Merge pull request #97 from ericvaandering/add_autocreate

Automatically create account for shibboleth version

Author: ericvaandering

DocDB/cgi/DocDBGlobals.pm

@@ -92,6 +92,7 @@ $Preferences{Security}{Certificates}{ShowCertInstructions} = $FALSE;  # TRUE or
 $Preferences{Security}{AuthName} = "";  # Set to override default AuthName of group1 or group2, etc.
 $Preferences{Security}{SSOGroupVariables} = ();  # Environmental variables with lists of groups
 $Preferences{Security}{AutoCreateSSO} = $FALSE;  # Automatically create an SSO user if none exists
+$Preferences{Security}{AutoCreateShib} = $FALSE;  # Automatically create a Shibboleth user if none exists
 $Preferences{Security}{UseCertGroupsForSSO} = $FALSE;  # If no SSO account exists, use the groups from the certificate
 $Preferences{Security}{TransferCertToSSO} = $FALSE;  # Automatically transfer certificate user information to SSO
                                                      # (implies AutoCreateSSO)

DocDB/cgi/DocDBVersion.pm

@@ -21,6 +21,6 @@
 #    along with DocDB; if not, write to the Free Software
 #    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
-$DocDBVersion = "8.8.9p1";
+$DocDBVersion = "8.8.9p2";
 
 1;

DocDB/cgi/EmailLogin

@@ -39,6 +39,11 @@ $dbh   = DBI->connect('DBI:mysql:'.$db_name.':'.$db_host,$db_rouser,$db_ropass);
 print $query -> header( -charset => $HTTP_ENCODING );
 &DocDBHeader("Personal Account Login");
 
+if ($UserValidation eq "shibboleth" or $UserValidation eq "FNALSSO") {
+  push @ErrorStack,"This page is not valid for single sign-on methods.";
+}
+EndPage();
+
 print "<p/>\n";
 print "<b>This page is used to log into or create a personal $Project DocDB account. You
           can use this account to set e-mail notifications. DocDB will e-mail

DocDB/cgi/ShibbolethUtilities.pm

@@ -68,11 +68,50 @@ sub FetchEmailUserIDForShib () {
 
   my ($EmailUserID) = $EmailUserSelect -> fetchrow_array;
 
+  if (!$EmailUserID and $Preferences{Security}{AutoCreateShib}) {
+    $EmailUserID = CreateShibUser();
+  }
+
   if ($EmailUserID) {
     FetchEmailUser($EmailUserID)
   }
 
   return $EmailUserID;
 }
 
-1;
+sub CreateShibUser() {
+  my ($FQUN, $UserName, $Email, $Name) = GetUserInfoShib();
+  if ($FQUN eq 'Unknown') {
+    push @DebugStack, 'Username is Unknown. Not inserting. SSO may not be set up correctly.';
+    return;
+  }
+
+  push @DebugStack, "Creating Shibboleth SSO user in EmailUser with Username=$FQUN, Email=$Email, Name=$Name";
+  CreateConnection(-type => "rw");   # Can't rely on connection setup by top script, may be read-only
+  my $UserInsert = $dbh_rw->prepare(
+      "insert into EmailUser (EmailUserID,Username,Name,EmailAddress,Password,Verified) " .
+      "values                (0,          ?,       ?,   ?,           ?,       1)");
+  $UserInsert->execute($FQUN, $Name, $Email, 'x');
+  my $EmailUserID = $UserInsert -> {mysql_insertid}; # Works with MySQL only
+  DestroyConnection($dbh_rw);
+  push @DebugStack, "Created EmailUserID $EmailUserID for SSO";
+  return $EmailUserID;
+}
+
+sub GetUserInfoShib() {
+  my $Username = "Unknown";
+  my $EmailAddress = "Unknown";
+  my $Name = "Unknown";
+
+  if (exists $ENV{'ADFS_LOGIN'}) {
+    $Name = $ENV{ADFS_FULLNAME};
+    $EmailAddress = $ENV{ADFS_EMAIL};
+    $Username = $ENV{ADFS_LOGIN};
+  }
+
+  push @DebugStack, "GetUserInfoShib returning $Username, $Username, $EmailAddress, $Name";
+
+  return ($Username, $Username, $EmailAddress, $Name);
+}
+
+1;

DocDB/doc/CHANGES

@@ -1,3 +1,7 @@
+8.8.9p2
+  Add an option $Preferences{Security}{AutoCreateShib} (defaults to $FALSE) to automatically create shibboleth accounts
+    (following what was done for Fermilab SSO). Fixes a regression where it was difficult or impossible to make an account
+
 8.8.9p1
   Fix the author searching JS for old cases where first or last name may not exist
   Include a patch from 8.7 branch that was never included

DocDB/html/js/OldCMS.js

@@ -0,0 +1,168 @@
+// This code was in the CMS DocDB but was preventing the author fields from being pre-filled. It was removed as it doesn't
+// seem to provide real value. Originally written by Vidmantis
+
+
+      var docDB_temp_hacks = 0;
+
+
+	  function extended_author_search(){
+            jQuery.extend(jQuery.expr[':'], {
+              'containsi': function(elem, i, match, array)
+              {
+                return (elem.textContent || elem.innerText || '').toLowerCase()
+                .indexOf((match[3] || "").toLowerCase()) >= 0;
+              }
+            });
+            jQuery.extend({URLEncode:function(c){var o='';var x=0;c=c.toString();var r=/(^[a-zA-Z0-9_.]*)/;
+              while(x<c.length){var m=r.exec(c.substr(x));
+                if(m!=null && m.length>1 && m[1]!=''){o+=m[1];x+=m[1].length;
+                }else{if(c[x]==' ')o+='+';else{var d=c.charCodeAt(x);var h=d.toString(16);
+                o+='%'+(h.length<2?'0':'')+h.toUpperCase();}x++;}}return o;},
+            URLDecode:function(s){var o=s;var binVal,t;var r=/(%[^%]{2})/;
+              while((m=r.exec(o))!=null && m.length>1 && m[1]!=''){b=parseInt(m[1].substr(1),16);
+              t=String.fromCharCode(b);o=o.replace(m[1],t);}return o;}
+            });
+
+
+            // extract url parameter
+            jQuery.extend({
+              getUrlVars: function(){
+                var vars = [], hash;
+                var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');
+                for(var i = 0; i < hashes.length; i++)
+                {
+                  hash = hashes[i].split('=');
+                  vars.push(hash[0]);
+                  vars[hash[0]] = hash[1];
+                }
+                return vars;
+              },
+              getUrlVar: function(name){
+                return jQuery.getUrlVars()[name];
+              }
+            });
+                    
+            var author_search = jQuery.getUrlVar('author');
+
+
+            if (author_search){
+                jQuery('h3').html(jQuery('<a href="#">show all authors</a>').click(function(){jQuery('table tr td ul li, table tr td a, table tr th').show(); })).show();
+
+
+                jQuery('table tr td ul li, table tr td a, table tr th').hide();
+
+                params = author_search.replace('.', ' ').replace('+', ' ').replace(',', ' ').split(' ')
+
+                filtered = jQuery('table tr td ul li a')
+
+                jQuery(params).each(function(i, param){
+                    //TODO: handle special chars and international names
+                    //console.log(param);
+
+            		//clean up the string, leave only letters
+            		param = param.replace(/[^a-zA-Z]/g, '');
+            		if (!param)
+            			return;
+
+                    filtered = filtered.filter(':containsi('+param+')');
+                });
+                items = filtered.show().parent().show().addClass('search_matched')
+
+
+            	//console.log(items)
+
+            	/* If there was only one result, point to the documents by the author */
+            	if (items.length == 1){
+            		    var target = items.find("a").first().attr('href');
+                        //console.log("Blah:"+target);
+                        location.href = target;
+            	}
+            }
+
+	  }
+
+
+      function apply_cms_styles(){
+            /* watermark the search */
+			var searchField = jQuery('div#header-search-container input[type=text][name=simpletext]');
+			/* we take the value of watermark from title attribute */
+            searchField.watermark(searchField.attr('title'),  {className: 'watermark-search'});
+
+            jQuery('div#header-search-container form').submit(function(e){
+                //check if value has an ID
+                var value =jQuery('input#header-search-input').val();
+                //alert(value);
+                var regexp = /id:(\\d+)/i;
+                if (regexp.test(value)){
+                    //alert('ID');
+                    e.preventDefault();
+                    value.match(regexp);
+                    docid = RegExp.\$1;
+                    window.location.href = 'ShowDocument?docid=' + docid
+                }
+            });
+
+
+                /* hide keywords */
+                if (jQuery('form#documentadd input[name=keywords]')) {
+                    jQuery('form#documentadd input[name=keywords]').parents("tr").first().hide(); 
+                }
+
+                /* fix styles */
+                for (i=1; i<1000; i=i+2){ 
+                    if (!jQuery('input[name=upload'+i+']'))
+                       break;
+                   jQuery('input[name=upload'+i+']').parents('tr').first().addClass('FileUpload');
+                   jQuery('input[name=filedesc'+i+']').parents('tr').first().addClass('FileUpload');
+                   jQuery('input[name=fileid'+i+']').parents('tr').first().addClass('FileUpload');
+                }
+
+
+
+
+            if (docDB_temp_hacks){
+                /* TODO: (temporaly) set up file input coloring */
+                for (i=1; i<1000; i=i+2){
+                    if (!jQuery('input[name=upload'+i+']'))
+                       break;
+                   jQuery('input[name=upload'+i+']').parents('tr').first().addClass('file-upload-row-odd');
+                   jQuery('input[name=filedesc'+i+']').parents('tr').first().addClass('file-upload-row-odd');
+                   jQuery('input[name=fileid'+i+']').parents('tr').first().addClass('file-upload-row-odd');
+                }
+
+                /* add select all button */
+                if (jQuery('form#documentadd input[name=copyfile1]')){
+                    jQuery('form#documentadd input[name=copyfile1]').parents("td").first().append('   <a>copy all files<a>').toggle(function(evt){evt.preventDefault();jQuery('[name^="copyfile"]').val(["on"])}, function(evt){evt.preventDefault();jQuery('[name^="copyfile"]').val([""])})
+                }
+
+           }
+
+
+      }
+
+		/*  ==========  set up the validation  =========== */
+	  function form_add_validation(){
+
+		jQuery.validator.messages.required = "";
+
+		/* pre-validate the form */
+		jQuery("form#documentadd").validate({onfocusout: true, onkeyup: true});
+	  }
+
+
+	  if (!(typeof jQuery === 'undefined') && !(typeof jQuery.validator === 'undefined')){
+          jQuery(document).ready(function() {
+                /* Here we could customize the validation (again) */
+				form_add_validation();
+          });
+	  }
+
+	  if (!(typeof jQuery === 'undefined')){
+          jQuery(document).ready(function() {
+                apply_cms_styles();
+                extended_author_search();
+                if (jQuery('form#documentadd select[name=security]').length == 1) { CmsTransformPermissions(); }
+          });
+      }
+
+