Challenge Overview
Project Overview
BrivoLabs has a beta version of a node.js/coffeescript application that is called Social Access Management (SAM) API. It uses postgres database, runs on heroku, consists of both a web and a worker process, and uses a redis-based message queue to communicate between them.
The goal of this challenge is to add new identities endpoints to allow users manage their own identities.
Competition Task Requirements
Add the following endpoints to identities controller :
- Add new field to the controller that reads from config, the configurable field will be array of allowed identities that user can manage, i.e. ['nymi', 'google', 'salesforce']
- POST /me/identities
- Creates new identity and associate it with caller account.
- It accepts same input parameters as POST /identities endpoint
- It requires valid access token
- No role restriction to call this endpoint
- It must validate that passed identityProvider is allowed to be manipulated by user
- Use same validation for input parameters as POST /identities endpoint
- Associate created identity with caller account
- GET /me/identities
- Return identities of the caller that fall within configured allowed identity providers
- It accepts same query parameters as GET /identities endpoint
- It requires valid access token
- No role restriction to call this endpoint
- GET /me/identity/:id
- It returns identity of the passed in ID
- It requires valid access token
- No role restriction to call this endpoint
- Retrieval of identity should use the caller account to search the identity using the passed in ID and allowed identity providers.
- PUT /me/identity:id
- Updates the caller identity with passed in parameters
- It accepts same input parameters as PUT /identity/:id endpoint
- It requires valid access token
- No role restriction to call this endpoint
- Validate the identity is associated with caller account.
- It must validate that passed identityProvider is allowed to be manipulated by user, validate against configured allowed identity providers
- Use same validation for input parameters as PUT /identity/:id endpoint
- DELETE /me/identity/:id
- Delete the identity of the caller
- It requires valid access token
- No role restriction to call this endpoint
- Validate the identity is associated with caller account.
- It must validate that passed identityProvider is allowed to be manipulated by user, validate against configured allowed identity providers
Other Notes
- We want to see as much code reuse as possible with the existing identity management logic. Move it to helper if needed.
- Use transactions in all endpoints that change db state.
- Follow existing identities function error handling status codes
- Update IO docs and Postman files.
Testing
Create tests for the newly added endpoints.
Source Code
Available in challenge forums. It includes .git folder, you will use it to create patch of your changes.
Final Submission Guidelines
Submission Deliverables
Below is an overview of the deliverables:
- Patch file of changes.
- Update README.md file
- Text file with any notes to reviewers.
Final Submission
For each member, the final submission should be uploaded to the Online Review Tool.