Student - Chirag Singhal
Organisation: AOSSIE
-
Projects :
- Agora Web API: https://gitlab.com/aossie/Agora-Web
- Agora Web Frontend: https://gitlab.com/aossie/Agora-web-frontend
-
Live demo of the Projects:
- Agora Web API: https://agora-web-api-gsoc-2019.herokuapp.com
- Agora Web Frontend: https://agora-web-gsoc-2019.herokuapp.com/
The goal of the project is to Implement all privacy concerns as described in this document https://civs.cs.cornell.edu/sec_priv.html and users should be able to add two factor authentication as another security step for login. The system should be able to recognize and track the different devices through which the user has been able to signin with.
I have identified the following tasks in the project at the starting of the project - Done
- System will not save voter's email instead will use hash of email and election key - Done
- Endpoint for public election creation - Done
- Endpoint for verify voter of public election - Done
- System will be able to generate time based one time password - Done
- Endpoint to toggle two factor authentication enabled or disabled - Done
- Endpoint to verify time based one time password - Done
- Endpoint for resending one time password - Done
- Endpoint for verifying security question - Done
- System will be able to add a device as trusted device - Done
This project is created using play framework 2.6 seeds template.
These are some of the main technologies, we have used in the project.
- sbt - Build tool for Scala.
- Play framework - The Web framework is used to build the project.
- Swagger Play - Plugin that provides swagger documentation for play framework
- Scala - Language which is used to write the server site.
- MongoDB – Database used for the project.
- Silhouette Documentation - Handle the user authentication and authorization for the project.
- Play2-ReactiveMongoDB - Used to connect with the MongoDB
- specs2 - Used to unit tests.
We started the Google summer of code by the aim to remove saving of voter's personal information as clear text. Firstly we implemented md5 hashing function and updated voter and ballot classes. I discussed a lot about security concerns with my mentor Abanda Ludovic. After that we implemented not saving voter's email and instead using hash of email and election private key as an identifier for voter.
After that we started working on the second type of election i.e Public Election. We updated election creation process, implemented verify voter links for polls and updated voting process to identify voter on basis of IP address in public elections and save the hash of IP address and private election key to identify user in polls.
After which we started with Two Factor Authentication and implemented RFC 6238 algorithm to generate time based one time password and a shared secret between client and server side. Implemented users to enable and disable two factor authentication and updated user class and get UserData. We implemented verify one time passoword and resend one time password endpoints.
Finally we worked on adding security question instead of one time password in case sometimes users don't have access to their emails. We updated the signup models and added trust my device feature to skip two factor authentication if the device is added as trusted device. After that we fixed a bug in update profile.
I would like to thank every AOSSIE member, especially my mentors, Abanda Ludovic, Bruno Woltzenlogel Paleo and Thuvarakan Tharmarajasingam for being so nice and helpful. I have learnt a lot in the past 3 months and it has been a great experience to be a part of this wonderful community.
-
Merge request !1 - Not saving voter email - status Merged
- Implement md5 hashing function
- Implemented not saving voter's email instead saving hash of email and election key
- Updated add voter and voting process
- Updated voter and ballot classes
-
Merge request !2 - Public Elections - status Merged
- Updated election class
- Implemented create public election process
- Implemented voting process for polls, identifying voter's ip address
- Implemented verify voter link in polls
-
Merge request !3 - Two Factor Authentication - Status: Merged
- Implemented time based one time password generation
- Implemented sending one time password using email
- Implemented resend one time password endpoints
- Implemented user to enable disable two factor authentication endpoints
-
Merge request !4 - Security Question and Trust Device - Status: Merged
- Updated user class to add security Question
- Updated user registeration to include security question
- Implemented get security Question endpoint
- Implemented login using security question
- Implemeneted adding verified devices for two factor authentication
- Updated login endpoint to use trusted devices
- Fixed bug in update profile
-
Merge request !5 - GSOC docs - Status: Merged
- Added documentation for my GSOC work
The goal of this project is to build a new frontend for Agora Web. This part of the project was to produce an angular 8 application as frontend for the Agora platform. The project was built from scratch and uses lazy laoding to load components and angular universal for SEO.
I have identified the following tasks in the project at the starting of the project.
- Interface for user signup and login with email base accounts - Done
- Interface for user login using social media account - Done
- Interface for user to change password for email based accounts - Done
- Interface for user to logout - Done
- Interface for user to create and schedule Election. - Done
- Interface for user to edit Election. - Done
- Interface for user to delete the Election. - Done
- Interface for election creator to invite the voters to vote for the Election. - Done
- Interface for voters to vote the Election. - Done
- Interface for for election results - Done
- Interface for two factor authentication - Done
This project is created using Angular 8. It makes use of various open source libraries available for angular 8. Some of which are listed below
- Node.js - Provides the package manager used in this project
- Agular CLI - Command line tool required to work with application
- Angular Universal
- Angular 8 - The web framework used to build this project
- Bootstrap - HTML and CSS frontend framework
- Angularx-social-login - Social login library for angular applications
- Material icons - Material design icons for angular applications
- ng-pick-datetime - DateTime picker library used to select date and time
- sweetalert2 - Notification library used to give feedback to the user
We started working on the frontend at the beginning of the second phase of GSOC. We started by using old models and defining new models that are required to communicate with the backend. Then we added Angular Universal for SEO. From there we started working with user authentication, the first authentication type we started with was the email based account authentication system the we later finished with authentication using social providers such as Facebook. To obtain social accounts from the social providers we used Angularx-social-login. At this point users could signup and login into the system. After that we created interface for two factor authentication.
After that we started working on election services and specific models to support our design.
After which we worked on user specific actions such as viewing profile information, updating profile, changing their password, two factor authentication and user logout. We created interfaces for the actions described above
After that we started working on dashboard which showed various statistics. We created interfaces to create, edit and delete elections. After that we created an interface to show the results of the election. After this we created interfaces for the election creator to invite voters.
After that we worked on adding security question to register form and interface for users to login if user doesn't have access to his email and has two factor authentication enabled without providing One Time Password by answering the security question which user answered while registering. Then finally we also created interfaces for these voters to vote for the elections they were invited.
I would like to thank every AOSSIE member, especially my mentors, Abanda Ludovic, Bruno Woltzenlogel Paleo and Thuvarakan Tharmarajasingam for being so nice and helpful. I have learnt a lot in the past 3 months and it has been a great experience to be a part of this wonderful community.
-
Merge request !1 - Initial angular 8 setup: - status Merged
- Initialized the project with Agular 8 web framework using [Agular CLI]
-
Merge request !2 - Setup Angular Universal for SEO - status Merged
- Added Angular Universal Angular Universal is a Pre-Rendering solution for Angular.
-
Merge request !3 - Login SignUp - Status: Merged
- Implemented user signup and signin using email base accounts
- Implemented user signin using social providers.
- Implemented extra layer of security with Two Factor Authentication
-
Merge request !4 - Create Election - Status: Merged
- Implemented create private and public election
-
Merge request !5 - Profile - Status: Merged
- Implemented profile interface with ability to update profile information
- Implemented user to change password
- Implemented enabling and disabling Two Factor Authentication
-
Merge request !6 - Dashboard - Status: Merged
- Implemented user dashboard containing user elections and some statistics
- Implemented edit and election interfaces
- Implemented interface for user to view election results
- Implemented interface for election creator to invite voters
-
Merge request !7 - Security Question and Trust Device - Status: Open
- Implemented security question in register form and Two Factor Authentication
- Implementd trust my device in Two Factor Auhtentication
-
Merge request !8 - Voting - Status: Merged
- Implemented interface for voters to vote
-
Merge request !9 - GSOC docs - Status: Merged
- Added gsoc readme file