Practice WOD: DigitsCloudAuthentication

One important issue with authentication is keeping credentials private. For example, in the previous WODs for this module, you have put the user name and password for authorized users directly into the source code, and committed that code to GitHub. This strategy is obviously unusable for real world applications.

The goal of this WOD is for you to learn how to use environment variables to avoid putting authentication credentials into source code. This can be used for both developing your application locally and deploying it to the cloud. The goal is to provide the admin email and password in environment variables which the application uses to initialize the model. If those environment variables are not found on startup, the application should indicate this immediately:

The online references for this process include:

It’s worth trying to solve this yourself for a few minutes before watching the solution.

Instructions

Support Create, Read, and Update for your digits application. You have already implemented Create and Read, so this WOD simply requires you to modify the existing code to support Update. Follow the approach described in the screencast of using an ID field to distinguish between new and pre-existing instances.

  1. Start your timer.
  2. Create a branch of your digits system called cloudauthentication-1.
  3. Do a “; clean ; compile ; run” and check localhost:9000 to make sure you are starting with a running system.
  4. Enable checkstyle.
  5. Add a small change to a file, then push this commit to GitHub with the message “Starting WOD”.
  6. Define two environment variables to hold the admin email and password.
  7. Update application.conf to set two configuration properties from the environment variables.
  8. Update UserInfoDB with a static method to define admin credentials, as well as a static predicate that indicates whether or not admin credentials have been defined.
  9. Update Global to read the configuration properties on startup, and update the model with the administrator credentials (if they exist).
  10. Update Login.scala.html to display an alert if the admin credentials are not available within the application.
  11. Test your system locally.
  12. Once the system works locally, deploy your digits application to CloudBees. Verify that your alert is displayed (since no admin credentials exist on CloudBees).
  13. Use the bees config:set command to define the two admin credentials.
  14. Restart the application (using bees app:restart). Verify that you can now login to the cloudbees app using your newly defined credentials.
  15. When you have verified that it’s working, push your enhanced code to your branch on GitHub with the message “Finished WOD”. The difference between the timestamps associated with the two commits represent your WOD time, and the code diffs represent your implementation.

When finished, stop your timer, and record how many minutes it took you to complete the WOD.

Rx: <26 min Av: 26-40 min Sd: 40-50 min DNF: 50+ min

Demonstration

Once you’ve finished doing the WOD a single time, watch me do it:

Standard WOD Caveats

You’ll learn significantly less from watching me solve the WOD if you haven’t attempted the WOD yourself first.

While it’s an achievement to finish the WOD no matter how long it takes, you might experience “diminishing returns” if you work longer than the DNF time. Thus, it might be strategic to stop working at the DNF time and watch my solution.

After watching my solution, I recommend that you repeat the WOD if you have not achieved at least Av performance. If so, be sure to:

Feel free to keep trying until you make Rx if that’s of interest to you.

How to repeat the WOD

To repeat the WOD, simply switch your local workspace branch to master, then create a new branch off of master called “Attempt-2″ (or whatever attempt you are on). Then, in the play console, type ; clean ; compile ; run to clean the target directory, then recompile the system, then run the web application.

When you’ve finished doing this WOD as many times as you need, you might want to merge your changes into the master branch so that they are easily available for future WODs.