On the tutorial page, we want to listen for:

1. After a user presses the Check my answer! button (each time)
2. Listen for the div with the id exercisefeedback to change
3. If it contains a table with the class feedback then write a new Exercise_Attempt

As part of this issue, we need a Exercise_Attempt table with:

• unique id (auto increment, primary key)
• user id
• time and date
• exercise id (e.g. 688 from this exercise)
• score (percentage scraped, as floating point, representing the number of passing tests out of the number of tests)

• Set up production environment with dedicated tokens
• Set up google cloud platform as host
• Set up domain to DNS

On Linux, running the command docker-compose build fails and produces the following error (segment):

[2/4] Fetching packages...
error @npmcli/[email protected]: The engine "node" is incompatible with this module. Expected version "^12.13.0 || ^14.15.0 || >=16". Got "10.24.0"
error Found incompatible module.
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
ERROR: Service 'web' failed to build : The command '/bin/sh -c yarn install --check-files && yarn upgrade --ignore-engines' returned a non-zero code: 1

Let's use this video for testing purposes: https://youtu.be/DFXdvQ62NlI

Data we want:

• Time of start play (include the time of day)
• Event of pausing (include the time marker, time of day)
• Event of rewinding (including the time marker, time of day)
• Time of day of video end
• Time of day for maximize and/or resize screen

• Seed the db the following roles:

• learner
• admin
• creator

• By default, any new user should be a learner
• Accounts for [email protected] or [email protected] should automatically be given admin role

• Add routing to an administrator management panel to be located at domain/manage
• Verify user is logged in as an administrator role. If not logged in, present login modal. If logged in without administrator role, redirect to the main landing page
• Once logged in, the page should have: the header "Administrator Management" and a search bar with search button. When a search is submitted, any email addresses that contains the entire search term should match. All matches should be shown in the results table...
• Search results should be a table with columns: email address as text label, created at as data label, role as dropdown with the options (and current value displayed) {learner,creator,admin}. Changing the dropdown selection should (using AJAX) update the record of the user with their new role. If nothing matches the search result, display "No matches found" instead of the table.

By default, we still want docker compose to run both the server and db images. However, for debugging and experimental purposes, we would benefit from having a second way to spin up the containers in interactive mode so that we can interact with the server from the rails command-line.

Minimally, include instructions on how to do so in README.md with commands but may also need changes to configuration files.

CVE-2021-22881
moderate severity
Vulnerable versions: >= 6.0.0, <= 6.0.3.4
Patched version: 6.0.3.5
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a malicious website.

These rules will only apply to accounts made on codewit.us and not those authenticated through external OAuth.

• passwords should be at least 12 characters
• no restrictions/requirements on types of characters/case

Within the site, passwords should:

• be hashed and salted

Add a Notification model that contains the required fields:

• Message (text)
• Expiration (date + time)

Add to the admin Management page, a form that shows all current Notifications (any whose expiration dates have not passed), with editable fields the admin can update and submit. There should also be an option to add a new Notification with the same editable fields.

Update the header partial view so that when there are notifications (any whose expiration dates have not passed), a box will appear immediately below the navbar with the text of the notification's message.

• Message should be centered within box
• Box background (but not text) should have 10% transparency
• The user should be able to dismiss the box with a (X) button

Load the featured tutorial on the landing page dynamically to embed its thumbnail, author (with name and photo), title, concepts, and interests; as described in the UX wiki

As described in the wiki and demonstrated in the wireframe prototype, add a list of "Related tutorials" under the featured tutorial on the landing page.

The featured tutorial should update according to the description in the UX Wiki using the dropdowns.

Add the tutor profile page (as described in the wiki) and update their names/photos to link to their profile page wherever it appears.

SEE CORRECTIONS BELOW

• Create a tutorial that has the following Workout for its iframe: https://codeworkout.cs.vt.edu/gym/exercises/694/practice?workout_id=955
• When leaving/closing page, save the percentage from: div#sidebar > article.workout > div.summary > div.radial-progress > div.pct into a new row of Session_Performance (see next)
• Add Session_Performance table with:

• unique id (auto increment, primary key)
• user id
• time and date
• workout id
• score (percentage scraped, as floating point)

Seed the db to have the following initial concepts:

• function
• function parameter
• decision
• loop
• operation
• variable
• boolean expression
• array
• vector
• matrix
• number system
• recursion
• struct
• pointer
• sorting
• input/output (I/O)
• class
• randomization
• file stream

• Require user to be logged in with an account that is either creator or admin for tutorial creation/edit

Form fields:

• Tutorial title (as string)
• Youtube link (as string)
• Concepts (string with autocomplete ajax for existing concepts; new concepts can be added; minimum 1, maximum 3)
• Interests (string with autocomplete ajax for existing interests; new interests can be added; minimum 1, maximum 3)
• CodeWorkout embed link (as string)

Affiliated information (saved but not user-entered):

• Tutor id (grabbed from logged in user account id, not a field but still saved)
• Time of creation

Model associations are just represented by strings (then extracted for SQL statements) rather than having actual associations and appropriate lookup tables. This causes problems, for example, in Videos and Concepts many-to-many relationship that is just stored as a string of an array of id's ([5, 11]) and Concept.find_by(id: @videoData[0].concepts) doesn't find the associated concepts because it is searching for a singular id "[5, 11]"

404 Page Not Found errors should redirect to the landing page.

When redirected to the landing page, the notification box should show a message -- that isn't an instance of a notification, but adopts the same presentation and interaction -- that says:

Oops! You were heading in the wrong direction, so we brought you home safely.

Upon docker-compose up I get the following error (after Puma has launched the web server and I have opened the homepage):

web_1  | Cannot render console from 172.18.0.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1

• Rails
• MySQL

• Add a Helpful button with a thumbs-up icon, above the Share button on the Tutorial screen.
• User should be able to select or unselect (toggle) Helpful for any Tutorial so that it saves their vote and each user can NOT mark the same Tutorial as Helpful more than once (unless the unselect it in between), similar to YouTube's Thumbs Up button. Update the schema so that it saves who has liked which Tutorials

OAuth security alert, along with recommended workaround

• Search/browsing worked examples
• Practicing worked example

• Registration
• Login
• Home page (before logging in)

Add these to as unique rows for Interests:

• video games
• music
• movies
• exercise
• books
• outdoors
• 3D printing
• photography
• sports
• math
• technology
• anime
• cooking
• dancing
• cars
• video and film
• tabletop games
• gardening
• firearms
• makeup

files must have been accidentally initiated causing the error during test execution

Upon running the container and browsing localhost:3000 I get an Application error and the console server error reads:

Started GET "/" for 172.18.0.1 at 2021-12-07 22:11:42 +0000
web_1  | Cannot render console from 172.18.0.1! Allowed networks: 127.0.0.0/127.255.255.255, ::1
web_1  |    (0.4ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
web_1  | Processing by ApplicationController#home as HTML
web_1  |   Video Load (0.6ms)  SELECT "videos".* FROM "videos" ORDER BY RANDOM() LIMIT $1  [["LIMIT", 1]]
web_1  |   ↳ app/controllers/application_controller.rb:63:in `home'
web_1  | Completed 500 Internal Server Error in 9ms (ActiveRecord: 1.6ms | Allocations: 2895)
web_1  | 
web_1  | 
web_1  |   
web_1  | NoMethodError (undefined method `interests' for nil:NilClass):
web_1  |   
web_1  | app/controllers/application_controller.rb:63:in `home'

Cannot render console is related (see #60 ) but independent of the other errors

• Build rails server (with Docker?)
• Run Rspec tests
• Gather coverage (

When the server runs, it updates/creates some files that reflect changes in the Rails configuration. However, those changes do not persist permanently because once the container shuts down, the files will remain as they originally were.

Files we want to persist include:

• yarn.lock
• Gemfile.lock

CVE-2021-22880
high severity
Vulnerable versions: >= 6.0.0, <= 6.0.3.4
Patched version: 6.0.3.5
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

We need a relational MySQL database with the following objects:

User

• id (unique, auto-increment, primary key)
• email address (unique)
• [any additional info required for oauth]
• date of registration (Date)
• major (string)
• age (integer)
• gender (string)
• role [has one]
• interest [has many]

Role

For now, each user will have one (and only one) role, but we want a dedicated object for future extensibility. Initial values will be:

• id (unique, auto-increment, primary key)
• learner
• creator
• admin

Interest

interests will be topics like personal interests or hobbies. They will be associated (many-to-many) with other objects, including User, but also other objects

• id (unique, auto-increment, primary key)
• name (unique)

We need to configure the app to default to MySQL (instead of SQLite) and build the initial tables. The development environment should also support it.

Upon reviewing the codebase, I noticed some code that is replicated and/or components that need better names. We need to refactor code so that it is DRY ("don't repeat yourself") and clean:

• There is both header and header 2 which are near duplicates. If they are both necessary, give them more descriptive names. Same with interest and interest2.
• There are some extraneous files such as backup.html.erb and indexOld.html.erb that should be deleted if unnecessary. Do another pass through the project to see if there are other examples besides these two files.

Values for interests should be restricted by the following rules:

• all letters converted to lower-case
• no numbers or non-alphabetic characters (both restricted when typing in the view, and validated when created in model)
• interests should be unique

A partial view for selecting interests (wireframe is in progress) should:

• have a text field that autocompletes (ajax) with existing interests
• by default, the top 10 most popular interests should be listed, available to select
• up to five interests can be selected