PROJECT: FreeTime


Overview

FreeTime™ is a security-enabled desktop application that is used for finding mutually available slots between its users. This available slot will be displayed for the user to choose from, which will be reflected in his timetable using our FreeTime’s Graphical User Interface (GUI).

This project portfolio would be introducing you to my team that has developed this product in the span of a semester. In addition to giving you a brief general overview of this application feature, I would be going in depth into the details on how my own features are implemented. This is to give you a deeper understanding of what contributions that I have done within this project, and hopefully you would perhaps too be interested in this project of mines.

So sit tight, and let me tell you more about FreeTime, and how it will make scheduling meetings easier.

FreeTime™ Introduction

In addition to essential security features such as login and registering, we have a clean, minimalistic landing page that is user-friendly.

Users can import preexisting timetables that are taken from Google Calender or any other calender application that saves their data into the commonly used .ics format. This handy feature allows quick integration for users coming from other timetable applications that lack FreeTime's feature.

On top of having friends to look at their timetable, users are also grouped with groups according to what they have inputted. This is to easily select friends that are in the same group as you, which then sets the stage to find the mutually free slot among this particular group of friends.

You can be part of multiple groups, or none at all

Using the command freetime, you would be presented with a timetable that shows you what are your common free slots are. Thus you are freed from the pains of finding a common free slot in huge groups.

Summary of contributions

In this section, I would be briefly telling you about my contributions to this project, and any interesting points that you could find useful.

  • Major enhancement: Added the ability to authenticate users within FreeTime

    • What it does: Allows the users to have unique access and control to his own timetable

    • Justification: To be able to prevent others from editing your own timetable, and to facilitate different privacy levels. Privacy levels are given to users to have control over what they feel comfortable sharing between strangers and friends.

    • Highlights: Implementing the above is not trivial as I had to rewrite how the commands are parsed and executed, which are then handled in SecurityManager. This is done on top of having to deal with new commands such as login, and restructuring old command into register. I had to understand and improve on all modules to make them to work together in this new sytem.

  • Minor enhancement: Used a hashing feature together with a salt to store user’s password in json format. This is to improve security by not storing users' password in plaintext, but encrypted securely.

  • Code contributed

  • Pull Requests Made

  • Project Overheads

    • Project management:

    • Enhancements to existing features:

      • Updated Storage Module to include AppUsersJson #63

      • Changed AddressBookParser to accommodate Security Implementation #153

    • Documentation:

      • Updated Screenshots in User Guide #192

    • Community:

      • PRs reviewed (with non-trivial review comments): #64, #173,

      • Fixed bugs in program #75, #185, #186

My User Guide Contributions

A User guide is given to the targeted audience of the application, and usually is written in a step-by-step way to guide new users to use the application.

Given below are sections I contributed to the User Guide. They showcase my ability to write documentation targeting end-users.

Registering and Logging In

Whenever you open the application, the timetable content and commands are locked. You are required to either login with a pre-existing account, or register a new one.

FreeTime has a default user with username: test and password: test

There are five security related commands that can be entered on this command line:

  1. login

  2. register

  3. ui

  4. logout (Only when you have logged in)

  5. exit

StartUpScreenFix
Figure 1. Login Page with Red Arrow pointing to where you should enter your commands

At this page you will have to enter your credentials to log in. Only then would you be able to edit and view your own timetable, and view your friends' timetable.

Friends are other users that you have "friended", and all users start off without having any friends.

The timetable that belongs to users that are not your friends will not be available for you to see, till you add them as friends.

Logging In: login (li)

Command: login u/USERNAME pw/PASSWORD

Examples:

  • login u/test pw/test
    Logins with Username: test and Password: test

  • login u/tim pw/tam
    Logins with Username: tim and Password: tam

You are required to to enter a password that contains more or equal to 8 characters. To ensure that your account is well-protected, do use a password that is not common.

Registering: register (re)

Command: register u/USERNAME pw/PASSWORD e/[EMAIL] p/[MOBILEPHONE] a/[ADDRESS]

Examples:

  • register u/tim pw/tam e/tim@tam.com p/88888888 a/Tammy Road

Only the Username and Password fields are necessary, the others are optional and you are not required to enter them.

Showing the UI Interface: (ui)

Command: ui

Entering the command ui will cause the Login Window to appear as seen in figure 4.

LoginUI
Figure 2. Login UI

Clicking on the Register button changes your view to the Registration Window seen in figure 5.

RegisterUI
Figure 3. Registration UI

Logging Out : logout (lo)

Command: logout

To use this command, you would have to be logged in first. Typing logout as seen in the figure below return you back to the login page.

Logout
Figure 4. Logout Command entered into command line

My Developer Guide Contribution

On the other hand, a developer guide is written for technical stakeholders that are interested in the implementation of the methods, and might be working on extending the project.

Given below are sections I contributed to the Developer Guide. They showcase my ability to write technical documentation and the technical depth of my contributions to the project.

Security component

SecurityClassDiagram
Figure 5. Structure of the Model Component

The Security component is a module that ensures the users that are using the application are authenticated, and an instance of an authenticated user will be created and stored in ModelManager every time a user is logged in so as to allow the application to do user-specific tasks.

It also handles all the commands entered to check for security clearance. On top of that, it is able to hash passwords and save them into a file named users.json at root folder.

In Figure 9, AppUsers is an object that stores the list of AccountCredentials. This object is created when FreeTime runs. Storage Component will try to find a user.json file to convert that into the AppUsers object. If the file is not found, or the data is corrupted, this program will create a new AppUsers object with default Users in it.

More information is detailed below in Security Implementation.

Security Implementation

To begin this section, we would need to introduce the idea of a Authenticated User instance. Whenever a user successfully logs in, or creates a new account, the application will create an Authenticated User in Model. This User is an extension of the Person Class, which different part of the UI and SecurityManager will access it. One example would be the friend’s UI panel, where FreeTime has to know the current user to display his friends

Current Implementation

This section will be broken down into
1. Front-End
2. Back-End

Front-End Implementation
  1. CLI
    CommandBox Class handles the command line interface, and passes every command to SecurityManager through the Security API.

  2. UI Prompt
    Inside the UI package, there are two new windows created, LoginWindow and RegistrationWindow. Each Window would handle UI events such as clicks and passing relevant information to the SecurityManager similar to above.


Back-End Implementation
Command Parsing

The Sequence Diagram when a user enters a command is seen in the figure below:

SecurityParseCommandsSD
Figure 6. Interactions between the UI Component and Security Component for the login Command

AuthReturn is a enum type that contains the following definition:

COMMAND_ALLOWED, COMMAND_LOGOUTFIRST, COMMAND_LOGINFIRST, COMMAND_ERROR;

The above figure shows the sequence when the AuthReturn is COMMAND_ALLOWED. When it is not that, there will be an SecurityAuthenticationException thrown with the relevant message to the user.

CommandsEnum is another enum type that contains the method iscommandAllowed(). They are found in seedu.addressbook.commons package.

SecurityLoginSequenceDiagram
Figure 7. Interactions between the UI Component and Security Component for the login Command

The figure above shows the steps when login is called after parsing the command (since login is a command too).

AppUsers contains an array of AccountCredentials, which has the attribute of Username and Password, and methods such isPasswordValid(). Here it also calls the static Hasher class, which takes the password and a salt to create the hash of the password.

Whenever a user logs in, the username is searched from userList returned by AppUsers. Once it matches a username, the input pasword is then salted and hashed (SHA-512), and finally compared to the stored hashed password. A boolean is then returned to the SecurityManager.

Design Considerations

Where to store Authenticated User object
  • Alternative 1 (current choice): Inside of ModelManager

    • Pros: All the methods in LogicManager can access User object

    • Cons: The concept of an authenticated user object should be inside SecurityManager

  • Alternative 2: Inside of SecurityManager

    • Pros: ModelManager does not have security related objects inside it

    • Cons: Logic and Model methods cannot access it

How to store user password credentials
  • Alternative 1 (current choice): To encrypt with a hash function

    • Pros: Password is protected

    • Cons: There is a slight computational overhead and code complexity

  • Alternative 2: Store the plaintext password

    • Pros: Less work to do

    • Cons: Anyone who have access to the credential file can have access to all the application users