SteemConnect4j - Security Improvement and Bug Fixes

in #utopian-io6 years ago

Repository

https://github.com/hapramp/steemconnect4j

1. Introduction

https://ipfs.busy.org/ipfs/QmXVGoj2vx4ojo98kLXxVeUioeJUjsEpCcBdUGWSyn3PHB

SteemConnect4j is a Java SDK for SteemConnect v2. To read more about it, check out the introduction blog - Introducing SteemConnect4j.

In this blog post, I will be discussing about the following improvements made in the project -

  • Improved Security using Refresh Tokens
  • Increased coverage
  • Other bug fixes

2. Improved Security using Refresh Tokens

Refresh Tokens are used to grant headless operations the access to carry out operations on behalf of the user. These tokens do not expire (in contrast; access tokens expire in 7 days) and can be used to generate new access tokens for the user.

It is required to have the offline scope in order to retrieve the refresh token.

2.1 Code Changes to Introduce Refresh Tokens

The route to get the access token is defined as a constant in the application -

carbon1.png

Now the getLoginUrl(boolean wantCode) is refactored to contain a boolean parameter.
This parameter decides whether the returing url after successfull login will contain
a UserCode or AccessToken.
So, developer now can decide the user security through this parameter.

carbon2.png

Getting an AccessToken is a three step process

Get Code -> Get RefreshToken -> Get AccessToken

Note:Code is returned when user logs in if getLoginUrl(true) is used for logging in.

Methods to get/set client secret were added to SteemConnectOptions class -

carbon3.png

Finally, methods to get refresh token and get access token from refresh token were added to complete the integration -

carbon4.png

3. Increased Coverage

We have been working on improving the coverage for the SDK and we're happy to inform that the coverage is now at a decent level.

3.1. Coverage Chart

coverage-chart.png

3.2. Sunburst

Here is the sunburst from Codecov -

Screenshot from 2018-07-03 15-22-39.png

You can see the detailed coverage report at https://codecov.io/gh/hapramp/steemconnect4j.

4. Other Bug Fixes

Several bugs were fixed for the SDK and it is now being tested in the HapRamp Android application. As we move forward with integrating more parts of the SDK into the application, we will be discovering and resolving more bugs that pop up.

Pull Requests

LinkDescription
hapramp/steemconnect4j#18Adding support for refresh tokens
hapramp/steemconnect4j#20Adding usage documentation for refresh tokens
hapramp/steemconnect4j#21 and hapramp/steemconnect4j#16Adding test cases

Github Account

https://github.com/bxute


Join the conversation on Discord - https://discord.gg/r9vwcHe.
Sort:  

Reviewing projects with a good test coverage always makes me happy. One side note:

Screen Shot 2018-07-05 at 12.48.35 PM.png

This kind of code comments are not really needed. I know code commenting has a place on review mechanics, we will work on that to make it better. See gregory's comment on this.

Thanks!


Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

I am famous hahaaah

Hey @bxute
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!