It's been requested that the application have the first line of the description in the application stores a disclaimer stating that it is not an application officially produced by UCSB. As similar disclaimer should be on the login page.
Store Text: This is not an official UCSB application. (GoGaucho is a mobile app developed by UCSB students ...
Login Page Text: Not an official UCSB app
Status
colour
Blue
title
completed
GoGauchoApp Account
Create an account on the Developer Portal for the GoGuacho app, and create applications for the app & cams.
gogauchoapp-cam (no need at this time, will revisit later)
Status
colour
Blue
title
completed
International Server/Service
Remove the international server/service from the architecture. It's purpose was to caching the Menu; which is now available as an API.
This service was only being used to cache the dining menu information.
But, it's location is an issue.
Resolution
Moving to Heroku
This is not quite ready yet ... gotta work out the caching
Status
colour
Blue
title
completed
(New Functionality Not Available Yet)
Use Google SSO Development/Proof of Concept
Get the development work done to sign in with Google's OAuth; and the ability to call Campus API's using the OAuth token.
Add JWT onto requests to the Heroku service.
Yaun Yao will be working on this.
Status
colour
Blue
title
completed
Switch Apps to use OAuth
When ready, switch the GoGaucho mobile app to use Google OAuth to login.
Development work
Status
colour
Blue
title
completed
Replace Screen Scraping Development
Replace the screen scraping with Campus API web services in a Development branch.
The goal it to replace the screen scraping with a web api call to the GoGaucho Heroku service. The Heroku service will then call the API Gateway.
Not the updates for the screens on the apps
Menus
In Progress (because Auto-Approved)
Student Schedules
DONE - Need to fill out API Access Request form on developer.ucsb.edu
Android
Status
colour
Blue
title
complete
iOS
Status
colour
Blue
title
COMPLETE
Android
iOS
Update the iOS App Store and Google Play Store
After the update of the student-schedules API, update the apps in the app store and google play store
Android (Jimmy)
The function of GOLD login has completely transferred to Google OAuth. It is available in Google Play Store 20 days ago. More than 70% of active users have updated to the newest version.
iOS (Henry)
From Henry: here’s only small things left to finish OAuth for getting student’s schedule. I can finish it before this fall quarter.
The app has had the Schedule information removed until the OAuth implementation can be put in place. This is a great compromise to keep things secure.
Updated and released (released: )
Android
Status
colour
Blue
title
complete
iOS
Status
colour
Blue
title
complete
Android
iOS
Use Authentication on Heroku Service
Add authentication onto the requests between the mobile apps and the Heroku service to ensure only known clients are using the service.
GoGuacho team will figure it out and bring their solution back
Very closely connected to one above "Store Keys/Secrets on Mobile App Securely"
Resolution
Will send a magic string between the mobile apps and Heroku
Henry found a way to encrypt the communication between Heroku and the app
Android
Status
colour
Blue
title
complete
iOS
Status
colour
GreenBlue
title
in progress
(done - awaiting approval from Apple)
complete
Android
iOS
Store Keys/Secrets on Mobile App Securely
Use encryption at rest to store keys/secrets in the mobile application.
Encrypted Data
File should not be in source control
Should be packaged into the distributable
GoGuacho team will figure it out and bring their solution back
Android (Jimmy)
On Mobile Device - Not Yet
On Heroku - Implementing
iOS (Henry)
Researching iOS Keychain
Android
Status
colour
Blue
title
complete
iOS
Status
colour
GreenBlue
title
in progress
(done - awaiting approval from Apple)
complete
Android
iOS
Move Keys/Secrets to the Heroku Service
Where possible, move keys/secrets to the Heroku service so that they aren't stored within the mobile application.
UCSB API Key has to be in Heroku and not the mobile apps
This is really a part of "Store Keys/Secrets on the Heroku Service Securely (nodejs)"
Status
colour
Blue
title
completed
Store Keys/Secrets on the Heroku Service Securely (nodejs)
Use encryption at rest (or a reasonable alternative) to store the keys/secrets securely.
Encrypted Data
File should not be in source control
Should be packaged into the distributable
Reasonable alternative is using Heroku built in key stores to save passwords and inject them at runtime.
Status
colour
Blue
title
completed
Access Card API - Remove Username/Password
Disable the access card functionality because of the need to enter a username/password.
Android (Jimmy)
Disable the functionality
iOS (Henry)
Disable the functionality
Android
Status
colour
Blue
title
completed
iOS
Status
colour
Blue
title
completed
Android -
iOS -
Events API
When ready, add events API into GoGaucho app
Need to be able to filter Student events from API endpoint