CSC/ECE 517 Fall 2021 - E2149. Finish Github metrics integration - Reputations: Difference between revisions

Abstract

Expertiza provides teammate reviews to measure how much each team member contributed. It also augments this data with Github data of each group’s submitted repo link to help differentiate the performance of team members for grading purposes and predict which projects are likely to be merged. Instructors would like to compile this Github repository statistics on a per-project, per-team basis, and integrate the display of these data within Expertiza. The project team will troubleshoot existing code and add new features.

Problem Statement

The functionality of the showing GitHub metrics cannot be turned off, meaning that an instructor who uses Expertiza for writing assignments in an English course would get a Github metrics report. There needs to be a way to turn the report off for a particular assignment. We will some RSpec test code to test the function.

Team Action Items

Adding turn on and turn off option

The functionality of the current project cannot be turned off. We will provide an option for instructors not to query Github metrics data before they post the assignment, which is the way we turn the GitHub report off for a particular assignment.

Database Modification

In order to determine whether the GitHub report of the assignment is turned on or turned off, we need to create a new table named "github_metric_uses" to save the id of the assignment whose GitHub metric is turned on. We also have an alternative solution to add a boolean field in the assignment table, but due to security concerns, we give it up. We think we should not change the data of the assignment.

Table: github_metric_uses

Frontend Modification

If a user chooses not to include the GitHub metric in the assignment (the functionality is turned off), the icon named "Login to Query of Github data" should not be displayed on the frontend page.

1. We edited expertiza\app\views\assignments\edit\_general.html.erb and added a checkbox. The codes are as follow. If the id of the assignment exists, there will be a checkbox for the user to use github metrics. The GithubMetricUsesController.exist use the class method in the controller.

     <input type="checkbox" name = "github_use" id="github_use" <%= "checked" 
            if GithubMetricUsesController.exist(@assignment_form.assignment.id) %>></input>
     <%= label_tag('github_use', 'Use github metrics?') %>

2. The expertiza\app\views\assignments\list_submissions.html.erb is edited too. If the id of the assignment exists and github_access_token is null (it means that the user hasn't logged in), then the page will show 'Login to Query Github data' button. If github_access_token is not null, it would show 'Refresh Github data' button because the user has logged in. <%if GithubMetricUsesController.exist(@assignment.id) %> <% if session["github_access_token"].nil? %> <% topic_identifier, topic_name, users_for_curr_team, participants = get_data_for_list_submissions(@teams.first) %> <%= link_to 'Login to Query Github data', { controller: 'metrics', action: 'show', id: participants.first.id } %> <% else %> <%= link_to 'Refresh Github data', { controller: 'metrics', action: 'query_assignment_statistics', id: @assignment.id}, :onclick => "showLoadIcon()"%> <img id="load_icon" src="<%= image_url('ajax-loader.gif') %>" style="display:none"> <% end %> <% end %> 3. Post the assignment id if the user selects the 'check' button and delete the data if the user cancels it by url. The function uses the instance method in controller. jQuery(document).ready(function () { // This function determines whether the 'Topics' tab must be displayed when the page is re-loaded var checkbox = jQuery('#assignment_has_topics'); if (checkbox.is(':checked')) { // If this checkbox is checked, show the 'Topics' tab jQuery("#topics_tab_header").show(); } else { // Otherwise, hide topics tab jQuery("#topics_tab_header").hide(); } $('#github_use').change(function () { if (jQuery('#github_use').is(':checked')) { jQuery.ajax({ url: '/github_metric_uses/' + <%= @assignment.id %>, method: 'POST', xhrFields: { withCredentials: true }, dataType: 'json' }) } else{ jQuery.ajax({ url: '/github_metric_uses/' + <%= @assignment.id %>, method: 'DELETE', xhrFields: { withCredentials: true }, dataType: 'json' }) } }) });

Controller Modification

We added a function in expertiza\app\controllers\github_metric_uses_controller.rb as follwowing.

Class Methods

1. Check if assignment_id exists in the table github_metric_uses. If so, return TRUE.

#check if assignment_id exists in the table github_metric_uses
 def self.exist(assignment_id)
    github_use = GithubMetricUses.find_by(assignment_id: assignment_id)
    !github_use.nil?
 end

2. If assignment_id does not exist in the table github_metric_uses, save it.

 #if assignment_id does not exist in the table github_metric_uses, save it
 def self.save(assignment_id)
    unless exist(assignment_id)
      github_use = GithubMetricUses.new(assignment_id)
      github_use.assignment_id = assignment_id
      github_use.save
    end
 end

3. If assignment_id exists in the table github_metric_uses, delete it

 #if assignment_id exists in the table github_metric_uses, delete it
 def self.delete(assignment_id)
    if exist(assignment_id)
      github_use = GithubMetricUses.find_by(assignment_id: assignment_id)
      github_use.destroy
    end
 end

Instance Methods

URL in frontend uses such functions.

1. Return TRUE if the assignment id exists.

 #check if assignment_id exists in the table github_metric_uses
 def exist
    assignment_id = params[:assignment_id]
    GithubMetricUsesController.exist(assignment_id)
 end

2. Save assignment id if it doesn't exist. This function is for the frontend page to select the checkbox.

 #if assignment_id does not exist in the table github_metric_uses, save it
 def save
    assignment_id = params[:assignment_id]
    GithubMetricUsesController.save(assignment_id)
    respond_to do |format|
      format.json { render json: assignment_id }
    end
 end

3. Delete assignment id if it exists. This function is for the frontend page to cancel the checkbox.

 #if assignment_id exists in the table github_metric_uses, delete it
 def delete
    assignment_id = params[:assignment_id]
    GithubMetricUsesController.delete(assignment_id)
    respond_to do |format|
      format.json { render json: assignment_id }
    end
 end

Testing

The details are in the Test Plan [1].

Functionality Walk Through

Assignments could be edited on the assignment viewing page. Also, the submissions would be showed and there would be differences when "Github metrics" is chosen or is not chosen.

Assignment edit page view

An instructor can customize an assignment in this view. We will provide an option for instructors to decide whether they need Github metrics in the assignment or not.

Before we modified this part, this page is as follows:

After modifying it, this page is:

List Submissions View: with Github metrics option

This is how a user will view List Submissions when they choose Github metrics in the previous assignment edit page and is not authenticated to Github yet. The Login link redirects to an omniauth login page, which redirects back to this page.

List Submissions View: without Github metrics option

This is how a user will view List Submissions when they did not choose Github metrics in the previous assignment edit page. The Login link for querying Github data would not be provided to the instructors if they don't choose the "use GitHub metric" option.

Final Design UML

This UML shows the new classes and models we created and implemented in our final project. Besides these, we also modified some of the existing classes and methods, we will give more detailed information later.

OmniAuth Github API update

The Github API requires users to be authenticated to query the API. Since GitHub no longer supports authentication through query parameters, we move the authentication to the header. From September 8, 2021, using access_token as a query parameter to access the API (as a user or as a GitHub App) and communication between the Expertiza server and Github, and using client_id/client_secret to make OAuth app unauthenticated are disabled.

The callback URL (the URL of the Expertiza server) is set within Github.com, where the OAuth app is configured (and Client Keys/Secrets are generated). The code from the previous project uses Client Key/Secret pairs that are tied to a Github OAuth app that is configured to callback to http://localhost:3000/auth/github/callback. Naturally, when Expertiza is running in a production environment, or a deployment on a remote server where the client is not on the localhost, this callback will fail to redirect.

Therefore, we create a new OAuth app using a Github.com account that configures a callback URL to http://server_ip_or_url:port/auth/github2021/callback/. The production callback URL is: https://expertiza.ncsu.edu/auth/github2021/callback. The reason "github2021" is used for this project is due to Github's 2021 updates to their security infrastructure -- our code handles "github" and "github2021" callbacks differently to match these security updates.

GitHub's OAuth implementation

 #Use Oauth protocols to attempt to authorize user for either google or github
 def oauth_login
   case params[:provider]
   when "github"
     github_login
   when "google_oauth2"
     google_login
   when "github2021" # due to  github https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/
     custom_github_login
   else
     ExpertizaLogger.error LoggerMessage.new(controller_name, user.name, "Invalid OAuth Provider", "")
   end
 end

After requesting the user's GitHub identity, the user will be redirected back to Expertiza by GitHub. If the user accepts the request, GitHub redirects back to expertiza with a temporary code in a code parameter and the state provided in the previous step in a state parameter. The client_id and client_secret are required as they received from GitHub for Expertiza. The code is also required as it would be a response to the request. Then the access token allows Expertiza to make requests to the API on a behalf of a user.

 #Login functionality for Github to get access_token
 def custom_github_login
   session_code = request.env['rack.request.query_hash']['code']
   result = RestClient.post('https://github.com/login/oauth/access_token',
                              {:client_id => GITHUB_CONFIG['client_key'],
                               :client_secret => GITHUB_CONFIG['client_secret'],
                               :code => session_code},
                               :accept => :json)
   access_token = JSON.parse(result)['access_token']
   session["github_access_token"] = access_token
   redirect_to controller: 'assignments', action: 'list_submissions', id: session["assignment_id"]
 end

Move the authentication to the header

 def query_commit_statistics(data)
   uri = URI.parse("https://api.github.com/graphql")
   http = Net::HTTP.new(uri.host, uri.port) # host: api.github.com, port: 443
   http.use_ssl = true
   http.verify_mode = OpenSSL::SSL::VERIFY_PEER
   # request = Net::HTTP::Post.new(uri.path, 'Authorization' => 'Bearer' + ' ' + session["github_access_token"]) # set up authorization
   request = Net::HTTP::Post.new(uri.path) # set up authorization
   # send the token in the header
   request['Authorization'] = 'Bearer' + ' ' + session["github_access_token"]
   request.body = data.to_json # convert query message to json and pass as request body
   response = http.request(request) # make the actual request
   ActiveSupport::JSON.decode(response.body.to_s) # convert the response body to string, decoded then return
 end

Test Plan

UI Testing

Our UI tests aim to capture the following core pieces of functionality:

Turn on and turn off functionality button:

In order to test the functionality manually, we follow the following steps:

1. Log in to Expertiza as an instructor

2. Navigate to assignments through Manage

3. Show a turn on/turn down option for Github metric on the page

4. Process the page without choosing Github metrics report for a particular assignment

5. The page should not display "Login to Query of Github data" options.

Rspec

Detailed of Using Github Testing first, go to the assignment edit page and check the checkbox of use github metric, then go to the list submission page check the page if has the content about ithub data.

   it "check the box of the use github metrics? and the list_submissions page will have the content 'Github data'  " do
        visit "/assignments/#{@assignment.id}/edit"
   	check('Use github metrics?', allow_label_click: true)
        visit "/assignments/list_submissions?id=#{@assignment.id}"
        expect(page).to have_content("Github data")
   end

   it "uncheck the checkbox of the use github metrics? and the list_submissions page will not have the content 'Github data' " do
        visit "/assignments/#{@assignment.id}/edit"
        check('Use github metrics?', allow_label_click: false)
        page.uncheck('Use github metrics?')
        visit "/assignments/list_submissions?id=#{@assignment.id}"
        expect(page).to have_no_content("Github data")
   end

Resources

Key Links

Pull Request Of E2149

demo video Of E2149

test video Of E2149

Github API Documentation

Deprecating API authentication through query parameters

Previous Project References

Original E1858 Documentation

E1983 Revision Documentation

E2111 Project Refactoring