[Dspace-tech] Shibboleth authentication

[Benjamin Ryan]

Hi,

               I have modified the Shib auth class to check whether a valid (syntactilly to RFC822) has been supplied in the headers :

 

               if (validate_email_address(email)) {

                              eperson.setEmail(email);

               } else {

                              eperson.setEmail("");

               }

               If not I set the email address to the empty string (I will prompt the user later on to go to their profile and add email address etc).

               However, this causes an exception:

 

               org.dspace.app.xmlui.wing.WingInvalidArgument: The 'characters' parameter is required for list items.

               at org.dspace.app.xmlui.wing.element.AbstractWingElement.require(AbstractWingElement.java:117)

               at org.dspace.app.xmlui.wing.element.List.addItem(List.java:290)

               at org.dspace.app.xmlui.aspect.eperson.EditProfile.addBody(EditProfile.java:292)

 

               This is caused (I think) by the following code in org.dspace.app.xmlui.wing.element.List

 

               public void addItem(String characters) throws WingException

                {

                              require(characters,

                                              "The 'characters' parameter is required for list items.");

 

                               Item item = this.addItem(null, null);

                              item.addContent(characters);

                }

 

               Is there a way round this is I know I will not get a valid e-mail address from many IDPs?

 

Regards,

               Ben

------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------

 

[helix84]

Hi Ben,

just quick note - the Wing code is just for displaying the page in
XMLUI. It probably displays the email address somewhere in a list
(probably <ul>) and fails on empty elements. I didn't look at the code
yet.

Regards,
~~helix84

[Benjamin Ryan]

Hi Helix84,
The code in org.dspace.app.xmlui.wing.element.List:

public void addItem(String characters) throws WingException
{
require(characters,
"The 'characters' parameter is required for list items.");

Item item = this.addItem(null, null);
item.addContent(characters);
}

Calls the require method of the org.dspace.app.xmlui.wing.element. AbstractWingElement

protected void require(String parameter, String message)
throws WingInvalidArgument
{
if (parameter == null || parameter.equals(""))
{
throw new WingInvalidArgument(message);
}
}

And this fails on null or the empty string.

I cannot use a placeholder for the email address as this would have to be unique so as not to violate the constraint on the eperson.email column.
If I cannot use some other placeholder value I will have to generate unique dummy emails and go with that.

Regards,
Ben
------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------

[helix84]

No, my point was - go up the call stack, find out where addItem() is
called and remove it (the list item containing the email address) from
the page (if it's empty, you likely don't need to display it).

Regards,
~~helix84

[Benjamin Ryan]

Hi Helix84,
I do want to display the email address even if it is the empty string so that the user can enter a valid email address.
The problem stems from the fact that I don't get an email address from some IDPs (where I do it is set correctly by the authentication code and updated if it has changed).
I think I have a solution by editing the EditProfile class to show the email address as a label if it was set correctly or show the unset address (i.e with some placeholder text such as "chan...@dummy.org") in a text field.
The problem I am having with this is that it does not update the details in the database because I assume I am not using the correct label/message for the field.

Regards,
Ben

------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------


-----Original Message-----
From: ivan....@gmail.com [mailto:ivan....@gmail.com] On Behalf Of helix84
Sent: 05 September 2012 13:28
To: Benjamin Ryan
Cc: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] Shibboleth authentication

[helix84]

On Wed, Sep 5, 2012 at 3:09 PM, Benjamin Ryan
<benjam...@manchester.ac.uk> wrote:
> I do want to display the email address even if it is the empty string so that the user can enter a valid email address.

OK

> The problem stems from the fact that I don't get an email address from some IDPs (where I do it is set correctly by the authentication code and updated if it has changed).

I understand.

> I think I have a solution by editing the EditProfile class to show the email address as a label if it was set correctly or show the unset address (i.e with some placeholder text such as "chan...@dummy.org") in a text field.

Exactly what I suggested.

> The problem I am having with this is that it does not update the details in the database because I assume I am not using the correct label/message for the field.

You have to keep the input field and its name (email) because it's
also the name of the form parameter.
So, what you probably need to do (I didn't try it) is to change:

identity.addLabel(T_email_address);
identity.addItem(email);

to something like this

identity.addLabel(T_email_address);
if (email == null) { // well, either null or an empty string, not sure
identity.addItem("chan...@dummy.org");
} else {
identity.addItem(email);
}

Regards,
~~helix84

[Benjamin Ryan]

Hi Helix84,
I think I am nearly there with this code:

if (email.isEmpty()) {
Text email_address = identity.addItem().addText("email");
email_address.setRequired();
email_address.setLabel(T_email_address);
email_address.setValue("chan...@dummy.org.uk");
} else {
identity.addLabel(T_email_address);
identity.addItem(email);
}

But it does not send the value back to the server through the form.
I need to a textbox as I need to let the user edit the dummy email address and have this saved.

Is there any documentation on this area?

Regards,
Ben

------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------


-----Original Message-----
From: ivan....@gmail.com [mailto:ivan....@gmail.com] On Behalf Of helix84
Sent: 05 September 2012 14:22
To: Benjamin Ryan
Cc: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] Shibboleth authentication

[helix84]

My mistake, I didn't notice that email didn't have an input field in
that form by default.

As you can see in
https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/EPerson/sitemap.xmap#L66

The submitted form is processed here (in case of registration)
https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/EPerson/eperson.js#L54
or here in case if editing profile
https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/EPerson/eperson.js#L270
so this is where you process the "email" parameter from your input
element in the form. I didn't check the exact logic, but it should get
you on the right track.

Regards,
~~helix84

[helix84]

On Wed, Sep 5, 2012 at 3:55 PM, helix84 <hel...@centrum.sk> wrote:
> https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/EPerson/eperson.js#L54

BTW this is the language it's in:
http://cocoon.apache.org/2.1/userdocs/flow/api.html

And it tries to find the user by email, so you might have to make some
non-trivial changes in that logic.

Regards,
~~helix84

[helix84]

On Thu, Sep 6, 2012 at 12:34 PM, Benjamin Ryan
<benjam...@manchester.ac.uk> wrote:
> Hi Helix84,
> I have now completed the modifications to the Shibboleth authentication and the Update profile so that if an IDP supplies an email address it will be used but otherwise this can be updated in the profile and will not be overwritten on a subsequent login unless an email address is supplied (I have not got the email address validation working in the FlowScript yet).
> Thanks for all your help in getting this working (I didn't even know about FlowScript).
> I have attached the updated files that someone using Shibboleth authentication may find useful.

Thank you for your solution Ben. I'd like to ask you to create an
issue in Jira [1] and attach it there. I'd create it myself, but if
you do it, you will be notified of any status changes and comments, so
you will be able to react to them if you wish. When choosing issue
type, I'd classify it as a bug.

[1] https://jira.duraspace.org/browse/

Regards,
~~helix84

[Benjamin Ryan]

Hi Helix84,
I have now completed the modifications to the Shibboleth authentication and the Update profile so that if an IDP supplies an email address it will be used but otherwise this can be updated in the profile and will not be overwritten on a subsequent login unless an email address is supplied (I have not got the email address validation working in the FlowScript yet).
Thanks for all your help in getting this working (I didn't even know about FlowScript).
I have attached the updated files that someone using Shibboleth authentication may find useful.

Regards,
Ben

------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------


-----Original Message-----
From: ivan....@gmail.com [mailto:ivan....@gmail.com] On Behalf Of helix84
Sent: 05 September 2012 14:59
To: Benjamin Ryan
Cc: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] Shibboleth authentication

[Benjamin Ryan]

Hi Helix84,
I have created the Jira issue (DS-1257).
It shows as unresolved is this ok or should this be changed?

Regards,
Ben

------------------------------------------------------------------
Dr Ben Ryan
Jorum Technical Coordinator (Services)

5.12 Roscoe Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: 0160 275 6039
E-mail: benjam...@manchester.ac.uk
------------------------------------------------------------------


-----Original Message-----
From: ivan....@gmail.com [mailto:ivan....@gmail.com] On Behalf Of helix84
Sent: 06 September 2012 11:40
To: Benjamin Ryan
Cc: dspac...@lists.sourceforge.net
Subject: Re: [Dspace-tech] Shibboleth authentication

[helix84]

On Thu, Sep 6, 2012 at 12:59 PM, Benjamin Ryan
<benjam...@manchester.ac.uk> wrote:
> I have created the Jira issue (DS-1257).

Thank you, Ben.

> It shows as unresolved is this ok or should this be changed?

It's OK. It will be changed when someone starts working towards
including it in DSpace and when it get included into a particular
DSpace version.

I should have mentioned this earlier, but if you know GitHub, you can
clone the DSpace repository, create a branch for your feature and open
a pull request against DSpace. Thus everyone can easily see the diff,
it makes reviewing features easy for developers and you retain control
over the code in case any modifications are requested. Using GitHub is
recommended, but completely optional. If you decide to make a pull
request, send a link to it into Jira comments. Thanks again.

Regards,
~~helix84