Production Checklist

[ozerugae]

The following final steps should be performed. Preferably in order. Things in italics are optional

• [x] Update Spring Boot to 1.5.8 (see comments below)
• [x] Dependency injection via constructor as opposed to member
• [ ] Caching
  • [ ] Driver
  • [ ] User
  • [ ] Roles
• [ ] Trim unused CSS/JS
• [x] Update Javadocs comments
• [x] Update Swagger documentation annotations
• [x] Remove start-up code in the command line runner bean thingy
• [ ] Move logic to service layer
• [x] Encrypt database at rest
• [ ] Create test script
  • [x] List of all features and the api actions necessary
  • [x] Test via each role
  • [ ] Check for information leaks
  • [ ] Possibly automate testing (system/integration)
  • [ ] Record results
• [ ] Maintenance documentation
  • [ ] API
  • [ ] Compiling from source
  • [ ] Application settings
    • [ ] Geocoding API key
  • [ ] Setting up the database
    • [ ] Structure
    • [ ] Seeding database
    • [ ] Admin user
    • [ ] Initial configuration (key = 1)
  • [ ] Log output to file
  • [ ] Starting the API
  • [ ] Set up as service
  • [ ] Backup instructions (mysqldump during off-hours?)
  • [ ] Client (AngularJS)
  • [ ] Application settings
    • [ ] Map API key
    • [ ] Disable debug logging
  • [ ] Packaging for release
    • [ ] Possibly separate "builds" for riders, drivers, coordinators/admins
• [ ] User documentation - let Reuben know that they can create or update the docs themselves :)

[ozerugae]

@nitronarcosis @shan916 Please add onto this checklist anything that you think is missing or needs more details.

[shan916]

Ran the OWASP dependency check. We should upgrade to Spring Boot 1.5.8 which updates Tomcat to 8.5.23.

http://jenkins.codeteam6.io/job/asi-saferides/ws/dependency-check-vulnerability.html https://nvd.nist.gov/vuln/detail/CVE-2017-12617 https://github.com/spring-projects/spring-boot/milestone/91?closed=1

[ozerugae]

Oh wow! What's up with the mysql connector lol?

[ozerugae]

Things to test for now. Missing conditions should be added as we go:

• [x] Test unauthenticated user (invalid token, no token, expired token)

• [x] Test roles access (rider, driver, coordinator, admin)

• [ ] Riders:

  • [ ] Submit a ride request
  • [ ] Coordinator should see the ride request in queue
  • [ ] Rider should see a status message that ride request was received
  • [ ] Cancel a request
  • [ ] Coordinator should see that the ride request was canceled
  • [ ] Coordinator should not be able to assign a driver
  • [ ] View request process
  • [ ] Every change by driver or coordinator should be reflected here
    • [ ] Driver name change
    • [ ] Vehicle info change
    • [ ] Request status change

• [ ] Drivers:

  • [ ] Enter start odometer
  • [ ] Request status should change
  • [ ] Notify rider (arrived)
  • [ ] Request status should change
  • [ ] Mark as picked up
  • [ ] Request status should change
  • [ ] Mark as dropped off (enter end odometer)
  • [ ] Request status should change
  • [ ] Driver should now be available

• [ ] Coordinator:

  • [ ] Add a driver
  • [ ] User should now have driver rights
  • [ ] Vehicle info and name should appear on ride requests
  • [ ] Create a ride request
  • [ ] Created ride request should be added to the queue
  • [ ] Assign ride request to driver
  • [ ] Driver should no longer be available
  • [ ] Driver should see the ride request and be able to enter a start odometer
  • [ ] Cancel ride request
  • [ ] Driver should no longer be able to view the rider
  • [ ] Driver should be able available
  • [ ] Edit ride request
  • [ ] Ride request should be editible in the canceled state
  • [ ] Activate ride request
  • [ ] A canceled ride request should be able to be readded to the queue
  • [ ] Re-assign to driver
  • [ ] Requestor view should be updated
  • [ ] Driver view should be updated
  • [ ] Update applciation settings
  • [ ] System message should be updated
  • [ ] System active (ride acceptance) should be updated
  • [ ] Past rides filter should be updated.
  • [ ] Deactivate/Delete a driver
  • [ ] Driver should be logged out (token expired)
  • [ ] User should no longer have driver rights
  • [ ] Activate a driver
  • [ ] User should be logged out (token expired)
  • [ ] Driver should now have driver rights
  • [ ] Reports
  • [ ] Aggregation can only be ran after the following conditions
    • [ ] no active drivers
    • [ ] no requests in queue
    • [ ] night completed

• [ ] Admin:

  • [ ] Add a coordinator
  • [ ] User cannot be an active admin or driver
  • [ ] User should now be logged out (token expired)
  • [ ] User should now have coordinator rights
  • [ ] Update a coordinator
  • [ ] Coordinator updated
  • [ ] Deactivate/remove coordinator
  • [ ] Coordinator should now be logged out (token expired)
  • [ ] User should no longer have coordinator rights

Planning to test with postman and its collection and test features. I believe the tests and collections are shareable (exportable) from postman which will be great for reproducibility.

[ozerugae]

ROUTE	METHOD	ROLE
/cas/validate	POST	UNAUTHENTICATED
/config/isLive	GET	UNAUTHENTICATED
/config/current	GET	COORDINATOR
/config/update	PUT	COORDINATOR
/config/message	GET	UNAUTHENTICATED
/drivers	POST	COORDINATOR
/drivers	GET	COORDINATOR
/drivers/{id}	PUT	COORDINATOR
/drivers/{id}	GET	COORDINATOR
/drivers/{id}	DELETE	COORDINATOR
/drivers/me	GET	DRIVER
/drivers/location	POST	DRIVER
/drivers/{id}/endofnight	GET	COORDINATOR
/reports	GET	COORDINATOR
/reports	POST	COORDINATOR
/rides	POST	RIDER
/rides	GET	COORDINATOR
/rides/{id}	PUT	RIDER
/rides/{id}	GET	COORDINATOR
/rides/mine	GET	RIDER
/users	GET	COORDINATOR
/users/{id}	PUT	ADMIN
/users/{id}	GET	ADMIN
/users/me	GET	RIDER

[ozerugae]

JWTs:

First Header	Second Header
ADMIN: Valid	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE1MTA1MzE3OTc3NzcsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn0seyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dfQ.TPzU_cTxP7jkySPBjh-d9G632AW3nLBCiZ1XI2X1Hrf-Yf7uYR1biezqW7qUJ5tXk2MopueQlG7mpw41b1-Ixg
ADMIN: Expired	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImNyZWF0ZWQiOjE1MTA1MzE5OTQxOTIsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn0seyJhdXRob3JpdHkiOiJST0xFX0FETUlOIn1dfQ.6v-d0MyUOBuWssVfwiRnTYnf1ZKTdnQz-q0Gp8ufFyfUBSJGlcKKHUkeahFt9U-mZrrHjzYP285ivATDfBI7rQ
COORDINATOR: Valid	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb29yZGluYXRvciIsImNyZWF0ZWQiOjE1MTA1MzE3OTc4MTYsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn1dfQ.cdXzUILANSU9UCSTQRNOF1qjklxMyhC_g7Z0Ab2FvLnApbTQqu2q5sJ6wT4ljorKBLNXyVDwipkpfwAgwe1CeQ
COORDINATOR: Expired	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb29yZGluYXRvciIsImNyZWF0ZWQiOjE1MTA1MzE5OTQyMzEsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifSx7ImF1dGhvcml0eSI6IlJPTEVfRFJJVkVSIn0seyJhdXRob3JpdHkiOiJST0xFX0NPT1JESU5BVE9SIn1dfQ.F8AscEEuWoi1M3X0SXJgtkBYQZu01JavJHGOaD_KPvrdZ1hKKFLsPsnMypyDyy4R5CL9a0DxTWgJxjMam3RtKw
DRIVER: Valid	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJkcml2ZXIiLCJjcmVhdGVkIjoxNTEwNTMxNzk3ODE3LCJleHAiOjE1NTM3MzE3OTcsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX1JJREVSIn0seyJhdXRob3JpdHkiOiJST0xFX0RSSVZFUiJ9XX0.7JQ5iHTMCsQsgktW_Nv8OtJkclwCt1nRsVa2vq6_mpzM0Fs5BnJyx3fJ4XBT7FQhvG4kJVoFs8Yk2p2VUKuOSw
DRIVER: Expired	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJkcml2ZXIiLCJjcmVhdGVkIjoxNTEwNTMxOTk0MjMxLCJleHAiOjE1MTA1MzE5OTUsImF1dGhvcml0aWVzIjpbeyJhdXRob3JpdHkiOiJST0xFX1JJREVSIn0seyJhdXRob3JpdHkiOiJST0xFX0RSSVZFUiJ9XX0.ShIRsUoKevxmf32vZrc_nsVm_WHXTmFb_XTvKKLxELM2hxN1dG8kejUDrGaCo-BLdgXfjwjzZDr-FFqXZXjNnQ
RIDER: Valid	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJrd2ludGVycyIsImNyZWF0ZWQiOjE1MTA1MzE3OTc4MTcsImV4cCI6MTU1MzczMTc5NywiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifV19.sXRiAKzG9sln7SXr3VUgb2CvNK7jUj6DyW8-Sx5IInCWWdwylwAHM7qBtFhYQvJuTvGj-2pqJi4eKcRVElJYjw
RIDER: Expired	eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJrd2ludGVycyIsImNyZWF0ZWQiOjE1MTA1MzE5OTQyMzEsImV4cCI6MTUxMDUzMTk5NSwiYXV0aG9yaXRpZXMiOlt7ImF1dGhvcml0eSI6IlJPTEVfUklERVIifV19.UYh0TlmFtapYCLHJZpUxgcrvXjTz30KkspsoZjRNtgz4Mgy7p_xQ_Eidl_Qa91O_JEP8xEfg5tGX0hQagwH9fQ

[ozerugae]

Unauthenticated Tests: Unauthenticated Tests.zip

Authenticated Tests: Authenticated Tests.zip

/rides/mine is iffy

[ozerugae]

Beginnings of the maintenance document: https://github.com/shan916/safe-rides/wiki/Production-Install