1.     Project Overview

1.1     System Description

The client for this project has decided to build a platform that will support the sale, exchange, and redemption of gift cards between businesses and individuals.  The goal of this platform is to help small businesses expand, using both web and mobile layouts, by giving them a simple way to raise capital and acquire new customers using gift cards.

The client needs to create a high quality platform that is easy-to-use even for business owners that don’t have a lot of technical expertise.  Many business owners are not technologically sophisticated, so creating a platform that is simple to understand and navigate is also a top priority.

The main function of the platform will be to allow business to post virtual gift cards for sale on the platform.  Individual users will be able to browse and buy these gift cards, as well as resell or trade gift cards they own.  Using the mobile layout, users will be able to redeem their gift cards at the business, and the business will be able to process gift card redemption at their point of sale.

This assembly is responsible for implementing security related functionalities of the front end mobile application, related angularJS service and integrate the REST APIs, including HTML5 pages, AngularJS Service and AngularJS controllers.

1.2     Competition Task Overview

A complete list of deliverables can be found in the TopCoder Assembly competition Tutorial at:

http://apps.topcoder.com/wiki/display/tc/Assembly+Competition+Tutorials

Note: Please read the whole Application Design Specification first. All the details not mentioned in this specification are provided in that document.

Note: Please read the whole Application Design Specification first. All the details not mentioned in this specification are provided in that document.

1.2.1     Scope

This challenge is responsible for the following parts in the Front End Mobile Class Diagram:

• app.js

• LoginCtrl

• RegisterCtrl

• ForgotPasswordCtrl

Implementation details are provided at TCUML class documentations.

Related pages are also in scope.

This challenge is responsible for the following parts in the Front End AngularJS Class Diagram:

• SecurityService
• UserService

Fix following issues in user and security APIs and use the Real APIs in this challenge:

• Add UserService.getUserProfiles to get users of ids.
• UserService#create - Allow user to have multiple roles in the system, so it should support to add role to the existing account and user will be notified that this e-mail already exists. The same relates the same social identity to register for the second role.
• Please make sure the REST APIs follow the API Specification. For any other bugs not in the above list, please fix it in your submission.
• The Entities Class Diagram just shows the objects structure, they doesn't need to be implemented.

1.2.2    General AngularJS Implementation Guide

The services are AngularJS services, they use $http service to communicate with the back end REST services.
During this assembly, a simple basic app.js may be implemented to run and test the services.

Some services require authorization, they expect a session token set in sessionStorage.sessionToken field, if not, they will call callback with error message.

Below we take the UserService.updateMyUserProfile as example, other services are implemented similarly.

angular.module('services').factory('userService',
    ['$http', '$log',
    function ($http, $log) {
        var service = {};
        service.updateMyUserProfile = function(user, callback) {
            $http({
                // it may be 'GET', 'DELETE' etc for other REST services
                method:'PUT',
                // replace this url for other REST services
                url: config.REST_SERVICE_BASE_URL + '/users/me',
                // request body may be different for other REST services
                data: JSON.stringify(user),
                // authorization header depends on REST service,
                // some needn't it,
                // some needs other authorization header, e.g. the Login
                headers: {
                    'Authorization': 'Bearer' + sessionStorage.sessionToken
                }
            }).success(function(data){
                callback(null, data);
            }).error(function(data, status, headers, config) {
                callback(data);
            });
        }

        ... // other functions

        return service;
}]);

1.2.3    Services Mapping

When implementing an AngularJS service method, see its TCUML method documentation, it provides the corresponding REST service.
Then open the REST_API_Specification.docx, locate the referred REST service. In the "Request Syntax" section, there is HTTP method and URL for the REST service. The "Request Headers" item contains authorization header details. And the Response section contains response details.
For the red methods in TCUML, these indicate new REST services, the details are just in the TCUML method documentation.
Assemblers should follow these REST contract, and follow above sample code to make the REST calls.

1.2.4     partials/login.html

UI Prototype: Login

Controller: LoginCtrl

This page handles user login. Users may login via credential or social network.

When login button is clicked, it calls the login function of the controller.

When social login is used, the page will follow social network OAuth flow (Facebook, Twitter, or LinkedIn) to obtain access token, then call the loginWithSocialNetwork function of the controller.

The OAuth callback page is defined below. After the callback gets the access token, it will store it in localStorage, then redirect to this login page, this login page will then get the access token and pass it to back end. And the access token in localStorage should be cleared.

Refer to ADS 1.3.10 for more details.

1.2.5     partials/register.html

UI Prototype: Register

Controller: RegisterCtrl

This page handles user registration. User registration may be via this web app or social network.

When register via this web app, it calls register function of the controller.

When register via social network, the page will follow social network OAuth flow (Facebook, Twitter, or LinkedIn) to obtain access token, then bind them to $scope.data.linkedSocialNetwork, linkedSocialNetworkUserId, linkedSocialNetworkAccessToken, then calls the register function.

The OAuth callback page is defined below. After the callback gets the access token, it will store it in localStorage, then redirect to this login page, this login page will then get the access token and pass it to back end. And the access token in localStorage should be cleared.

When clicking "Register" button, the  "password" input value must be checked against "confirm password" input value, if they don't match, error message should be shown.

For founder user, this page should add a file input to upload business photo.

Refer to ADS 1.3.10 for more details.

1.2.6     oauthCallback.html

This is callback page for OAuth callback to accept access token, for Twitter social login/registration.

It accepts "type", "oauth_token", "oauth_token_secret" and "oauth_callback_confirmed" query parameters, "type" parameter value may be "login" or "register".

The page should do the following processing:

var accessToken = {

        token: value of query parameter oauth_token,

        tokenSecret: value of query parameter oauth_token_secret

    };

localStorage.accessToken = accessToken;

if (query parameter "type" value is "login") {

    Redirect to login page;

}

if (query parameter "type" value is "register") {

    Redirect to register page;

}

1.2.7     partials/forgotPassword.html

UI Prototype: ForgotPassword

Controller: ForgotPasswordCtrl

This page recovers forgotten password. When recover password button is clicked, it will trigger the recoverPassword function of the controller.

Back end will send an email to user, the email contains a link pointing to below page to let user enter new password.

1.2.8     partials/resetForgottenPassword.html

It accepts a token query parameter.

It allows user to enter new password.

When user clicks "submit", it will call SecurityService.resetForgottenPassword(token, newPassword, …) to reset the password.

If successful, it will redirect user to the login page.

The processing is simple, the corresponding controller is left to assemblers.

1.3     Technology overview

• HTML5
• JavaScript
• jQuery 1.11.0 http://jquery.com/
• AngularJS 1.2.28 https://angularjs.org/
• jsqrcode https://github.com/LazarSoft/jsqrcode
• ShareThis http://www.sharethis.com/
• NVD3 http://nvd3.org/
• Wordpress 4.1 https://wordpress.org/
• Google Maps JavaScript API v3 https://developers.google.com/maps/documentation/javascript

1.5     Existing Documents

• Class Diagrams
• Sequence Diagrams
• Application Design Specification
• Assembly Specification

Final Submission Guidelines

• Source code and configuration files.
• Deployment guide to configure and verify the application.