Initial implementation of Identifier Collector Enroller (CFM-111)

COmanage · Dec 15, 2024 · 117fca4 · 117fca4
1 parent 21c4ecc
commit 117fca4
Show file tree

Hide file tree

Showing 11 changed files with 617 additions and 5 deletions.
diff --git a/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po b/app/plugins/CoreEnroller/resources/locales/en_US/core_enroller.po
@@ -140,6 +140,9 @@ msgstr "Telephone Number Type"
 msgid "field.EnrollmentAttributes.url_type_id"
 msgstr "URL Type"
 
+msgid "field.IdentifierCollectors.type_id.desc"
+msgstr "The collected Identifiers will be assigned this Type"
+
 msgid "field.InvitationAccepters.invitation_validity"
 msgstr "Invitation Validity"
 
@@ -161,6 +164,9 @@ msgstr "Petition Attributes recorded"
 msgid "result.basicattr.finalized"
 msgstr "Name, Email Address, and Person Role created during finalization"
 
+msgid "result.IdentifierCollector.collected"
+msgstr "Obtained login Identifier {0}"
+
 msgid "result.InvitationAccepters.accepted"
 msgstr "Invitation Accepted at {0}"
 

diff --git a/app/plugins/CoreEnroller/src/Controller/IdentifierCollectorsController.php b/app/plugins/CoreEnroller/src/Controller/IdentifierCollectorsController.php
@@ -0,0 +1,124 @@
+<?php
+/**
+ * COmanage Registry Identifier Collectors Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace CoreEnroller\Controller;
+
+use Cake\ORM\TableRegistry;
+use App\Controller\StandardEnrollerController;
+
+class IdentifierCollectorsController extends StandardEnrollerController {
+  public $paginate = [
+    'order' => [
+      'IdentifierCollectors.id' => 'asc'
+    ]
+  ];
+
+  /**
+   * Dispatch an Enrollment Flow Step.
+   * 
+   * @since  COmanage Registry v5.1.0
+   * @param  string  $id    Invitation Accepter ID
+   */
+
+  public function dispatch(string $id) {
+    $petition = $this->getPetition();
+
+    $cfg = $this->IdentifierCollectors->get($id);
+
+    // Because we're not in the "protected" web server application space, we need to read
+    // the username from the session (as set via TrafficController) rather than via getenv().
+    // This also precludes us from using a variable other than $REMOTE_USER.
+
+    $request = $this->getRequest();
+    $session = $request->getSession();
+    $username = $session->read('Auth.external.user');
+
+    $PetitionIdentifiers = TableRegistry::getTableLocator()->get('CoreEnroller.PetitionIdentifiers');
+
+    try {
+      $PetitionIdentifiers->record($petition->id, $cfg->enrollment_flow_step_id, $username);
+
+      return $this->finishStep(
+        enrollmentFlowStepId: $cfg->enrollment_flow_step_id,
+        petitionId:           $petition->id,
+        comment:               __d('core_enroller', 'result.IdentifierCollector.collected', [$username])
+      );
+    }
+    catch(\Exception $e) {
+      $this->Flash->error($e->getMessage());
+    }
+  }
+
+  /**
+   * Display information about this Step.
+   * 
+   * @since  COmanage Registry v5.1.0
+   * @param  string  $id    Invitation Accepters ID
+   */
+
+  public function display(string $id) {
+    $petition = $this->getPetition();
+
+    $PetitionIdentifiers = TableRegistry::getTableLocator()->get('CoreEnroller.PetitionIdentifiers');
+
+    $this->set('vv_pi', $PetitionIdentifiers->find()->where(['petition_id' => $petition->id])->first());
+  }
+
+  /**
+   * Indicate whether this Controller will handle some or all authnz.
+   * 
+   * @since  COmanage Registry v5.1.0
+   * @param  EventInterface   $event  Cake event, ie: from beforeFilter
+   * @return string                   "no", "open", "authz", or "yes"
+   */
+
+  public function willHandleAuth(\Cake\Event\EventInterface $event): string {
+    $request = $this->getRequest();
+    $action = $request->getParam('action');
+
+    if($action == 'dispatch') {
+      // We need to perform special logic (vs StandardEnrollerController)
+      // to ensure that web server authentication is triggered.
+
+      // To start, we trigger the parent logic. This will return
+      //  notauth: Some error occurred, we don't want to override this
+      //  authz: No token in use
+      //  yes: Token validated
+
+      $auth = parent::willHandleAuth($event);
+
+      // The only status we need to override is 'yes', since we always want authentication
+      // to run in order to be able to grab $REMOTE_USER.
+
+      return ($auth == 'yes' ? 'authz' : $auth);
+    }
+
+    return parent::willHandleAuth($event);
+  }
+}
diff --git a/app/plugins/CoreEnroller/src/Model/Entity/IdentifierCollector.php b/app/plugins/CoreEnroller/src/Model/Entity/IdentifierCollector.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * COmanage Registry Identifier Collector Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace CoreEnroller\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class IdentifierCollector extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}
diff --git a/app/plugins/CoreEnroller/src/Model/Entity/PetitionIdentifier.php b/app/plugins/CoreEnroller/src/Model/Entity/PetitionIdentifier.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * COmanage Registry Petition Identifier Entity
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.1.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace CoreEnroller\Model\Entity;
+
+use Cake\ORM\Entity;
+
+class PetitionIdentifier extends Entity {
+  /**
+   * Fields that can be mass assigned using newEntity() or patchEntity().
+   *
+   * Note that when '*' is set to true, this allows all unspecified fields to
+   * be mass assigned. For security purposes, it is advised to set '*' to false
+   * (or remove it), and explicitly make individual fields accessible as needed.
+   *
+   * @var array<string, bool>
+   */
+  protected $_accessible = [
+    '*' => true,
+    'id' => false,
+    'slug' => false,
+  ];
+}