WIP

c244f81f · Marko Ivancic · aeaa8603 · c244f81f · c244f81f
Commit c244f81f authored 2 years ago by Marko Ivancic
--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@
 # simplesamlphp-module-accounting
-SimpleSAMLphp module providing user accounting functionality using SimpleSAMLphp authentication processing 
+SimpleSAMLphp module providing user "Profile Page" and accounting functionality using SimpleSAMLphp authentication
-filters feature.
+processing filters feature.
 ## Features
 - Enables tracking of authentication events, synchronously (during authentication event) or
@@ -17,10 +17,9 @@ backend storages can be added by following proper interfaces.
 - Comes with setup procedure which sets up backend storage. In case of Doctrine DBAL this means running SQL migrations
 which create proper tables in configured database.
 - Each backend storage connection can have master and slave configuration (master for writing, slave for reading)
- Has "trackers" which persist authentication data to backend storage. Currently, there is one default Doctrine DBAL
+- Has tracking functionality available which persist authentication data to backend storage. Currently, module can
-compatible tracker which stores authentication events, versioned Idp and SP metadata, and versioned user attributes.
+track connected services and authentication events. Other trackers can be added by following proper interfaces.
-Other trackers can be added by following proper interfaces.
+- Tracking can run in two ways:
- Trackers can run in two ways:
  - synchronously - authentication data persisted during authentication event typically with multiple
  queries / inserts / updates to backend storage.
  - asynchronously - only authentication event job is persisted during authentication event
@@ -58,23 +57,33 @@ to the SimpleSAMLphp config directory:
 cp modules/accounting/config-templates/module_accounting.php config/
 ```
-Next step is configuring available options in file config/module_accounting.php. Each option has an explanation,
+Next step is to configure available options in file config/module_accounting.php. Each option has an explanation,
 however, the description of the overall concept follows.
-For accounting processing, the default data tracker and data provider class must be set. This tracker will be used
+Module can be configured to only show current user data, with no accounting taking place. However, module can be
-to persist tracking data and also to show data in the SimpleSAMLphp user interface. Here is an example excerpt
+configured to track the following data:
-of setting the Doctrine DBAL compatible tracker class which will store authentication events, versioned Idp
+* Connected organizations - by setting the class ModuleConfiguration::OPTION_PROVIDER_FOR_CONNECTED_SERVICES option. 
-and SP metadata, and versioned user attributes in a relational database:
+* Activity - by setting the class for ModuleConfiguration::OPTION_PROVIDER_FOR_ACTIVITY option.
+Module comes with some Doctrine DBAL capable classes which can be used for those purposes. Here is an example config
+excerpt which will enable storing current (latest) data for connected services and versioned data 
+for authentication events, including versioned Idp and SP metadata, and versioned user attributes:
 ```php
-use SimpleSAML\Module\accounting\ModuleConfiguration;use SimpleSAML\Module\accounting\Trackers;
+use SimpleSAML\Module\accounting\ModuleConfiguration;
+use SimpleSAML\Module\accounting\Data\Trackers;
+use SimpleSAML\Module\accounting\Data\Providers;
 // ...
-ModuleConfiguration::OPTION_DEFAULT_DATA_TRACKER_AND_PROVIDER =>
+ModuleConfiguration::OPTION_PROVIDER_FOR_CONNECTED_SERVICES =>
-    \SimpleSAML\Module\accounting\Data\Trackers\Authentication\DoctrineDbal\Versioned\DataTracker::class,
+    Providers\ConnectedServices\DoctrineDbal\CurrentDataProvider::class,
+ModuleConfiguration::OPTION_PROVIDER_FOR_ACTIVITY =>
+        Providers\Activity\DoctrineDbal\VersionedDataProvider::class,
 // ...
 ```
+### Processing type
 The deployer can choose if the accounting processing will be performed during authentication event (synchronously),
 or in a separate process (asynchronously), for example:
@@ -140,8 +149,14 @@ Only one job runner instance can run at given point in time. By maintaining inte
 if there is another job runner active. If yes, the latter will simply exit and let the active job runner do its work.
 This way one is free to invoke the cron tag at any time, since only one job runner will ever be active.
-## TODO
+## OpendID Connect integration
- [ ] Translation
+This module can also be used as an authentication processing filter for OIDC module 
+https://github.com/simplesamlphp/simplesamlphp-module-oidc, meaning it can also track OIDC authentication events, 
+Also, if connected services option is enabled, a user will be able to revoke any active access / refresh tokens 
+for particular service in the user interface.
+Accounting authentication processing filter can be added in the OIDC module configuration, as per OIDC module
+documentation.
 ## Tests
 To run phpcs, psalm and phpunit:

--- a/config-templates/module_accounting.php
+++ b/config-templates/module_accounting.php
@@ -72,9 +72,13 @@ $config = [
    ModuleConfiguration::OPTION_PROVIDER_FOR_CONNECTED_SERVICES =>
        /**
         * Default connected services provider which expects Doctrine DBAL compatible connection to be set below.
+         * CurrentDataProvider only gathers current (latest information) about the service and user (there is no
+         * versioning, so it's faster). VersionedDataProvider keeps track of any changes in data about the service
+         * and user.
+         *
         */
-        //Providers\ConnectedServices\DoctrineDbal\VersionedDataProvider\VersionedDataProvider::class,
        Providers\ConnectedServices\DoctrineDbal\CurrentDataProvider::class,
+        //Providers\ConnectedServices\DoctrineDbal\VersionedDataProvider::class,
    /**
     * Activity provider is a class which will be used to provide list of authentication events which includes info
@@ -87,6 +91,7 @@ $config = [
    ModuleConfiguration::OPTION_PROVIDER_FOR_ACTIVITY =>
        /**
         * Default activity provider which expects Doctrine DBAL compatible connection to be set below.
+         * Currently only VersionedDataProvider is available, which tracks all changes in services and users.
         */
        Providers\Activity\DoctrineDbal\VersionedDataProvider::class,