Moved the realm domains table to the settings page which was a modal that appears when an admin chooses to restrict user based on email domain previously. This was done as a prerequisite to restrict certain domains to require or not require invitation to join the organization. To avoid any confusion that occurs on adding this field, I moved the domains table to the settings page leaving no room for any confusion that could occur from having an invite required field.

Link to PR: zulip/zulip#15129 (not merged)

PR that adds invite required feature: zulip/zulip#14636 (not merged, was done before GSoC started)

Render config error page on mis-configuration of SSO authentication backends

When there was some configuration error with authentication backends, users were redirected to a configuration error page. It was confusing to users as they tend to refresh after fixing configuration issues. To resolve this, we render the configuration error page instead of redirecting with this Pull Request

Puppeteer tests

Migrated the CasperJS frontend tests of zulip to Puppeteer since CasperJS is no longer actively maintained and had a lot of flaky tests which were failing too often on master. The challenging part about writing puppeteer tests was to avoid tests from being flaky which required a lot of debugging as it was not straight forward what's causing the rare false negatives which were only found on running each test few hundreds of times. Priyank Patel, who was also working on this helped a lot with debugging flakes. All the work related to this was sent in multiple PRs. This link lists them all https://github.com/zulip/zulip/pulls?q=is%3Apr+author%3Achdinesh1089+puppeteer

Insist users on changing weak passwords

When a user has a weak password, they'll be insisted to change their password by being taken to reset password page just after logging in with the changes in the PR: zulip/zulip#15449 (Not merged. Also includes a commit for error handling of a rare case causing unexpected tracebacks)

Re-authentication for stronger validation to change email address

When a user wanted to change their email it was simply entering their new email in the user settings section and then clicking the confirmation link sent to the new email. To have a stronger validation, I worked on requiring the user to re-authenticate with their old email for one last time after clicking the confirmation link. Added re-authetication support for all the three authentication flows: email+password, social auth(Google, GitHub etc) and remote SSO flows. Link to PR: zulip/zulip#15805 (Not merged)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment