GoGaucho Improvements

Project Title
Target Release
Epic
Document Status
IN USE
Document Owner

Document Sign-Off
Subject Matter Expert(s)
Technical Expert(s)

Background

What parts of the GoGaucho app need to be improved/revised before campus data can reasonably be delivered securely and within the intended usage of the Campus.

Goals

  • Develop a list of improvements that are required for the GoGaucho application(s)
  • Develop a timeline for the improvements

Assumptions

Out of Scope

Requirements

TitleDescriptionNotesStatusExpected Delivery
Not an official UCSB AppIt's been requested that the application have the first line of the description in the application stores a disclaimer stating that it is not an application officially produced by UCSB. As similar disclaimer should be on the login page.
  • Store Text:
    This is not an official UCSB application. (GoGaucho is a mobile app developed by UCSB students ...
  • Login Page Text:
    Not an official UCSB app
COMPLETED 
GoGauchoApp AccountCreate an account on the Developer Portal for the GoGuacho app, and create applications for the app & cams.COMPLETED 
International Server/ServiceRemove the international server/service from the architecture. It's purpose was to caching the Menu; which is now available as an API.
  • This service was only being used to cache the dining menu information.
  • But, it's location is an issue.

Resolution

  • Moving to Heroku
    • This is not quite ready yet ... gotta work out the caching

COMPLETED

(New Functionality Not Available Yet)

 
Use Google SSO Development/Proof of ConceptGet the development work done to sign in with Google's OAuth; and the ability to call Campus API's using the OAuth token.
  • Add JWT onto requests to the Heroku service.
  • Yaun Yao will be working on this.
COMPLETED 
Switch Apps to use OAuthWhen ready, switch the GoGaucho mobile app to use Google OAuth to login.
  • Development work
COMPLETED 
Replace Screen Scraping DevelopmentReplace the screen scraping with Campus API web services in a Development branch.
  • The goal it to replace the screen scraping with a web api call to the GoGaucho Heroku service. The Heroku service will then call the API Gateway.
  • Not the updates for the screens on the apps


  • Menus
    • In Progress (because Auto-Approved)
  • Student Schedules
    • DONE - Need to fill out API Access Request form on developer.ucsb.edu 

Android
COMPLETE

iOS
COMPLETE

Android
 

iOS
 

Update the iOS App Store and Google Play StoreAfter the update of the student-schedules API, update the apps in the app store and google play store
  • Android (Jimmy)
    •  The function of GOLD login has completely transferred to Google OAuth. It is available in Google Play Store 20 days ago. More than 70% of active users have updated to the newest version. 
  • iOS (Henry)
    •   From Henry: here’s only small things left to finish OAuth for getting student’s schedule. I can finish it before this fall quarter.
    •  The app has had the Schedule information removed until the OAuth implementation can be put in place. This is a great compromise to keep things secure.
    •  Updated and released (released:  )
Android
COMPLETE

iOS
COMPLETE

Android

iOS
 

Use Authentication on Heroku ServiceAdd authentication onto the requests between the mobile apps and the Heroku service to ensure only known clients are using the service.
  • GoGuacho team will figure it out and bring their solution back
  • Very closely connected to one above "Store Keys/Secrets on Mobile App Securely"

Resolution

  • Will send a magic string between the mobile apps and Heroku
  • Henry found a way to encrypt the communication between Heroku and the app


AndroidCOMPLETE

iOS
COMPLETE

Android
 


iOS 
 

Store Keys/Secrets on Mobile App SecurelyUse encryption at rest to store keys/secrets in the mobile application.
  • Encrypted Data
  • File should not be in source control
  • Should be packaged into the distributable
  • GoGuacho team will figure it out and bring their solution back

Android (Jimmy)

  • On Mobile Device - Not Yet
  • On Heroku - Implementing

iOS (Henry)

  • Researching iOS Keychain



Android
COMPLETE

iOS
COMPLETE

Android




iOS
  

Move Keys/Secrets to the Heroku Service Where possible, move keys/secrets to the Heroku service so that they aren't stored within the mobile application.
  • UCSB API Key has to be in Heroku and not the mobile apps
  • This is really a part of "Store Keys/Secrets on the Heroku Service Securely (nodejs)"
COMPLETED 
Store Keys/Secrets on the Heroku Service Securely (nodejs)Use encryption at rest (or a reasonable alternative) to store the keys/secrets securely.
  • Encrypted Data
  • File should not be in source control
  • Should be packaged into the distributable
  • Reasonable alternative is using Heroku built in key stores to save passwords and inject them at runtime.
COMPLETED 
Access Card API - Remove Username/PasswordDisable the access card functionality because of the need to enter a username/password.
  • Android (Jimmy)
    • Disable the functionality

  • iOS (Henry)
    • Disable the functionality

Android
COMPLETED

iOS
COMPLETED

Android - 
 

iOS -  

Events APIWhen ready, add events API into GoGaucho app
  • Need to be able to filter Student events from API endpoint
PIPELINE






Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcomeDecision Date