gsoc plus systers logos

This week — May 21 to May 27 — was the second week of the coding period of Google Summer of Code (GSoC) with Systers Open Source. If you want to know more about this you can read the introduction to my journey or my first weekly blog post.

At the beginning of this week I had a 1:1 meeting with one of my mentors, Murad, to clarify some doubts about my code before doing the first pull request with code of at least 4 feature issues and other small features. Since this project is being done from scratch, we need to have a base architecture for the next features to be based on.

The main action items for this week were 2 APIs:

  • One for a User to login into the system;
  • Another for the User to edit its profile.

Features implemented

After the 1:1 meeting, I had to fix some endpoints of the API and implement some other features. These were the main features I implemented until now:

  • For security measures, when the user registers (POST /register) to the application, instead of saving the password in plain text, the system saves its hash. I followed the example from this snippet from flask website to save the hash and to check it during the authentication and changing the password;
  • Authentication into the system can be done not only with username + password but with email + password as well. This is mainly done by using flask-JWT, which does all the hard work of generating an access token, and makes a lot easier to identify a specific user by its token;
  • The first User of the system is automatically an admin, with privileged actions;
  • An admin can assign another User to be an admin. This is done with this endpoint — POST /admin/new. This endpoint is restricted to authenticated admins;
  • A User can update its profile, mainly the fields that aren’t filled in the registration phase, such as bio, occupation, location, skills, etc… The endpoint responsible for this is PUT /user, while authenticated;
  • The User can check its own profile with GET /user, while authenticated;
  • The User can check others profile with GET /users/{id}, while authenticated;
  • Verified Users can be seen with GET /users/verified;
  • A User can change its password with PUT /user/change_password, while authenticated.

This Pull Request (PR) comes with all of these first features. This weekend, I also fixed some Codacy warnings. In case you’re unfamiliar with Codacy, this does automated code reviews regarding code style and other aspects of the code.


Aside from implementing these features, I attended the project weekly meeting, GSoC Happy hours and stayed involved with the community apart from GSoC related issues.

These last weeks I started learning a new framework, flask, by watching tutorials, reading blog posts, and checking open source sample projects. Comparing to the week before, now I feel much more comfortable with Flask-RESTPlus. This was part of my roadblocks during the coding phase. Although I’m still a beginner at using flask, I’m quicker to implement some feature, now that I have a base architecture and solved some issues while learning the new framework. It’s always challenging to learn a new thing, but it is also rewarding being able to leave the comfort zone and learn how to be a beginner at something again.

One issue I’m still facing is figuring out how to make tests for flask apps, that cover each module of the projects, i.e., resources responsible to serve the endpoints, DAO objects, abstraction with the database and so on. I’m hoping to start doing some mock tests in small steps until I start feeling more comfortable with it.

I have to say that a lot of my work is facilitated due to people open sourcing sample projects and blogging about their experiences. I find this extremely helpful. Here are some open sourced projects that I’ve been looking into with regards to flask-RESTPlus: postrational/rest_api_demo and frol/flask-restplus-server-example.