[GSoC 2015: Hawk Authentication] Week 14: Concluding Summer of Code

Submitted by Dragooon on Tue, 08/25/2015 - 17:07

This would be my last weekly update as far as Google Summer of Code 2015 is concerned. The long road is coming to an end as the season closes on Friday, 28th August 2015. This week I tackled a bug in core of Drupal which I discussed in my last week’s update.

Fixing WWW-Authenticate

[GSoC 2015: Hawk Authentication] Week 13: Final weeks

Submitted by Dragooon on Tue, 08/18/2015 - 18:21

GSoC is coming to a close, so these few weeks have been mostly about wrapping things up. This is good for me as well because college has taken a toll so I have less and less time to spend, but I believe I have enough to have the module at a good position before GSoC closes.

WWW-Authenticate

[GSoC 2015: Hawk Authentication] Week 12: Unit testing and finishing the modules

Submitted by Dragooon on Tue, 08/11/2015 - 18:03

GSoC is wrapping up in another two weeks, that means it’s time to start wrapping up the module and make it in a shippable state. For that, I have started working on unit tests as well as documentation.

Unit Tests

[GSoC 2015: Hawk Authentication] Week 10: Adding QR Codes to Hawk

Submitted by Dragooon on Tue, 07/28/2015 - 17:21

This was a quieter week in terms of Summer of Code, most of my focus went into implementing a submodule which allows displaying QR codes. Namely, I achieved two things this week:

  • Forced Database backend for Nonce validation
  • Implemented a submodule to show individual credential’s QR codes

Database backend for Nonce validation

[GSoC 2015: Hawk Authentication] Drupal Events and allowing third party modifications to Hawk Credentials

Submitted by Dragooon on Tue, 07/28/2015 - 17:19

Drupal in version 8 adapted Symfony Event dispatcher to have a better alternative to the hook system already in-place until version 7. The hook system is still there, but it is slowly being replaced by the Event dispatcher. The Event Dispatcher allows various components and modules to interact with each other without having to directly modify the code.

[GSoC 2015: Hawk Authentication] Week 9: Dropping Oz and moving on with Hawk

Submitted by Dragooon on Mon, 07/20/2015 - 20:06

Continuing from my last week’s update, this week was originally meant to be the one where I get started with implementing Oz protocol in PHP and then into my module. However, I ran into a severe limitation with the protocol itself that has forced me to reconsider my plan and drop Oz, instead shifting my focus back to my original Hawk module I had been working on during the past few weeks.

Limitation with Oz

[GSoC 2015: Hawk Authentication] Getting maintainer access on drupal.org

Submitted by Dragooon on Mon, 07/20/2015 - 19:27

Introduction to my module

My project for Drupal during Google Summer of Code 2015 is to create a Drupal 8 module for a protocol called Hawk. Hawk allows the users to identify themselves and provide an alternative to the standard cookie-based authentication that takes place by browsers. It is mainly meant to be used alongside the REST module, however there are no hard restrictions. Another developer or user can use it as they please. The module itself identifies the user amongst other things such as handling special Hawk end points and header values.

[GSoC 2015: Hawk Authentication] Week 8: Security considerations and Oz

Submitted by Dragooon on Tue, 07/14/2015 - 16:19

Continuing from my last week's progress, this week was more theoritical than practical. For this week I focussed on:

  • Nonce Validator, more specifically ensuring it works.
  • Learning about Oz and how it can applied.

Nonce Validator

[GSoC 2015: Hawk Authentication] Week 7: Documentation and Replay attacks

Submitted by Dragooon on Tue, 07/07/2015 - 18:22

Overall progress so far

At the moment I would consider 60% of my project to be done in GSoC, including the base hawk library and module. The module allows authentication using Hawk protocol and has been tested with Drupal's REST module which is expected to be one of the biggest use case. It's UI is also complete. Currently it's on drupal.org's Project Applications list as a candidate for being an official project on drupal.org, link to issue is here