As the GSoC final evaluations are going to start tomorrow, this blog post will summarise the project experience and delve into the tasks I worked on. I will wrap up with the challenges I faced during the last three months and the steps I took to overcome them.
Background
OSEM already had a ticket purchasing feature for its conferences where the attendees could buy tickets for the conference. But many people found that the workflow was not very user-friendly and as a result, this feature was not frequently used. We identified the main pain points for the users:
- The earlier ticketing feature used to ask attendees for the tickets they want to but still, the payments were manually done at the conference.
- This made the significance of ticket purchases confusing for the users.
The Plan
So my task was to improve the ticketing process. We planned to do this by addressing the pain points as directly as possible. The initial plan was to:
- Improve the user ticket purchase workflow
- Add a online ticket payment feature
After few rounds of discussion with the OSEM community, we decided to implement the payment feature using `active-merchant`. It is one of the most popular payment library (which also meant readily available documentation, yay!). It was also a good choice for organisers as it gives them the freedom to choose any payment gateway of their choice.
The Task
After 34 commits, 30 days of reviewing, 700 lines edited and 165 review comments, I was finally able to meet all the requirements. I learnt many important things in the process like
- Security
- Testing
- Code styling
- Code quality
The commit got LGTM from key contributors. I was so happy that finally ‘my code’ will be powering OSEM.
Check active-merchant implementation here on Github.
The Complication
However, as many things in real life, we stumbled upon a list minute hiccup. Actually, it was a big one. Some community members pointed out that this feature has to comply with better PCI Guidelines as we are dealing with confidential information like credit card numbers. There are various certificate levels in PCI guidelines, each with different requirements and costs. We found out that the `active-merchant` solution would have to be PCI SAQ-D compliant, which is the most stringent of all and requires considerable capital expenditure.(Read more about PCI DSS guidelines here.)
After further discussion with the community, it was decided that there was a need to reimplement the whole feature to make it SAQ-A compliant. This will offload the security aspect to established third parties which are SAQ-D compliant and hence it will becheaper for the organiser to integrate such a solution without worrying about the burden of getting SAQ-D certification. We looked into a few options (see here) and finally decided to integrate Stripe iFrame payment feature directly into the application.
The task re-implemented
Towards the second half of GSoC, I re-implemented the online payment feature using Stripe payment gateway. The original work helped in accelerating this development work as I had a good idea of all the tests which should pass. The development process was very close to TDD and I liked this way of programming. Within 2 weeks, I re-implemented the feature while handling all possible exceptions in the payment process.
Check stripe implementation here on Github.
Challenges
There were various unforeseen changes and adjustments which were encountered during the course of this project. As I wanted to do my best in GSoC and follow the plan closely, these changes were very challenging for me to cope up. I would like to thank my mentors for continuous guidance and support in the project. In the process, I always kept my focus on thinking about “what to do next?” instead of “why did it go wrong?”.
One line from my mentor stayed in my head
“Things always keep changing for better in Open Source Society.”
Overall Experience
I got to learn a lot about Ruby on Rails, TDD, better code practices, better testing practices and Web Security guidelines and standards. I also learnt about how payments are handled by various payment gateways and what are the best practices when you want to use a payment processor/gateway in your application.
Meeting lovely SUSE people and fellow GSoC students at openSUSE Conference 2016, Nuremberg was a wonderful and encouraging life experience too.
The overall experience in Google Summer of Code with openSUSE was full of learning, support and joy. The whole community was very supportive during the GSoC project and I want to work more with Open Source Society and learn more with the concept of collaborative learning.
I would highly recommend people to work with Open Source community and learn along with the most learned and knowledgeable people who are passionate about their work. 🙂
I will continue working with openSUSE solving bugs in OSEM and carrying out various other improvements possible in OSEM. I will first make other required changes to make the feature better and then I am thinking to work with dockerizing the OSEM platform in my free time 🙂
Summary
- You can see the issues we have worked with, here.
- You can look into all the pull requests we created for OSEM here.
- You can see all our merged commits into OSEM here.
you can find me on gitHub at rishabhs95
rishabhstr 