return to template-based profiles definitions

This make adding new profiles easier. In addition, CSV output is now generated through a template, making Text::CSV usage obsolete.

return to template-based profiles definitions
bf7b134e · Guillaume ROUSSE · 067ca53a · bf7b134e · bf7b134e · bf7b134e
Commit bf7b134e authored 4 years ago by Guillaume ROUSSE
--- a/README.md
+++ b/README.md
@@ -27,7 +27,6 @@ It requires the following CPAN distributions:
 * Net-IP
 * Rose-DB-Object
 * Template-Toolkit
-* Text-CSV
 * UNIVERSAL-require
 * XML-LibXML


--- a/lib/AccountManager/Account.pm
+++ b/lib/AccountManager/Account.pm
@@ -29,86 +29,6 @@ __PACKAGE__->meta->setup(

 Rose::DB::Object::Manager->make_manager_methods('accounts');

-my %cn = (
-    alumni1        => 'Åsold Wahlstrøm - eduGAIN Access Check account',
-    employee1      => 'Linnéa Hsu - eduGAIN Access Check account',
-    fullset1       => 'Gundabald Lightfoot - eduGAIN Access Check account',
-    librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
-    researcher1    => 'Stéphane Larivière - eduGAIN Access Check account',
-    student1       => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
-    student2       => 'Damiën Kuijper - eduGAIN Access Check account',
-    teacher1       => 'Peter Müller - eduGAIN Access Check account',
-);
-
-my %givenName = (
-    fullset1       => 'Gundabald',
-);
-
-my %sn = (
-    fullset1       => 'Lightfoot - eduGAIN Access Check account',
-);
-
-my %displayName = (
-    alumni1        => 'Åsold Wahlstrøm - eduGAIN Access Check account',
-    employee1      => 'Linnéa Hsu - eduGAIN Access Check account',
-    fullset1       => 'Gundabald Lightfoot - eduGAIN Access Check account',
-    librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
-    researcher1    => 'Stéphane Larivière - eduGAIN Access Check account',
-    student1       => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
-    student2       => 'Damiën Kuijper - eduGAIN Access Check account',
-    teacher1       => 'Peter Müller - eduGAIN Access Check account',
-    generic1       => '山崎 弘子樫野 陽子 - eduGAIN Access Check account',
-);
-
-my %mail = (
-    alumni1        => 'asold.wahlstrom',
-    employee1      => 'linnea.hsu',
-    fullset1       => 'gundabald.lightfoot',
-    generic1       => 'forearartian',
-    librarywalkin1 => 'ramon.nunez',
-    researcher1    => 'stephane.lariviere',
-    student1       => 'ciaran.maccarthaigh',
-    student2       => 'damien.kuijper',
-    teacher1       => 'peter.muller',
-);
-
-my %affiliation = (
-    alumni1        => [ qw/alum/ ],
-    employee1      => [ qw/member staff employee/ ],
-    fullset1       => [ qw/member faculty/ ],
-    librarywalkin1 => [ qw/library-walk-in/ ],
-    researcher1    => [ qw/member faculty/ ],
-    student1       => [ qw/member student/ ],
-    student2       => [ qw/member student faculty/ ],
-    teacher1       => [ qw/member faculty/ ],
-);
-
-my %scopedAffiliation = (
-    alumni1        => [ qw/alum/ ],
-    employee1      => [ qw/member staff employee/ ],
-    fullset1       => [ qw/member faculty/ ],
-    librarywalkin1 => [ qw/library-walk-in/ ],
-    researcher1    => [ qw/member faculty/ ],
-    student1       => [ qw/member student/ ],
-    student2       => [ qw/member student faculty/ ],
-    teacher1       => [ qw/member faculty/ ],
-    teacher2       => [ qw/member faculty/ ],
-);
-
-my %comment = (
-    alumni1        => "An ex-student with 'alum' value for eduPersonAffiliation.",
-    employee1      => "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation.",
-    fullset1       => "A person with all eduGAIN user attributes plus givenName and surname.",
-    limitedset1    => "A person with only an eduPersonTargetedID attribute.",
-    generic1       => "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName).",
-    librarywalkin1 => "A library user on the campus network.",
-    student1       => "A student with 'member' and 'student' values for eduPersonAffiliation.",
-    student2       => "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation.",
-    teacher1       => "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID).",
-    teacher2       => "A teacher with 'member' and 'faculty' values for eduPersonAffiliation.",
-    researcher1    => "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation.",
-);
-
 sub print {
    my ($self, $fd) = @_;
    $fd = \*STDOUT unless $fd;
@@ -129,67 +49,6 @@ sub internal_uid {
    return 'user' . $self->id();
 }

-sub cn {
-    my ($self) = @_;
-    return $cn{$self->profile()};
-}
-
-sub sn {
-    my ($self) = @_;
-    return $sn{$self->profile()};
-}
-
-sub displayName {
-    my ($self) = @_;
-    return $displayName{$self->profile()};
-}
-
-sub givenName {
-    my ($self) = @_;
-    return $givenName{$self->profile()};
-}
-
-sub mail {
-    my ($self) = @_;
-    my $prefix = $mail{$self->profile()};
-    return $prefix ?
-        $prefix . '@' . $self->{scope} : undef;
-}
-
-sub eduPersonAffiliation {
-    my ($self) = @_;
-    my $affiliations = $affiliation{$self->profile()} || [];
-
-    return @$affiliations;
-}
-
-sub eduPersonScopedAffiliation {
-    my ($self) = @_;
-    my $affiliations = $scopedAffiliation{$self->profile()} || [];
-
-    return map { $_ . '@' . $self->{scope} } @$affiliations;
-}
-
-sub eduPersonPrincipalName {
-    my ($self) = @_;
-    return $self->id() . '@'. $self->{scope};
-}
-
-sub schacHomeOrganization {
-    my ($self) = @_;
-    return $self->{scope};
-}
-
-sub schacHomeOrganizationType {
-    my ($self) = @_;
-    return "urn:schac:homeOrganizationType:int:other";
-}
-
-sub comment {
-    my ($self) = @_;
-    return $comment{$self->profile()};
-}
-
 sub associatedSP {
    my ($self) = @_;
    return $self->{entityid};

--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -19,6 +19,7 @@ use AccountManager::Entity;
 use AccountManager::Token;
 use AccountManager::Tools;
 use AccountManager::L10N;
+use AccountManager::Template::Plugin::Quote;

 # Format de type URL HTTP ou URN
 my %patterns = (
@@ -179,23 +180,17 @@ sub respond {
    };
    $in{data}->{lh} = $self->{lh};

-    my $theme_templates_dir = sprintf(
-        "%s/web/%s",
-        $self->{configuration}->{setup}->{templates_dir},
-        $self->{configuration}->{setup}->{templates_theme} || 'default'
-    );
-    my $default_templates_dir = sprintf(
-        "%s/web",
-        $self->{configuration}->{setup}->{templates_dir},
-    );
-    my $templates_dir = -d $theme_templates_dir ?
-        $theme_templates_dir  :
-        $default_templates_dir;
+    my $templates_dir   = $self->{configuration}->{setup}->{templates_dir};
+    my $templates_theme = $self->{configuration}->{setup}->{templates_theme} || 'default';

    my $tt2 = Template->new({
        ENCODING     => 'utf8',
        PRE_CHOMP    => CHOMP_ONE,
-        INCLUDE_PATH => $templates_dir
+        INCLUDE_PATH => [
+            sprintf("%s/web/%s", $templates_dir, $templates_theme),
+            sprintf("%s/web", $templates_dir),
+            sprintf("%s/accounts", $templates_dir)
+        ]
    });

    $self->{logger}->debug("Responding with template '$in{template}'");
@@ -643,6 +638,13 @@ sub req_download_accounts {
        ],
    );

+    foreach my $account (@$accounts) {
+        my $password = AccountManager::Tools::decrypt(
+            $account->password_crypt(), $key
+        );
+        $account->password($password);
+    }
+
    binmode(STDOUT, ":encoding(UTF-8)");

    print $self->{cgi}->header(
@@ -650,43 +652,20 @@ sub req_download_accounts {
        -content_disposition => 'attachment; filename="accounts.csv"'
    );

-    Text::CSV->require();
-    my $csv = Text::CSV->new({ binary => 1, eol => "\r\n", quote_space => 0 });
-    $csv->print(\*STDOUT, [ qw/
-        username
-        password
-        profile
-        cn
-        sn
-        displayName
-        givenName
-        mail
-        eduPersonAffiliation
-        eduPersonScopedAffiliation
-        eduPersonPrincipalName
-        schacHomeOrganization
-        schacHomeOrganizationType
-    / ]);
+    my $templates_dir = $self->{configuration}->{setup}->{templates_dir};

-    foreach my $account (@$accounts) {
-        my $password = AccountManager::Tools::decrypt(
-            $account->password_crypt(), $key
-        );
-        $account->password($password);
-        $csv->print(\*STDOUT, [
-            $account->internal_uid(),
-            $account->password(),
-            $account->profile(),
-            $account->cn(),
-            $account->displayName(),
-            $account->givenName(),
-            $account->mail(),
-            join(', ', $account->eduPersonAffiliation()),
-            join(', ', $account->eduPersonScopedAffiliation()),
-            $account->eduPersonPrincipalName(),
-            $account->schacHomeOrganization(),
-            $account->schacHomeOrganizationType(),
-        ]);
+    my $tt2 = Template->new({
+        ENCODING     => 'utf8',
+        PRE_CHOMP    => CHOMP_ONE,
+        INCLUDE_PATH => [
+            sprintf("%s/other", $templates_dir),
+            sprintf("%s/accounts", $templates_dir),
+        ],
+    });
+
+    unless ($tt2->process("accounts.csv.tt2", { accounts => $accounts }, \*STDOUT)) {
+        printf "Content-type: text/plain\n\n Error: %s", $tt2->error();
+        $self->{logger}->errorf("Web parser error : %s", $tt2->error());
    }
 }


--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -17,38 +17,38 @@ __DATA__
 msgid "_AUTO"
 msgstr "1"

-msgid "An ex-student with 'alum' value for eduPersonAffiliation."
-msgstr "Un ancient étudiant avec la valeur 'alum' pour eduPersonAffiliation."
+msgid "An ex-student with 'alum' value for eduPersonAffiliation"
+msgstr "Un ancient étudiant avec la valeur 'alum' pour eduPersonAffiliation"

-msgid "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation."
-msgstr "Une personne avec les valeurs 'member', 'staff' et 'employee' pour eduPersonAffiliation."
+msgid "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation"
+msgstr "Une personne avec les valeurs 'member', 'staff' et 'employee' pour eduPersonAffiliation"

-msgid "A person with all eduGAIN user attributes plus givenName and surname."
-msgstr "Une personne avec tous les attributs eduGAIN plus givenName et surname."
+msgid "A person with all eduGAIN user attributes plus givenName and surname"
+msgstr "Une personne avec tous les attributs eduGAIN plus givenName et surname"

-msgid "A person with only an eduPersonTargetedID attribute."
-msgstr "Une personne avec uniquement un attribut eduPersonTargetedID."
+msgid "A person with only an eduPersonTargetedID attribute"
+msgstr "Une personne avec uniquement un attribut eduPersonTargetedID"

-msgid "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)."
-msgstr "Une personne avec un ensembe d'attributs limités (eduPersonPrincipalName, mail et displayName)."
+msgid "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)"
+msgstr "Une personne avec un ensembe d'attributs limités (eduPersonPrincipalName, mail et displayName)"

-msgid "A library user on the campus network."
-msgstr "Un utilisateur de la bibliothèque sur le réseau du campus."
+msgid "A library user on the campus network"
+msgstr "Un utilisateur de la bibliothèque sur le réseau du campus"

-msgid "A student with 'member' and 'student' values for eduPersonAffiliation."
-msgstr "Un étudiant avec les valeurs 'member' et 'student' pour eduPersonAffiliation."
+msgid "A student with 'member' and 'student' values for eduPersonAffiliation"
+msgstr "Un étudiant avec les valeurs 'member' et 'student' pour eduPersonAffiliation"

-msgid "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation."
-msgstr "Un étudiant en thèse avec les valeurs 'member', 'student' et 'faculty' pour eduPersonAffiliation."
+msgid "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation"
+msgstr "Un étudiant en thèse avec les valeurs 'member', 'student' et 'faculty' pour eduPersonAffiliation"

-msgid "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)."
-msgstr "Un enseignant avec un ensemble d'attributs limités (eduPersonScopedAffiliation and eduPersonTargetedID)."
+msgid "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)"
+msgstr "Un enseignant avec un ensemble d'attributs limités (eduPersonScopedAffiliation and eduPersonTargetedID)"

-msgid "A teacher with 'member' and 'faculty' values for eduPersonAffiliation."
-msgstr "Un enseignant avec les valeurs 'member' et 'faculty' pour eduPersonAffiliation."
+msgid "A teacher with 'member' and 'faculty' values for eduPersonAffiliation"
+msgstr "Un enseignant avec les valeurs 'member' et 'faculty' pour eduPersonAffiliation"

-msgid "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation."
-msgstr "Un chercheur, indifférenciable d'un enseignant car il n'y a pas de valeur standard pour eduPersonAffiliation."
+msgid "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation"
+msgstr "Un chercheur, indifférenciable d'un enseignant car il n'y a pas de valeur standard pour eduPersonAffiliation"

 #: templates/web/edugain/create_accounts.tt2.html:74 templates/web/renater/create_accounts.tt2.html:78
 msgid "(1) eduPersonAffiliation and eduPersonScoppedAffilisation attributes are assigned quite differently from federation to federation."

--- a/lib/AccountManager/Tools.pm
+++ b/lib/AccountManager/Tools.pm
@@ -11,7 +11,8 @@ use List::MoreUtils qw(pairwise);
 use MIME::Base64;
 use Template;
 use Template::Constants qw(:chomp);
-use Template::Stash;
+
+use AccountManager::Template::Plugin::Quote;

 sub encrypt {
    my ($string, $key) = @_;
@@ -96,30 +97,21 @@ sub generate_secret {
 sub update_ssp_authsources {
    my ($templates_dir, $output, $accounts) = @_;

-    # scalar virtual method to return a quoted value
-    $Template::Stash::SCALAR_OPS->{ quote } = sub {
-        my $scalar = shift;
-        return "'" . $scalar . "'";
-    };
-
-    # list virtual method to return a list of quoted values
-    $Template::Stash::LIST_OPS->{ quote } = sub {
-        my $list = shift;
-        return [ map { "'" . $_ . "'" } @$list ];
-    };
-
    my $tt2 = Template->new({
        ENCODING     => 'utf8',
        PRE_CHOMP    => CHOMP_ONE,
-        INCLUDE_PATH => $templates_dir . '/accounts'
+        INCLUDE_PATH => [
+            sprintf("%s/other", $templates_dir),
+            sprintf("%s/accounts", $templates_dir),
+        ],
    });
-    my $template = 'accounts.php.tt2';
-    my $data = {
-        accounts  => $accounts,
-    };

-    $tt2->process($template, $data, $output, { binmode => ':utf8' })
-        or die $tt2->error();
+    $tt2->process(
+        'accounts.php.tt2',
+        { accounts => $accounts},
+        $output,
+        { binmode => ':utf8' }
+    ) or die $tt2->error();
 }

 1;

--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -11,6 +11,7 @@ nobase_modules_DATA = \
 	AccountManager/L10N.pm \
 	AccountManager/L10N/en.pm \
 	AccountManager/L10N/fr.pm \
-	AccountManager/App.pm
+	AccountManager/App.pm \
+	AccountManager/Template/Plugin/Quote.pm

 EXTRA_DIST = $(nobase_modules_DATA)
--- a/templates/Makefile.am
+++ b/templates/Makefile.am
 nobase_templates_DATA = \
-	accounts/accounts.php.tt2 \
+	accounts/alumni1.tt2 \
+	accounts/employee1.tt2 \
+	accounts/fullset1.tt2 \
+	accounts/generic1.tt2 \
+	accounts/librarywalkin1.tt2 \
+	accounts/limitedset1.tt2 \
+	accounts/researcher1.tt2 \
+	accounts/student1.tt2 \
+	accounts/student2.tt2 \
+	accounts/teacher1.tt2 \
+	accounts/teacher2.tt2 \
 	mail/send_authentication_token.tt2.txt \
 	mail/send_authentication_token.tt2.html \
+	other/accounts.csv.tt2 \
+	other/accounts.php.tt2 \
 	web/edugain/errors.tt2.html \
 	web/edugain/home.tt2.html \
 	web/edugain/index.tt2.html \

--- a/templates/accounts/accounts.php.tt2
+++ b/templates/accounts/accounts.php.tt2
-<?php
-// PhP configuration file loaded in simpleSamlPhp authsources.php file
-$validTestAccounts = array (
-    'authcrypt:Hash',
-
-[% FOREACH account IN accounts %]
-    'user[% account.id() %]:{SHA256}[% account.password_hash() %]=' => array(
-        'internal_uid'               => array([% account.internal_uid().quote %]),
-        'associatedSP'               => array([% account.associatedSP().quote %]),
-    [% IF account.cn() %]
-        'cn'                         => array([% account.cn().quote %]),
-    [% END %]
-    [% IF account.sn() %]
-        'sn'                         => array([% account.sn().quote %]),
-    [% END %]
-    [% IF account.displayName() %]
-        'displayName'                => array([% account.displayName().quote %]),
-    [% END %]
-    [% IF account.givenName() %]
-        'givenName'                  => array([% account.givenName().quote %]),
-    [% END %]
-    [% IF account.mail() %]
-        'mail'                       => array([% account.mail().quote %]),
-    [% END %]
-    [% IF account.eduPersonAffiliation() %]
-        'eduPersonAffiliation'       => array([% account.eduPersonAffiliation().quote.join(', ') %]),
-    [% END %]
-    [% IF account.eduPersonScopedAffiliation() %]
-        'eduPersonScopedAffiliation' => array([% account.eduPersonScopedAffiliation().quote.join(', ') %]),
-    [% END %]
-    [% IF account.eduPersonPrincipalName() %]
-        'eduPersonPrincipalName'     => array([% account.eduPersonPrincipalName().quote %]),
-    [% END %]
-    [% IF account.schacHomeOrganization() %]
-        'schacHomeOrganization'      => array([% account.schacHomeOrganization().quote %]),
-    [% END %]
-    [% IF account.schacHomeOrganizationType() %]
-        'schacHomeOrganizationType'  => array([% account.schacHomeOrganizationType().quote %]),
-    [% END %]
-    ),
-
-[% END %]
-);
--- a/templates/accounts/alumni1.tt2
+++ b/templates/accounts/alumni1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: alumni
+    Value "member" is not set for eduPersonAffiliation, contrary to current students
+%]
+[%
+    description                = "An ex-student with 'alum' value for eduPersonAffiliation"
+    attributes = {
+	cn                         = "Åsold Wahlstrøm - eduGAIN Access Check account"
+	displayName                = "Åsold Wahlstrøm - eduGAIN Access Check account"
+	mail                       = "asold.wahlstrom@${scope}"
+	eduPersonAffiliation       = [ "alum" ]
+	eduPersonScopedAffiliation = [ "alum@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/employee1.tt2
+++ b/templates/accounts/employee1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: employee
+    There are conflicting definitions of "staff" and "employee" from
+    country to country that make those values particularly unreliable
+    in any international context. However in this example we set both
+    values
+%]
+[%
+    description                = "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation"
+    attributes = {
+	cn                         = "Linnéa Hsu - eduGAIN Access Check account"
+	displayName                = "Linnéa Hsu - eduGAIN Access Check account"
+	mail                       = "linnea.hsu@${scope}"
+	eduPersonAffiliation       = [ "member", "staff", "employee" ]
+	eduPersonScopedAffiliation = [ "member@${scope}", "staff@${scope}", "employee@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/fullset1.tt2
+++ b/templates/accounts/fullset1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: full set
+    This user profile respresents a researcher with all eduGAIN user
+    attributes plus givenName and surname
+%]
+[%
+    description                = "A person with all eduGAIN user attributes plus givenName and surname"
+    attributes = {
+	cn                         = "Gundabald Lightfoot - eduGAIN Access Check account"
+	displayName                = "Gundabald Lightfoot - eduGAIN Access Check account"
+	givenName                  = "Gundabald"
+	sn                         = "Lightfoot - eduGAIN Access Check account"
+	mail                       = "gundabald.lightfoot@${scope}"
+	eduPersonAffiliation       = [ "member", "faculty" ]
+	eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/generic1.tt2
+++ b/templates/accounts/generic1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: generic
+    This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName)
+%]
+[%
+    description = "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)"
+    attributes  = {
+	displayName            = "山崎 弘子樫野 陽子 - eduGAIN Access Check account"
+	mail                   = "forearartian@${scope}"
+	eduPersonPrincipalName = "${id}@${scope}"
+    }
+%]
--- a/templates/accounts/librarywalkin1.tt2
+++ b/templates/accounts/librarywalkin1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: library walk-in
+    This term was created to cover the case where physical presence in
+    a library facility grants someone access to electronic resources
+    typically licensed for faculty, staff and students. In recent years
+    the library walk-in provision has been extended to cover other
+    cases such as library users on the campus network, or those using
+    on-campus workstations.  Licensed resource providers have often
+    been willing to interpret their contracts with licensees to accept
+    this broader definition of "library-walk-in," though specific terms
+    may vary. For a more direct way of using eduPerson attributes to
+    express library privilege information, see the eduPersonEntitlement
+    value "urn:mace:dir:entitlement:common-lib-terms" as defined in the
+    MACE-Dir Registry of eduPersonEntitlement values http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html
+%]
+[%
+    description = "A library user on the campus network"
+    attributes  = {
+	cn                         = "Ramón Núñez - eduGAIN Access Check account"
+	displayName                = "Ramón Núñez - eduGAIN Access Check account"
+	mail                       = "ramon.nunez@" _ scope
+	eduPersonAffiliation       = [ "library-walk-in" ]
+	eduPersonScopedAffiliation = [ "library-walk-in@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	eduPersonEntitlement       = "urn:mace:dir:entitlement:common-lib-terms"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/limitedset1.tt2
+++ b/templates/accounts/limitedset1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    profile type: limited set
+    This account provides only an eduPersonTargetedID attribute
+%]
+[%
+    description = "A person with only an eduPersonTargetedID attribute"
+    attributes = {}
+%]
--- a/templates/accounts/researcher1.tt2
+++ b/templates/accounts/researcher1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    No standard value for eduPersonAffiliation can be used to represent a
+    researcher. Therefore you can't differenciate a teacher from a
+    researcher.
+%]
+[%
+    description = "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation"
+    attributes  = {
+	cn                         = "Stéphane Larivière - eduGAIN Access Check account"
+	displayName                = "Stéphane Larivière - eduGAIN Access Check account"
+	mail                       = "stephane.lariviere@${scope}"
+	eduPersonAffiliation       = [ "member", "faculty"]
+	eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/student1.tt2
+++ b/templates/accounts/student1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    An active student has both "member" and "student" values set for eduPersonAffiliation
+%]
+[%
+    description = "A student with 'member' and 'student' values for eduPersonAffiliation"
+    attributes  = {
+	cn                         = "Ciarán MacCárthaigh - eduGAIN Access Check account"
+	displayName                = "Ciarán MacCárthaigh - eduGAIN Access Check account"
+	mail                       = "ciaran.maccarthaigh@${scope}"
+	eduPersonAffiliation       = [ "member", "student" ],
+	eduPersonScopedAffiliation = [ "member@${scope}", "student@${scope}" ],
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/student2.tt2
+++ b/templates/accounts/student2.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    A PhD student, having three values set for eduPersonAffiliation:
+    "member" and "student" and "faculty"
+%]
+[%
+    description = "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation"
+    attributes  = { 
+	cn                         = "Damiën Kuijper - eduGAIN Access Check account"
+	displayName                = "Damiën Kuijper - eduGAIN Access Check account"
+	mail                       = "damien.kuijper@${scope}"
+	eduPersonAffiliation       = [ "member", "student", "faculty" ]
+	eduPersonScopedAffiliation = [ "member@${scope}", "student@${scope}", "faculty@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/teacher1.tt2
+++ b/templates/accounts/teacher1.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    An active teacher has both "member" and "faculty" values set for eduPersonAffiliation
+%]
+[%
+    description = "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)"
+    attributes  = {
+	cn                         = "Peter Müller - eduGAIN Access Check account"
+	displayName                = "Peter Müller - eduGAIN Access Check account"
+	mail                       = "peter.muller@${scope}"
+	eduPersonAffiliation       = [ "member", "faculty" ]
+	eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+	eduPersonPrincipalName     = "${id}@${scope}"
+	schacHomeOrganization      = scope
+	schacHomeOrganizationType  = "urn:schac:homeOrganizationType:int:other"
+    }
+%]
--- a/templates/accounts/teacher2.tt2
+++ b/templates/accounts/teacher2.tt2
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+    This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID)
+%]
+[%
+    description = "A teacher with 'member' and 'faculty' values for eduPersonAffiliation"
+    attributes  = {
+	eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+    }
+%]
--- a/templates/other/accounts.php.tt2
+++ b/templates/other/accounts.php.tt2
+<?php
+// PhP configuration file loaded in simpleSamlPhp authsources.php file
+$validTestAccounts = array (
+    'authcrypt:Hash',
+
+[% FOREACH account IN accounts %]
+    [% template = account.profile() _ '.tt2' %]
+    [% PROCESS $template scope=account.scope() id=account.id() | trim %]
+    '[% account.internal_uid() %]:{SHA256}[% account.password_hash() %]=' => array(
+        'internal_uid' => array([% account.internal_uid().quote %]),
+        'associatedSP' => array([% account.associatedSP().quote %]),
+    [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] %]
+	[% NEXT UNLESS  attributes.$attribute %]
+        '[% attribute %]' => array([% attributes.$attribute.quote("'") %]),
+    [% END %]
+    [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] %]
+	[% NEXT UNLESS  attributes.$attribute %]
+        '[% attribute %]' => array([% attributes.$attribute.quote("'").join(', ') %]),
+    [% END %]
+    ),
+
+[% END %]
+);