Account profiles now defined as a TT2 data structure. We can now show the...

Account profiles now defined as a TT2 data structure. We can now show the detailed user profiles on the account manager git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@23 047e039d-479c-447e-8a29-aa6bf4a09bab

Account profiles now defined as a TT2 data structure. We can now show the...
3d3b9da0 · renater.salaun · 30b5ad5e · 3d3b9da0 · 3d3b9da0 · 3d3b9da0
Commit 3d3b9da0 authored 10 years ago by renater.salaun
--- a/bin/account-manager-web.pl
+++ b/bin/account-manager-web.pl
@@ -13,6 +13,7 @@ use CGI::Cookie;
 use CGI::Util;
 use Template;
 use Template::Constants qw( :debug );
+
 use POSIX;

 use IdPAccountManager::TestAccount;
@@ -194,6 +195,7 @@ sub respond {
 				ENCODING => 'iso-8859-1', ## le défaut apparemment
 				FILTERS => {'encode_utf8', => [\&IdPAccountManager::Tools::encode_utf8, 0],
 					    'escape_quotes' => [\&IdPAccountManager::Tools::escape_quotes, 0]},
+                                INCLUDE_PATH => $Conf::global{'root_manager_dir'}.':'.$Conf::global{'root_manager_dir'}.'/templates/accountProfiles',
                #DEBUG => 'all',
                #DEBUG => 'caller',
                #DEBUG => 'parser'

--- a/lib/IdPAccountManager/Tools.pm
+++ b/lib/IdPAccountManager/Tools.pm
 package IdPAccountManager::Tools;

 use Template;
+
+# load Template::Stash to make method tables visible
+use Template::Stash;
+
 use Digest::SHA;
 use Encode;

 my %log_levels = ('debug' => 0, 'info' => 1, 'trace' => 1, 'notice' => 2, 'error' => 3);

+INIT {
+    ## a TT2 virtual method to get a variable type
+    $Template::Stash::LIST_OPS->{isa} = sub {
+        my $list = shift;
+        my $type = shift;
+        
+        return 1 if ($type eq 'ARRAY');
+        return 0;
+    };
+    $Template::Stash::SCALAR_OPS->{isa} = sub {
+        my $list = shift;
+        my $type = shift;
+
+        return 1 if ($type eq 'SCALAR');
+        return 0;
+    };
+}

 # get SHA256 hash for a string
 sub sha256_hash {
@@ -23,7 +44,7 @@ sub generate_password{
        # 1-tirage des caractères obligatoires : les mettre dans un tableau
        my @uppers=('A'..'N','P'..'Z');
        my @lowers=('a'..'k','m'..'z');
-        my @punctuation=('%',';',':','!','?','&','$','*','(',')','{','}','[',']','<','>','.','=','-','#');
+        my @punctuation=(':','!','?','&','$','=','-','#');
        my @numerics=('0'..'9');
        my @rndtab;
        push(@rndtab,$uppers[rand @uppers]);
@@ -222,6 +243,8 @@ sub boolean2integer {
 	return undef;	
 }

+
+
 1; # Magic true value required at end of module
 __END__


--- a/templates/accountProfiles/student1.tt2
+++ b/templates/accountProfiles/student1.tt2
-'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
-	'uid' => 'user[% account.get('id') %]',
-	'eduPersonAffiliation' => array('member', 'student'),
-	'eduPersonScopedAffiliation' => array('member@[% conf.idp_scope %]', 'student@[% conf.idp_scope %]'),
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+  	'uid' => "${account_id}",
+	'eduPersonAffiliation' => ['member', 'student'],
+	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
        'displayName' => 'John Kleinman',
        'cn' => 'John Kleinman',
-        'mail' => 'john.kleinman@[% conf.idp_scope %]',
-        'eduPersonPrincipalName' =>'[% account.get('id') %]@[% conf.idp_scope %]',
-        'eduPersonTargetedID' =>'[% conf.idp_entityid %]![% account.get('sp_entityid') %]!X622UR2A7PG1uVhATobBOrMz+Ys=',
-        'schacHomeOrganization' => '[% conf.idp_scope %]',
+        'mail' => "john.kleinman@${conf.idp_scope}",
+        'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+        'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+        'schacHomeOrganization' => "${conf.idp_scope}",
        'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
-	'associatedSP' => '[% account.get('sp_entityid') %]',
-),
+} %]
+
--- a/templates/accountProfiles/teacher1.tt2
+++ b/templates/accountProfiles/teacher1.tt2
-'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
-	'uid' => 'user[% account.get('id') %]',
-	'eduPersonAffiliation' => array('member', 'faculty'),
-	'eduPersonScopedAffiliation' => array('member@[% conf.idp_scope %]', 'faculty@[% conf.idp_scope %]'),
+[% account_sp_entityid = account.get('sp_entityid') %]
+[% account_id = account.get('id') %]
+
+[% SET account_profile = {
+  	'uid' => "${account_id}",
+	'eduPersonAffiliation' => ['member', 'faculty'],
+	'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
        'displayName' => 'Peter Smith',
        'cn' => 'Peter Smith',
-        'mail' => 'peter.smith@[% conf.idp_scope %]',
-        'eduPersonPrincipalName' =>'[% account.get('id') %]@[% conf.idp_scope %]',
-        'eduPersonTargetedID' =>'[% conf.idp_entityid %]![% account.get('sp_entityid') %]!X622UR2A7PG1uVhATobBOrMz+Ys=',
-        'schacHomeOrganization' => '[% conf.idp_scope %]',
+        'mail' => "peter.smith@${conf.idp_scope}",
+        'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
+        'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
+        'schacHomeOrganization' => "${conf.idp_scope}",
        'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
-	'associatedSP' => '[% account.get('sp_entityid') %]',
-),
+} %]
+
+
--- a/templates/accountProfiles/valid-accounts.php.tt2
+++ b/templates/accountProfiles/valid-accounts.php.tt2
@@ -4,6 +4,18 @@ $validTestAccounts = array (
    'authcrypt:Hash',

 [% FOREACH account IN accounts %]
-  [% INCLUDE "${account.get('account_profile')}.tt2" %]
+  [% PROCESS "${account.get('account_profile')}.tt2" %]
+  'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
+  [% FOREACH attribute IN account_profile.pairs -%]
+   [% IF attribute.value.isa('SCALAR') -%]
+	'[% attribute.key %]' => '[% attribute.value %]',
+   [% ELSE -%]
+	'[% attribute.key %]' => array('[% attribute.value.join("','") %]'),
+   [% END %]
+  [% END %]
+        'associatedSP' => "${account_sp_entityid}",
+
+  ),
+
 [% END %]
 );
--- a/templates/web/validate_token.tt2.html
+++ b/templates/web/validate_token.tt2.html
 <h3>Get test accounts</h3>

+<script type="text/javascript">
+
+jQuery(document).ready(function($){
+    $( ".account_details" ).dialog({
+        title: "Account details",
+        autoOpen: false,
+        buttons: {
+            Ok: function() {
+                $( this ).dialog( "close" );
+            }
+        }
+    });
+    [% FOREACH account IN test_accounts %]
+    $( "#show_account_details_[% account.get('id') %]" ).click(function() {
+        $("#account_details_[% account.get('id') %]").dialog( "open" );
+    });
+    [% END %]
+});
+
+</script>
+
+
+
 <div>
 Your identity has been checked successfully.

@@ -7,11 +30,28 @@ Test accounts with different profiles have been created for you, see details bel
 expire in [% conf.accounts_validity_period %] days. Note also that these test accounts can only be used to login on your SP [% sp_entityid %].

 <ol>
-    [% FOREACH test_account IN test_accounts %]
-    <li>account profile: [% test_account.get('account_profile') %]
+    [% FOREACH account IN test_accounts %]
+    <li>account profile: [% account.get('account_profile') %]
        <dl>    
-        <dd>user name: user[% test_account.get('id') %]</dd>
-        <dd>user password: [% test_account.get('user_password') %]</dd>
+        <dd>user name: user[% account.get('id') %]</dd>
+        <dd>user password: [% account.get('user_password') %]</dd>
+        <dd><button class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></dd>
+        <div class="account_details" id="account_details_[% account.get('id') %]">
+            [% PROCESS "${account.get('account_profile')}.tt2" %]
+            Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
+            via the SAML protocol from the Test Identity Provider to your Service Provider.
+            <ul>
+            [% FOREACH attribute IN account_profile.pairs -%]
+              [% IF attribute.value.isa('SCALAR') -%]
+                <li>[% attribute.key %]: [% attribute.value %]</li>
+              [% ELSE -%]
+                <li>[% attribute.key %]: [% attribute.value.join(",") %]</li>
+              [% END %]
+            [% END %]
+            </ul>
+            
+            If you a customized test account with additionnal user attributes, you should contact <a href="mailto:[% conf.support_email %]">[% conf.support_email %]</a>.
+        </div>
        </dl>
    </li>
    [% END %]