diff --git a/Gemfile.lock b/Gemfile.lock index fa910913..f55765cd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -286,6 +286,7 @@ GEM PLATFORMS arm64-darwin-22 arm64-darwin-23 + arm64-darwin-24 x64-mingw-ucrt x86_64-linux diff --git a/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md b/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md index 96f9d91c..4fe753c4 100644 --- a/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md +++ b/_docs/developer/rensselaer_center_for_open_source/2025_Jeffrey_Cordero.md @@ -3,4 +3,69 @@ title: Jeffrey Cordero category: Developer > Rensselaer Center for Open Source (RCOS) > Summer 2025 --- -coming soon \ No newline at end of file +During my time with Submitty, I was a key contributor to the open-source academic platform, working on full-stack development, infrastructure modernization, and system security. My core contributions included enhancements to Notifications, Rainbow Grades, WebSockets, CI/CD improvements, and various bug fixes. I also participated extensively in pull request reviews across the entire tech stack, which deepened my experience with collaborative development, engaging in design discussions, reviewing code at scale, and promoting practices that emphasize maintainability and reliability. The following sections highlight some of the most interesting features I had the opportunity to build this summer. + +### Notification System Enhancements + +To improve student communication, I implemented significant enhancements to Submitty’s notification system. These included automatic in-platform and email alerts when grades are released ([#10358](https://github.com/Submitty/Submitty/pull/10358)) and when new assignments become available ([#11897](https://github.com/Submitty/Submitty/pull/11897)). A reliable hourly cron job now ensures the timely delivery of these messages across all active courses. + +``` +[Submitty sample] Grade Released: Grading Homework PDF +Your grade is now available for Grades Released Homework in course +SAMPLE. + +Click here for more info: http://localhost:1511/courses/s25/sample/gradeable/grading_homework_pdf + +-- +NOTE: This is an automated email notification, which is unable to receive replies. +Please refer to the course syllabus for contact information for your teaching staff. +Update your email notification settings for this course here: http://localhost:1511/courses/s25/sample/notifications/settings +``` + +To support these improvements, I also built dedicated Cypress test suites for email delivery ([#11878](https://github.com/Submitty/Submitty/pull/11878)) and notification preferences ([#11913](https://github.com/Submitty/Submitty/pull/11913)). These tests lay the foundation for more robust future testing of the notification system. + +
+ Cypress Notification Testing +
+ +### Rainbow Grades Nightly Build + +Previously, the Rainbow Grades summary page could become outdated unless instructors manually triggered a rebuild. To streamline this process, I enhanced the nightly summary generation script to automatically trigger the build process before generating new summaries ([#11496](https://github.com/Submitty/Submitty/pull/11496)). As a result, students now have continuous access to up-to-date grade reports each day. + +```bash +$ python3 sbin/generate_grade_summaries.py f25 sample submitty_daemon +Successfully selected the manual customization for f25.sample +Successfully submitted the Rainbow Grades build process for f25.sample +Successfully completed the Rainbow Grades build process for f25.sample +Successfully generated grade summaries for f25.sample +``` + +
+ Rainbow Grades Nightly Build +
+ +### WebSocket Security & Testing + +I addressed a critical security flaw in the platform's WebSocket server by implementing a token-based authorization system ([#11634](https://github.com/Submitty/Submitty/pull/11634)). Previously, any user with a direct URL and valid login credentials could access any WebSocket page, posing a considerable risk for real-time student-instructor communications. + +To mitigate this, I designed a JSON Web Token (JWT)–based authorization layer. The web server now generates short-lived, multi-use tokens scoped to specific pages. These tokens ensure WebSocket connections are established only by authorized users with access managed through a sliding window mechanism that gracefully handles expired pages, reducing the average WebSocket authentication time by approximately 90%. + +```json +{ + "iat": 1753797357.504631, + "iss": "https://submitty.org/", + "sub": "instructor", + "authorized_pages": { + "f25-sample-defaults": 1753800957, + "f25-sample-chatrooms-1": 1753800957, + "f25-sample-polls-3-instructor": 1753800912 + }, + "expire_time": 1753800957 +} +``` + +Alongside these changes, I introduced the platform’s first end-to-end WebSocket test suite in the Discussion Forum ([#11873](https://github.com/Submitty/Submitty/pull/11873)), which was part of a broader testing strategy including new PHP unit tests for backend logic and Cypress end-to-end tests to verify secure, token-based WebSocket connections. + +
+ Cypress WebSocket Testing +
diff --git a/images/RCOS_report/2025_Jeffrey_Cordero/cypress-notifications-testing-example.png b/images/RCOS_report/2025_Jeffrey_Cordero/cypress-notifications-testing-example.png new file mode 100644 index 00000000..618b4adf Binary files /dev/null and b/images/RCOS_report/2025_Jeffrey_Cordero/cypress-notifications-testing-example.png differ diff --git a/images/RCOS_report/2025_Jeffrey_Cordero/cypress-websocket-testing-example.png b/images/RCOS_report/2025_Jeffrey_Cordero/cypress-websocket-testing-example.png new file mode 100644 index 00000000..34688138 Binary files /dev/null and b/images/RCOS_report/2025_Jeffrey_Cordero/cypress-websocket-testing-example.png differ diff --git a/images/RCOS_report/2025_Jeffrey_Cordero/rainbow-grades-nightly-build.png b/images/RCOS_report/2025_Jeffrey_Cordero/rainbow-grades-nightly-build.png new file mode 100644 index 00000000..b175df36 Binary files /dev/null and b/images/RCOS_report/2025_Jeffrey_Cordero/rainbow-grades-nightly-build.png differ