Skip to content

Commit

Permalink
Initial commit of Email Verifier Enroller Plugin (CFM-333)
Browse files Browse the repository at this point in the history
  • Loading branch information
Benn Oshrin committed Nov 28, 2024
1 parent 11cd46c commit 045abe1
Show file tree
Hide file tree
Showing 37 changed files with 2,049 additions and 104 deletions.
21 changes: 19 additions & 2 deletions app/config/schema/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
"id": { "type": "integer", "autoincrement": true, "primarykey": true },
"identifier_assignment_id": { "type": "integer", "foreignkey": { "table": "identifier_assignments", "column": "id" }, "notnull": true },
"language": { "type": "string", "size": 16 },
"mail": { "type": "string", "size": 256 },
"message_template_id": { "type": "integer", "foreignkey": { "table": "message_templates", "column": "id" } },
"name": { "type": "string", "size": 128, "notnull": true },
"ordr": { "type": "integer" },
Expand Down Expand Up @@ -402,11 +403,11 @@
"mvea": [ "person", "person_role", "external_identity", "external_identity_role" ],
"sourced": true
},

"email_addresses": {
"columns": {
"id": {},
"mail": { "type": "string", "size": 256 },
"mail": {},
"description": {},
"type_id": {},
"verified": { "type": "boolean" }
Expand Down Expand Up @@ -703,6 +704,22 @@
}
},

"verifications": {
"columns": {
"id": {},
"code": { "type": "string", "size": 32 },
"verification_time": { "type": "datetime" },
"request_expiration_time": { "type": "datetime" },
"method": { "type": "string", "size": 2 },
"email_address_id": { "type": "integer", "foreignkey": { "table": "email_addresses", "column": "id" } },
"petition_id": {}
},
"indexes": {
"verifications_i1": { "columns": [ "email_address_id" ] },
"verifications_i2": { "columns": [ "petition_id" ] }
}
},

"jobs": {
"columns": {
"id": {},
Expand Down
65 changes: 62 additions & 3 deletions app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,23 @@ msgstr "{0,plural,=1{Basic Attribute Collector} other{Basic Attribute Collectors
msgid "controller.EnrollmentAttributes"
msgstr "{0,plural,=1{Enrollment Attribute} other{Enrollment Attributes}}"

# These are pseudo-enumerations, only used for fields.inc
msgid "enumeration.DefaultValueValidityType.after"
msgstr "Days After Finalization"
msgid "enumeration.VerificationModeEnum.0"
msgstr "None"

msgid "enumeration.VerificationModeEnum.1"
msgstr "One"

msgid "enumeration.VerificationModeEnum.A"
msgstr "All"

msgid "error.EmailVerifiers.candidate"
msgstr "Requested address is not a valid candidate"

msgid "error.EmailVerifiers.minimum"
msgstr "The required number of verified Email Addresses has not been met"

msgid "error.EmailVerifiers.verified"
msgstr "Requested address is already verified"

msgid "error.PetitionAcceptances.exists"
msgstr "An Invitation for this Petition already exists"
Expand All @@ -44,6 +58,27 @@ msgstr "This Invitation has expired"
msgid "error.PetitionAcceptances.processed"
msgstr "This Invitation has already been processed"

msgid "information.EmailVerifiers.done"
msgstr "All email addresses in this Petition have been verified. You may continue on to the next Enrollment Step."

msgid "information.EmailVerifiers.0"
msgstr "The following email addresses have been found in this Petition. You may continue on to the next Enrollment Step, or you may verify these addresses now."

msgid "information.EmailVerifiers.1.met"
msgstr "The following email addresses have been found in this Petition. At least one address has been verified, so you may continue on to the next Enrollment Step, or you may verify any remaining addresses now."

msgid "information.EmailVerifiers.1.none"
msgstr "The following email addresses have been found in this Petition. You must verify at least one in order to proceed to the next Enrollment Step."

msgid "information.EmailVerifiers.A"
msgstr "The following email addresses have been found in this Petition. You must verify all of them in order to proceed to the next Enrollment Step."

msgid "information.EmailVerifiers.code_sent"
msgstr "A code has been sent to {0}. Please enter it below. You may also request a new code if you haven't received it after a few minutes, or cancel verification and return to the list of available Email Addresses."

msgid "field.AttributeCollectors.valid_through.default.after.desc"
msgstr "Days After Finalization"

msgid "field.BasicAttributeCollectors.affiliation_type_id"
msgstr "Affiliation Type"

Expand All @@ -65,6 +100,24 @@ msgstr "Name Type"
msgid "field.BasicAttributeCollectors.name_type_id.desc"
msgstr "Type assigned to the Name collected by this Step"

msgid "field.EmailVerifiers.mode"
msgstr "Email Verification Mode"

msgid "field.EmailVerifiers.mode.desc"
msgstr "The minimum number of addresses that must be verified in order to complete this step"

msgid "field.EmailVerifiers.mode"
msgstr "Email Verification Mode"

msgid "field.EmailVerifiers.mode.desc"
msgstr "The minimum number of addresses that must be verified in order to complete this step"

msgid "field.EmailVerifiers.request_validity"
msgstr "Request Validity"

msgid "field.EmailVerifiers.request_validity.desc"
msgstr "Duration, in minutes, of the verification request before it expires"

msgid "field.EnrollmentAttributes.address_required_fields"
msgstr "Required Address Fields"

Expand Down Expand Up @@ -164,6 +217,12 @@ msgstr "Petition Attributes recorded"
msgid "result.basicattr.finalized"
msgstr "Name, Email Address, and Person Role created during finalization"

msgid "result.EmailVerifiers.verified"
msgstr "Verified {0} of {1} available {2}"

msgid "result.EmailVerifiers.verified.history"
msgstr "Verified email address {0} via {1}"

msgid "result.IdentifierCollector.collected"
msgstr "Obtained login Identifier {0}"

Expand Down
214 changes: 214 additions & 0 deletions app/plugins/CoreEnroller/src/Controller/EmailVerifiersController.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
<?php
/**
* COmanage Registry Email Verifiers Controller
*
* Portions licensed to the University Corporation for Advanced Internet
* Development, Inc. ("UCAID") under one or more contributor license agreements.
* See the NOTICE file distributed with this work for additional information
* regarding copyright ownership.
*
* UCAID licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @link https://www.internet2.edu/comanage COmanage Project
* @package registry-plugins
* @since COmanage Registry v5.1.0
* @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
*/

declare(strict_types=1);

namespace CoreEnroller\Controller;

use Cake\ORM\TableRegistry;
use App\Controller\StandardEnrollerController;
use App\Lib\Enum\PetitionStatusEnum;
use App\Lib\Util\StringUtilities;
use CoreEnroller\Lib\Enum\VerificationModeEnum;

class EmailVerifiersController extends StandardEnrollerController {
public $paginate = [
'order' => [
'EmailVerifiers.id' => 'asc'
]
];

/**
* Dispatch an Enrollment Flow Step.
*
* @since COmanage Registry v5.1.0
* @param string $id Email Verifier ID
*/

public function dispatch(string $id) {
$op = $this->requestParam('op');

if(!$op) {
$op = 'index';
}

$this->set('vv_op', $op);

$petition = $this->getPetition();

$cfg = $this->EmailVerifiers->get($id);

$candidateAddresses = $this->EmailVerifiers->assembleVerifiableAddresses($cfg, $petition);

$this->set('vv_config', $cfg);
$this->set('vv_email_addresses', $candidateAddresses);

// To make things easier for the view, we'll create a separate view var with the
// addresses that have actually been verified.

$verifiedAddresses = [];

foreach($candidateAddresses as $a => $v) {
if(!empty($v->verification->verification_time)) {
$verifiedAddresses[$a] = true;
}
}

$this->set('vv_verified_addresses', $verifiedAddresses);

// And perform some calculations
$doneCount = count($verifiedAddresses);
$totalCount = count($candidateAddresses);
$allDone = $doneCount == $totalCount;
$minimumMet = $cfg->mode == VerificationModeEnum::None
|| ($cfg->mode == VerificationModeEnum::One
&& $doneCount > 0)
|| ($cfg->mode == VerificationModeEnum::All
&& $allDone);

$this->set('vv_all_done', $allDone);
$this->set('vv_minimum_met', $minimumMet);

if($op == 'verify') {
// Before we get into the actual logic, check that the requested email address
// is in the set of candidate addresses.

$mail = StringUtilities::urlbase64decode($this->requestParam('m'));

if(!array_key_exists($mail, $candidateAddresses)) {
$this->llog('error', "Requested address $mail is not a valid candidate");

$this->Flash->error(__d('core_enroller', 'error.EmailVerifiers.candidate'));
} elseif(isset($verifiedAddresses[$mail])) {
$this->llog('debug', "Requested address $mail is already verified");

$this->Flash->error(__d('core_enroller', 'error.EmailVerifiers.verified'));
} else {
if($this->request->is('post')) {
$PetitionVerifications = TableRegistry::getTableLocator()->get('CoreEnroller.PetitionVerifications');

// We're back with the code. Note many parameters (but not code) will be in
// both the URL and the post body because of how dispatch.php sets up
// FormHelper.

$code = $this->requestParam('code');

try {
$PetitionVerifications->verifyCode($petition->id, $mail, $code);

$this->llog('debug', "Successfully verified $mail");

// On success we need to regenerate the verified address array.
// We redirect back to ourself rather than rebuild all the logic we need.

$url = [
'plugin' => 'CoreEnroller',
'controller' => 'email_verifiers',
'action' => 'dispatch',
$cfg->id,
'?' => [
'op' => 'index',
'petition_id' => $petition->id
]
];

$token = $this->injectToken($petition->id);

if($token) {
$url['?']['token'] = $token;
}

return $this->redirect($url);
}
catch(\Exception $e) {
$this->llog('error', $e->getMessage());
$this->Flash->error($e->getMessage());
}
} else {
// Generate a Verification request, then render a form to collect it.
// If there is already a pending request, overwrite it (generate a new code).

$this->EmailVerifiers->sendVerificationRequest($cfg, $petition, $mail);
}

// Tell dispatch.inc to render a verification form
$this->set('vv_verify_address', $mail);
}
} elseif($op == 'finish') {
if($minimumMet) {
// We're done, set the Petition status to "Verified"

$this->llog('debug', "Finished verifying email addresses");

$Petitions = TableRegistry::getTableLocator()->get('Petitions');

$petition->status = PetitionStatusEnum::Verified;

$Petitions->saveOrFail($petition);

// Redirect to the next step

return $this->finishStep(
enrollmentFlowStepId: $cfg->enrollment_flow_step_id,
petitionId: $petition->id,
comment: __d('core_enroller',
'result.EmailVerifiers.verified',
[$doneCount, $totalCount, __d('controller', 'EmailAddresses', $doneCount)])
);
} else {
$this->llog('error', "Finish attempted but minimum number of addresses not met");
$this->Flash->error(__d('core_enroller', 'error.EmailVerifiers.minimum'));

// Reset the op so the view renders correctly
$this->set('vv_op', 'index');
}
}

$this->render('/Standard/dispatch');
}

/**
* Display information about this Step.
*
* @since COmanage Registry v5.1.0
* @param string $id Email Verifiers ID
*/

public function display(string $id) {
$petition = $this->getPetition();

$PetitionVerifications = TableRegistry::getTableLocator()->get('CoreEnroller.PetitionVerifications');

// Because Petition Verifications are not tracked on a per-step basis, we just pull all
// associated with the Petition

$this->set('vv_pv', $PetitionVerifications->find()
->where(['PetitionVerifications.petition_id' => $petition->id])
->contain(['Verifications'])
->all());
}
}
38 changes: 38 additions & 0 deletions app/plugins/CoreEnroller/src/Lib/Enum/VerificationModeEnum.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
<?php
/**
* COmanage Registry Verification Mode Enum
*
* Portions licensed to the University Corporation for Advanced Internet
* Development, Inc. ("UCAID") under one or more contributor license agreements.
* See the NOTICE file distributed with this work for additional information
* regarding copyright ownership.
*
* UCAID licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @link https://www.internet2.edu/comanage COmanage Project
* @package registry-plugins
* @since COmanage Registry v5.1.0
* @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
*/

declare(strict_types = 1);

namespace CoreEnroller\Lib\Enum;

use App\Lib\Enum\StandardEnum;

class VerificationModeEnum extends StandardEnum {
const All = 'A';
const None = '0';
const One = '1';
}
Loading

0 comments on commit 045abe1

Please sign in to comment.