This week was not very productive, I have try to understand and figure out how to code this application and try to make the application stateless.

The application require user to verify their email address before proceeding to the period selection page. Looking at this, the first question that i asked  is how to verify the email address of the user? Thanks to Dr. Shawn I have found the hash Function in the Wt library and was able to hash the given message form user to a verification code. This code is then send to the email address user have entered. User will then have to sign in to their respective email account to get the verification code and enter the verification code in the verification page.

With the verification code generated, here comes my second question, How am I going to verify the verification code?? In the hash fuction class, there is a verifiy() function. This verify() function require the message that user enter previously in the create page and the salt that are added to the hash to recompute the valid hash function and compare it to the verification code provided by the user. How to transfer the information like email address from one page to another? The first suggestion that pop up in my mind is to send the information to a WResource for storage. But this cause the application to be stateful and was not implemented.

Then I tried using the Wt::Signal class suggested by Islam. Wt::Signal class have different function that emit signal with variables. The signal can carry as much as 6 variables to the respective class. When the variables are ready to be transfered the the target void, the signal will be emitted with the variables. This signal is then connected to the target void allowing the target void to use the variables in the signal. This method will result in the verification code be only valid within that session and will be invalid once the user have exited the application. This is because once the application restart, there will be no data of the previous application data. Not just that, I have discover that when a signal is connected to a targeted void, the void will only be called by the signal and cannot be called by other void or application. This limits the feature of the verification page and the period page. The period page cannot be used for renew purposed due to the connection with the signal. But the Wt::Signal class is applicable in the administrator search page to transfer the list of certificate obtained in the Http response body to the suggestion pop pup in the search bar. This allow the administrator to search for active certificate on the search bar and revoke the selected certificate. I would say that Signal are very useful to transfer variables from void to void but not from application to application.

After exploring Wt::Signal I decided to consult Dr. Shawn again for the variable transfer between application. Then I finally learn that I can encode these information to the URL. Encoding URL is very easy with the help of Wt::Utils::urlEncode(). After the information is encoded to the URL, the URL is then decoded with the help of WEnvironment::pathInfo(). the information is then retrieved and used to verify the validity of the code provided by the user. If the verification process return valid, user is redirected to the period page for period selection. If the verification return invalid, user is required to re-enter the verification code until a valid code is entered. When user is redirected to the period page, a valid signal is encoded in the URL to notify the period page that the email is verified. I am still thinking about a better way for the verification  in the period page to improve the security of the web application.

For the next week, I will be focusing on the OAuth to be implemented in this application.


Categories: Experiential

Leave a Reply