jhenhapl
commented
3 years ago LGTM, just have to update the integration tests to account for the new tokens
Closed Xiangmingchen closed 3 years ago
jhenhapl
commented
3 years ago LGTM, just have to update the integration tests to account for the new tokens
ezhang887
commented
3 years ago Can you update the wiki also? https://github.com/illinois-cs241/broadway/wiki/Configs#course-config
Xiangmingchen
commented
3 years ago Oops merged too early
Edit: nvm
Context
As of now, to query information from broadway (such as grading job status) one must use the course token for authentication. However, the same course token is used for adding new grading jobs, adding new assignments, and modifying existing assignments. This means broadway on-demand server cannot risk sending this token to the client (browser) because that gives the student the opportunity to learn this token. Previously on-demand have been using the server as a middle man to relay requests and results. This was slowing down the performance of status requests. However, for SSE endpoint integration, the overhead of the rely becomes too high. Hence we decided to create a new kind of token for each course.
What's done
query_tokensarray to coursesauthenticate_coursefunction withauthenticate_course_adminandauthenticate_course_member_or_admin.authenticate_course_adminonly allows users with a token in thetokensarray of the courseauthenticate_course_member_or_adminallows users with bothtokensorquery_tokensauthenticate_courseto use either of the replacement functionsauthenticate_course_admin:authenticate_course_member_or_admin:Notes
Please note that if students do end up obtaining the query token, they will not be able to schedule more runs for themselves or modify current assignments. But, they will be able to query other students' grading run status/job queue position if they somehow obtain the job/run ids.