Challenge Overview
App environment:
- REST API application based on Java 8, Maven, and MS SQL.
Basic requirements for this challenge:
- Update existing REST API app to improve current endpoints and create some additional some endpoints explained more details below
- Add more initial data for the new additions
- Improve the integration testing for the new additions
Project Background
The goal of this project is to create a web based tool for operators to share frac schedules and locations with other operators. Currently we have a consortium of 15 operators that share their schedules via email roughly once a week to monthly. The email list changes monthly with people being added or taken off, which makes it tough to manage if you are getting all the schedules you need. Not only does the email list change, but so does each individual company’s frac schedule. With so many moving parts, manually sharing emails and aggregating schedules is unsustainable. These emails contain API # (unique public well identifier), well name, Frac start, Frac end, Bottom Hole Lat/Long, Surf Hole Lat/Long, and sometimes the underground formation name.
In the current state, we go into our internal mapping tool or the State website and manually measure out the distances between our well locations and the offset operators locations to see if we need to prepare our wells. From this frac schedule, it us up to the individual companies to check in to see if offset fracs are on time or delayed and if the operator will impact any of their assets. This methodology is cumbersome and time consuming. A tool should be easily accessible, be able to quickly upload operator information and provide a visual and user adjustable display of areas and times where frac operations may cause operational hazards due to “frac hits” http://www.eagleford.training/2015/08/what-are-frac-hits/
For this challenge, we need improve existing REST API to capture client requirements on User Managements
Technology Stack
Programming language(s) to be used:
- Java 8
- Maven
- Spring
Deployment environment requirements
- localhost
- Heroku
- AWS
Database
- MS SQL Server
Code access
Storyboard Design:
To understand the flow please check here: https://drive.google.com/open?id=18XHRqOJ1iSxH3TU1B1ciWoeo-0a95T5a
AngularApp Source Code
https://gitlab.com/quartz-energy/ops-frac-schedule/web-application
Application support 3 roles, make sure your updates affect all roles
operator/password
admin/password
user/password
NEW Java REST API Source Code
https://gitlab.com/quartz-energy/ops-frac-schedule/java-services
FYI: For quick usage you can use this Dev REST API endpoints: https://ops-frac-api-java.herokuapp.com/api/v1
Postman Collection for API endpoints Testing
https://gitlab.com/quartz-energy/ops-frac-schedule/java-services/tree/dev/docs
General Submission Requirements
1). User Role Updates
Admin need updated to System Admin
- Add/Edit/Delete User from all Company
- Approve Self Registration from all Company
- Unlock the Locked Account from all Company
- Reset the auto-generated password from all Company
- Add/Edit/Delete Company from all Company
- Add/Edit/Delete Contact from all Company
- Add/Edit/Delete Schedule from all Company
- Approve Operator Admin from all Company
- View all operators Well Review from all company
- View all operators Well Review Comments from all company
Operator need updated to Operator Admin
- Add/Edit/Delete User from own Company
- Approve Self Registration from own Company
- Unlock the Locked Account from own Company
- Reset the auto-generated password from own Company
- Add/Edit/Delete Contact from own Company
- Add/Edit/Delete Schedule from own Company
- Approve Operator Admin from own Company
- View Well Review from own Operator Company
- View Well Review Comments from own Operator Company
User need updated to Operator
- NOT able to Add/Edit/Delete User from own Company
- NOT able to Edit own Company
- NOT able to Add/Edit/Delete Contact from own Company
- Add/Edit/Delete Schedule that this Operator created.
- View Well Review from own Operator Company
- View Well Review Comments from own Operator Company
Notes:
- Updates title and terms on all endpoints
- make sure sample data consistent with the new updates
2). Request Access
- This will be the new endpoint for Request access
- We need this register endpoint will available for user that not joined yet.
- Required fields are:
-- Username
-- Email Address
-- Role
-- Company
-- Secret questions
-- Secret questions answer
3). Forgot Password
- Create new endpoints for forgot password
- Required fields are:
-- Email Address
-- Secret questions
-- Secret questions answer
- Need able to create auto-generated generated password
4). Forgot Username
- Create new endpoints for forgot username
-- Email Address
-- Secret questions
-- Secret questions answer
5). Secret Questions
- As part of Add/Edit user, we need allow user to pick 1 secret question and fill the answer
- Create separated table to store all secret questions list
- System Admin need able to Add/Edit/Delete the secret questions list
6). User Management
- Only System Admin/Operator admin can access this.
- You need improve current users endpoints
- Create new endpoints to see all “Active users”, “Self Registration” and “Locked accounts”
- System Admin can access all company
- Operator Admin can only access his own company
- Improve current Users endpoints to support account type and need able to filter by company parameters
- System admin can approve self registrations
- Operator admin can approve self registrations from his own company.
- Need create auto-generated password after account approved
- When create user shouldn't display password box. System need auto-generated the password.
- User password need auto-generated after System Admin/Operator Admin approved the registration. This rule can be the starting point for the format.
-- Password Length: 8
-- Include Symbols: ( e.g. @#$% )
-- Include Numbers: ( e.g. 123456 )
-- Include Lowercase Characters: ( e.g. abcdefgh )
-- Include Uppercase Characters: ( e.g. ABCDEFGH )
- When stored on database, password need hashed.
- Any other suggestion for best practice security solution for auto-generated password?
- Edit user should not reset the auto-generated password
- Need separated way on table to reset the auto-generated password
- Need set temporary lock the account for 24hrs before user can logged in.
- System Admin/Operator Admin need able to unlocked the accounts
- System Admin need able to set Operator Admin flag on each company
- Operator Admin need able to set Operator Admin flag on own company
7). Login update
- Need lock the accounts if user guess wrong password or secret numbers more than 5 times.
- System Admin/Operator Admin need able to unlocked the accounts
- Update the endpoints title for the new addition
8). History Logging
- We need capture table User history for any operations like Locked, Unlocked, Set as Admin, Approved, Auto-Generated password etc.
- Add additional fields to capture user id and timestamp
- Anything else we need capture from User table?
- All updated source code that implement the challenge requirements.
- README in markup language
- Updated insert data scripts
- Updated Postman collections to match with new additions
- Challenge winner need send Merge Request to our repo
- REST API application based on Java 8, Maven, and MS SQL.
Basic requirements for this challenge:
- Update existing REST API app to improve current endpoints and create some additional some endpoints explained more details below
- Add more initial data for the new additions
- Improve the integration testing for the new additions
Project Background
The goal of this project is to create a web based tool for operators to share frac schedules and locations with other operators. Currently we have a consortium of 15 operators that share their schedules via email roughly once a week to monthly. The email list changes monthly with people being added or taken off, which makes it tough to manage if you are getting all the schedules you need. Not only does the email list change, but so does each individual company’s frac schedule. With so many moving parts, manually sharing emails and aggregating schedules is unsustainable. These emails contain API # (unique public well identifier), well name, Frac start, Frac end, Bottom Hole Lat/Long, Surf Hole Lat/Long, and sometimes the underground formation name.
In the current state, we go into our internal mapping tool or the State website and manually measure out the distances between our well locations and the offset operators locations to see if we need to prepare our wells. From this frac schedule, it us up to the individual companies to check in to see if offset fracs are on time or delayed and if the operator will impact any of their assets. This methodology is cumbersome and time consuming. A tool should be easily accessible, be able to quickly upload operator information and provide a visual and user adjustable display of areas and times where frac operations may cause operational hazards due to “frac hits” http://www.eagleford.training/2015/08/what-are-frac-hits/
For this challenge, we need improve existing REST API to capture client requirements on User Managements
Technology Stack
Programming language(s) to be used:
- Java 8
- Maven
- Spring
Deployment environment requirements
- localhost
- Heroku
- AWS
Database
- MS SQL Server
Code access
Storyboard Design:
To understand the flow please check here: https://drive.google.com/open?id=18XHRqOJ1iSxH3TU1B1ciWoeo-0a95T5a
AngularApp Source Code
https://gitlab.com/quartz-energy/ops-frac-schedule/web-application
Application support 3 roles, make sure your updates affect all roles
operator/password
admin/password
user/password
NEW Java REST API Source Code
https://gitlab.com/quartz-energy/ops-frac-schedule/java-services
FYI: For quick usage you can use this Dev REST API endpoints: https://ops-frac-api-java.herokuapp.com/api/v1
Postman Collection for API endpoints Testing
https://gitlab.com/quartz-energy/ops-frac-schedule/java-services/tree/dev/docs
General Submission Requirements
1). User Role Updates
Admin need updated to System Admin
- Add/Edit/Delete User from all Company
- Approve Self Registration from all Company
- Unlock the Locked Account from all Company
- Reset the auto-generated password from all Company
- Add/Edit/Delete Company from all Company
- Add/Edit/Delete Contact from all Company
- Add/Edit/Delete Schedule from all Company
- Approve Operator Admin from all Company
- View all operators Well Review from all company
- View all operators Well Review Comments from all company
Operator need updated to Operator Admin
- Add/Edit/Delete User from own Company
- Approve Self Registration from own Company
- Unlock the Locked Account from own Company
- Reset the auto-generated password from own Company
- Add/Edit/Delete Contact from own Company
- Add/Edit/Delete Schedule from own Company
- Approve Operator Admin from own Company
- View Well Review from own Operator Company
- View Well Review Comments from own Operator Company
User need updated to Operator
- NOT able to Add/Edit/Delete User from own Company
- NOT able to Edit own Company
- NOT able to Add/Edit/Delete Contact from own Company
- Add/Edit/Delete Schedule that this Operator created.
- View Well Review from own Operator Company
- View Well Review Comments from own Operator Company
Notes:
- Updates title and terms on all endpoints
- make sure sample data consistent with the new updates
2). Request Access
- This will be the new endpoint for Request access
- We need this register endpoint will available for user that not joined yet.
- Required fields are:
-- Username
-- Email Address
-- Role
-- Company
-- Secret questions
-- Secret questions answer
3). Forgot Password
- Create new endpoints for forgot password
- Required fields are:
-- Email Address
-- Secret questions
-- Secret questions answer
- Need able to create auto-generated generated password
4). Forgot Username
- Create new endpoints for forgot username
-- Email Address
-- Secret questions
-- Secret questions answer
5). Secret Questions
- As part of Add/Edit user, we need allow user to pick 1 secret question and fill the answer
- Create separated table to store all secret questions list
- System Admin need able to Add/Edit/Delete the secret questions list
6). User Management
- Only System Admin/Operator admin can access this.
- You need improve current users endpoints
- Create new endpoints to see all “Active users”, “Self Registration” and “Locked accounts”
- System Admin can access all company
- Operator Admin can only access his own company
- Improve current Users endpoints to support account type and need able to filter by company parameters
- System admin can approve self registrations
- Operator admin can approve self registrations from his own company.
- Need create auto-generated password after account approved
- When create user shouldn't display password box. System need auto-generated the password.
- User password need auto-generated after System Admin/Operator Admin approved the registration. This rule can be the starting point for the format.
-- Password Length: 8
-- Include Symbols: ( e.g. @#$% )
-- Include Numbers: ( e.g. 123456 )
-- Include Lowercase Characters: ( e.g. abcdefgh )
-- Include Uppercase Characters: ( e.g. ABCDEFGH )
- When stored on database, password need hashed.
- Any other suggestion for best practice security solution for auto-generated password?
- Edit user should not reset the auto-generated password
- Need separated way on table to reset the auto-generated password
- Need set temporary lock the account for 24hrs before user can logged in.
- System Admin/Operator Admin need able to unlocked the accounts
- System Admin need able to set Operator Admin flag on each company
- Operator Admin need able to set Operator Admin flag on own company
7). Login update
- Need lock the accounts if user guess wrong password or secret numbers more than 5 times.
- System Admin/Operator Admin need able to unlocked the accounts
- Update the endpoints title for the new addition
8). History Logging
- We need capture table User history for any operations like Locked, Unlocked, Set as Admin, Approved, Auto-Generated password etc.
- Add additional fields to capture user id and timestamp
- Anything else we need capture from User table?
Final Submission Guidelines
What To Submit?- All updated source code that implement the challenge requirements.
- README in markup language
- Updated insert data scripts
- Updated Postman collections to match with new additions
- Challenge winner need send Merge Request to our repo