TestAccount.pm

package IdPAccountManager::TestAccount;

use strict;
use warnings;

use base 'IdPAccountManager::DB::Object';

use POSIX qw(strftime);

__PACKAGE__->meta->setup(
    table   => 'testaccounts',

    columns => [
        id                 => { type => 'bigserial', not_null => 1 },
        user_password_hash => { type => 'varchar', length => 50, not_null => 1 },
        creation_date      => { type => 'integer' },
        expiration_date    => { type => 'integer' },
        account_profile    => { type => 'varchar', length => 100, not_null => 1 },
        sp_entityid        => { type => 'varchar', length => 250, not_null => 1 },
    ],

    primary_key_columns => [ 'id' ],
);

my %cn = (
    alumni1        => 'Åsold Wahlstrøm - eduGAIN Access Check account',
    employee1      => 'Linnéa Hsu - eduGAIN Access Check account',
    fullset1       => 'Gundabald Lightfoot - eduGAIN Access Check account',
    librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
    researcher1    => 'Stéphane Larivière - eduGAIN Access Check account',
    student1       => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
    student2       => 'Damiën Kuijper - eduGAIN Access Check account',
    teacher1       => 'Peter Müller - eduGAIN Access Check account',
);

my %givenName = (
    fullset1       => 'Gundabald',
);

my %sn = (
    fullset1       => 'Lightfoot - eduGAIN Access Check account',
);

my %mail = (
    alumni1        => 'asold.wahlstrom',
    employee1      => 'linnea.hsu',
    fullset1       => 'gundabald.lightfoot',
    generic1       => 'forearartian',
    librarywalkin1 => 'ramon.nunez',
    researcher1    => 'stephane.lariviere',
    student1       => 'ciaran.maccarthaigh',
    student2       => 'damien.kuijper',
    teacher1       => 'peter.muller',
);

my %affiliation = (
    alumni1        => [ qw/alum/ ],
    employee1      => [ qw/member staff employee/ ],
    fullset1       => [ qw/member faculty/ ],
    librarywalkin1 => [ qw/library-walk-in/ ],
    researcher1    => [ qw/member faculty/ ],
    student1       => [ qw/member student/ ],
    student2       => [ qw/member student faculty/ ],
    teacher1       => [ qw/member faculty/ ],
);

my %scopedAffiliation = (
    alumni1        => [ qw/alum/ ],
    employee1      => [ qw/member staff employee/ ],
    fullset1       => [ qw/member faculty/ ],
    librarywalkin1 => [ qw/library-walk-in/ ],
    researcher1    => [ qw/member faculty/ ],
    student1       => [ qw/member student/ ],
    student2       => [ qw/member student faculty/ ],
    teacher1       => [ qw/member faculty/ ],
    teacher2       => [ qw/member faculty/ ],
);

my %comment = (
    alumni1         => <<EOF,
Value "member" is not set for eduPersonAffiliation, contrary to current students.
EOF
    employee1      => <<EOF,
There are conflicting definitions of "staff" and "employee" from country to country that make those values particularly unreliable in any international context. However in this example we set both values.
EOF
    fullset1       => <<EOF,
This user profile respresents a researcher with all eduGAIN user attributes plus givenName and surname.
EOF
    generic1       => <<EOF,
This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName).
EOF
    librarywalkin1 => <<EOF,
This term was created to cover the case where physical presence in a library facility grants someone access to electronic resources typically licensed for faculty, staff and students. In recent years the library walk-in provision has been extended to cover other cases such as library users on the campus network, or those using on-campus workstations.  Licensed resource providers have often been willing to interpret their contracts with licensees to accept this broader definition of "library-walk-in," though specific terms may vary. For a more direct way of using eduPerson attributes to express library privilege information, see the eduPersonEntitlement value "urn:mace:dir:entitlement:common-lib-terms" as defined in the MACE-Dir Registry of eduPersonEntitlement values <a href="http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html">http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html</a>.
EOF
    researcher1    => <<EOF,
This account provides only an eduPersonTargetedID attribute.
EOF
    student1       => <<EOF,
An active student has both "member" and "student" values set for eduPersonAffiliation.
EOF
    student2       => <<EOF,
A PhD student, having three values set for eduPersonAffiliation: "member" and "student" and "faculty".
EOF
    teacher1       => <<EOF,
This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID).
EOF
    teacher2       => <<EOF,
An active teacher has both "member" and "faculty" values set for eduPersonAffiliation.
EOF
);

sub print {
    my ($self, $fd) = @_;
    $fd = \*STDOUT unless $fd;

    printf $fd
"Account ID=%s; password_hash=%s; sp_entityid=%s; account_profile=%s; creation_date=%s; expiration_date=%s\n",
      $self->id(),          $self->user_password_hash(),
      $self->sp_entityid(), $self->account_profile(),
      POSIX::strftime('%Y:%m:%d', localtime($self->creation_date())),
      POSIX::strftime('%Y:%m:%d', localtime($self->expiration_date()));
}

sub user_password {
    my ($self) = @_;

    return $self->{user_password};
}

sub save {
    my ($self, %args) = @_;

    # If no ID is defined, it is a new account
    if (! defined $self->id()) {
        $self->{user_password} =
            IdPAccountManager::Tools::generate_password();
        $self->user_password_hash(
            IdPAccountManager::Tools::sha256_hash($self->{user_password}));
        $self->creation_date(time);
        $self->expiration_date(
            time + ($args{accounts_validity_period} * 3600 * 24));
    }

    $self->SUPER::save();
}

sub scope {
    my ($self, $scope) = @_;

    if ($scope) {
        $self->{scope} = $scope;
    } else {
        return $self->{scope};
    }
}

sub internal_uid {
    my ($self) = @_;
    return 'user' . $self->id();
}

sub cn {
    my ($self) = @_;
    return $cn{$self->account_profile()};
}

sub displayName {
    my ($self) = @_;
    return $cn{$self->account_profile()};
}

sub givenName {
    my ($self) = @_;
    return $givenName{$self->account_profile()};
}

sub mail {
    my ($self) = @_;
    my $prefix = $mail{$self->account_profile()};
    return $prefix ?
        $prefix . '@' . $self->{scope} : undef;
}

sub eduPersonAffiliation {
    my ($self) = @_;
    return $affiliation{$self->account_profile()};
}

sub eduPersonScopedAffiliation {
    my ($self) = @_;
    my $affiliations = $scopedAffiliation{$self->account_profile()};
    return $affiliations ?
        [ map { $_ . '@' . $self->{scope} } @$affiliations ] : undef;
}

sub eduPersonPrincipalName {
    my ($self) = @_;
    return $self->id() . '@'. $self->{scope};
}

sub schacHomeOrganization {
    my ($self) = @_;
    return $self->{scope};
}

sub schacHomeOrganizationType {
    my ($self) = @_;
    return "urn:schac:homeOrganizationType:int:other";
}

sub comment {
    my ($self) = @_;
    return $comment{$self->account_profile()};
}

1;