From bf7b134e7e8aa8beb7f6406177d885522393a377 Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Fri, 13 Nov 2020 18:43:22 +0100
Subject: [PATCH] return to template-based profiles definitions
This make adding new profiles easier. In addition, CSV output is now
generated through a template, making Text::CSV usage obsolete.
---
README.md | 1 -
lib/AccountManager/Account.pm | 141 ------------------
lib/AccountManager/App.pm | 77 ++++------
lib/AccountManager/L10N/fr.pm | 44 +++---
lib/AccountManager/Tools.pm | 32 ++--
lib/Makefile.am | 3 +-
templates/Makefile.am | 14 +-
templates/accounts/accounts.php.tt2 | 43 ------
templates/accounts/alumni1.tt2 | 18 +++
templates/accounts/employee1.tt2 | 21 +++
templates/accounts/fullset1.tt2 | 21 +++
templates/accounts/generic1.tt2 | 13 ++
templates/accounts/librarywalkin1.tt2 | 30 ++++
templates/accounts/limitedset1.tt2 | 9 ++
templates/accounts/researcher1.tt2 | 19 +++
templates/accounts/student1.tt2 | 17 +++
templates/accounts/student2.tt2 | 18 +++
templates/accounts/teacher1.tt2 | 17 +++
templates/accounts/teacher2.tt2 | 10 ++
templates/other/accounts.php.tt2 | 23 +++
.../web/edugain/create_accounts.tt2.html | 8 +-
.../web/renater/create_accounts.tt2.html | 8 +-
22 files changed, 303 insertions(+), 284 deletions(-)
delete mode 100644 templates/accounts/accounts.php.tt2
create mode 100644 templates/accounts/alumni1.tt2
create mode 100644 templates/accounts/employee1.tt2
create mode 100644 templates/accounts/fullset1.tt2
create mode 100644 templates/accounts/generic1.tt2
create mode 100644 templates/accounts/librarywalkin1.tt2
create mode 100644 templates/accounts/limitedset1.tt2
create mode 100644 templates/accounts/researcher1.tt2
create mode 100644 templates/accounts/student1.tt2
create mode 100644 templates/accounts/student2.tt2
create mode 100644 templates/accounts/teacher1.tt2
create mode 100644 templates/accounts/teacher2.tt2
create mode 100644 templates/other/accounts.php.tt2
diff --git a/README.md b/README.md
index 5214843..5bf1f22 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,6 @@ It requires the following CPAN distributions:
* Net-IP
* Rose-DB-Object
* Template-Toolkit
-* Text-CSV
* UNIVERSAL-require
* XML-LibXML
diff --git a/lib/AccountManager/Account.pm b/lib/AccountManager/Account.pm
index 949b148..356a4b0 100644
--- a/lib/AccountManager/Account.pm
+++ b/lib/AccountManager/Account.pm
@@ -29,86 +29,6 @@ __PACKAGE__->meta->setup(
Rose::DB::Object::Manager->make_manager_methods('accounts');
-my %cn = (
- alumni1 => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- employee1 => 'Linnéa Hsu - eduGAIN Access Check account',
- fullset1 => 'Gundabald Lightfoot - eduGAIN Access Check account',
- librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
- researcher1 => 'Stéphane Larivière - eduGAIN Access Check account',
- student1 => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- student2 => 'Damiën Kuijper - eduGAIN Access Check account',
- teacher1 => 'Peter Müller - eduGAIN Access Check account',
-);
-
-my %givenName = (
- fullset1 => 'Gundabald',
-);
-
-my %sn = (
- fullset1 => 'Lightfoot - eduGAIN Access Check account',
-);
-
-my %displayName = (
- alumni1 => 'Åsold Wahlstrøm - eduGAIN Access Check account',
- employee1 => 'Linnéa Hsu - eduGAIN Access Check account',
- fullset1 => 'Gundabald Lightfoot - eduGAIN Access Check account',
- librarywalkin1 => 'Ramón Núñez - eduGAIN Access Check account',
- researcher1 => 'Stéphane Larivière - eduGAIN Access Check account',
- student1 => 'Ciarán MacCárthaigh - eduGAIN Access Check account',
- student2 => 'Damiën Kuijper - eduGAIN Access Check account',
- teacher1 => 'Peter Müller - eduGAIN Access Check account',
- generic1 => '山崎 弘å樫野 陽å - eduGAIN Access Check account',
-);
-
-my %mail = (
- alumni1 => 'asold.wahlstrom',
- employee1 => 'linnea.hsu',
- fullset1 => 'gundabald.lightfoot',
- generic1 => 'forearartian',
- librarywalkin1 => 'ramon.nunez',
- researcher1 => 'stephane.lariviere',
- student1 => 'ciaran.maccarthaigh',
- student2 => 'damien.kuijper',
- teacher1 => 'peter.muller',
-);
-
-my %affiliation = (
- alumni1 => [ qw/alum/ ],
- employee1 => [ qw/member staff employee/ ],
- fullset1 => [ qw/member faculty/ ],
- librarywalkin1 => [ qw/library-walk-in/ ],
- researcher1 => [ qw/member faculty/ ],
- student1 => [ qw/member student/ ],
- student2 => [ qw/member student faculty/ ],
- teacher1 => [ qw/member faculty/ ],
-);
-
-my %scopedAffiliation = (
- alumni1 => [ qw/alum/ ],
- employee1 => [ qw/member staff employee/ ],
- fullset1 => [ qw/member faculty/ ],
- librarywalkin1 => [ qw/library-walk-in/ ],
- researcher1 => [ qw/member faculty/ ],
- student1 => [ qw/member student/ ],
- student2 => [ qw/member student faculty/ ],
- teacher1 => [ qw/member faculty/ ],
- teacher2 => [ qw/member faculty/ ],
-);
-
-my %comment = (
- alumni1 => "An ex-student with 'alum' value for eduPersonAffiliation.",
- employee1 => "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation.",
- fullset1 => "A person with all eduGAIN user attributes plus givenName and surname.",
- limitedset1 => "A person with only an eduPersonTargetedID attribute.",
- generic1 => "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName).",
- librarywalkin1 => "A library user on the campus network.",
- student1 => "A student with 'member' and 'student' values for eduPersonAffiliation.",
- student2 => "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation.",
- teacher1 => "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID).",
- teacher2 => "A teacher with 'member' and 'faculty' values for eduPersonAffiliation.",
- researcher1 => "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation.",
-);
-
sub print {
my ($self, $fd) = @_;
$fd = \*STDOUT unless $fd;
@@ -129,67 +49,6 @@ sub internal_uid {
return 'user' . $self->id();
}
-sub cn {
- my ($self) = @_;
- return $cn{$self->profile()};
-}
-
-sub sn {
- my ($self) = @_;
- return $sn{$self->profile()};
-}
-
-sub displayName {
- my ($self) = @_;
- return $displayName{$self->profile()};
-}
-
-sub givenName {
- my ($self) = @_;
- return $givenName{$self->profile()};
-}
-
-sub mail {
- my ($self) = @_;
- my $prefix = $mail{$self->profile()};
- return $prefix ?
- $prefix . '@' . $self->{scope} : undef;
-}
-
-sub eduPersonAffiliation {
- my ($self) = @_;
- my $affiliations = $affiliation{$self->profile()} || [];
-
- return @$affiliations;
-}
-
-sub eduPersonScopedAffiliation {
- my ($self) = @_;
- my $affiliations = $scopedAffiliation{$self->profile()} || [];
-
- return map { $_ . '@' . $self->{scope} } @$affiliations;
-}
-
-sub eduPersonPrincipalName {
- my ($self) = @_;
- return $self->id() . '@'. $self->{scope};
-}
-
-sub schacHomeOrganization {
- my ($self) = @_;
- return $self->{scope};
-}
-
-sub schacHomeOrganizationType {
- my ($self) = @_;
- return "urn:schac:homeOrganizationType:int:other";
-}
-
-sub comment {
- my ($self) = @_;
- return $comment{$self->profile()};
-}
-
sub associatedSP {
my ($self) = @_;
return $self->{entityid};
diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 4ce42ed..ddae154 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -19,6 +19,7 @@ use AccountManager::Entity;
use AccountManager::Token;
use AccountManager::Tools;
use AccountManager::L10N;
+use AccountManager::Template::Plugin::Quote;
# Format de type URL HTTP ou URN
my %patterns = (
@@ -179,23 +180,17 @@ sub respond {
};
$in{data}->{lh} = $self->{lh};
- my $theme_templates_dir = sprintf(
- "%s/web/%s",
- $self->{configuration}->{setup}->{templates_dir},
- $self->{configuration}->{setup}->{templates_theme} || 'default'
- );
- my $default_templates_dir = sprintf(
- "%s/web",
- $self->{configuration}->{setup}->{templates_dir},
- );
- my $templates_dir = -d $theme_templates_dir ?
- $theme_templates_dir :
- $default_templates_dir;
+ my $templates_dir = $self->{configuration}->{setup}->{templates_dir};
+ my $templates_theme = $self->{configuration}->{setup}->{templates_theme} || 'default';
my $tt2 = Template->new({
ENCODING => 'utf8',
PRE_CHOMP => CHOMP_ONE,
- INCLUDE_PATH => $templates_dir
+ INCLUDE_PATH => [
+ sprintf("%s/web/%s", $templates_dir, $templates_theme),
+ sprintf("%s/web", $templates_dir),
+ sprintf("%s/accounts", $templates_dir)
+ ]
});
$self->{logger}->debug("Responding with template '$in{template}'");
@@ -643,6 +638,13 @@ sub req_download_accounts {
],
);
+ foreach my $account (@$accounts) {
+ my $password = AccountManager::Tools::decrypt(
+ $account->password_crypt(), $key
+ );
+ $account->password($password);
+ }
+
binmode(STDOUT, ":encoding(UTF-8)");
print $self->{cgi}->header(
@@ -650,43 +652,20 @@ sub req_download_accounts {
-content_disposition => 'attachment; filename="accounts.csv"'
);
- Text::CSV->require();
- my $csv = Text::CSV->new({ binary => 1, eol => "\r\n", quote_space => 0 });
- $csv->print(\*STDOUT, [ qw/
- username
- password
- profile
- cn
- sn
- displayName
- givenName
- mail
- eduPersonAffiliation
- eduPersonScopedAffiliation
- eduPersonPrincipalName
- schacHomeOrganization
- schacHomeOrganizationType
- / ]);
+ my $templates_dir = $self->{configuration}->{setup}->{templates_dir};
- foreach my $account (@$accounts) {
- my $password = AccountManager::Tools::decrypt(
- $account->password_crypt(), $key
- );
- $account->password($password);
- $csv->print(\*STDOUT, [
- $account->internal_uid(),
- $account->password(),
- $account->profile(),
- $account->cn(),
- $account->displayName(),
- $account->givenName(),
- $account->mail(),
- join(', ', $account->eduPersonAffiliation()),
- join(', ', $account->eduPersonScopedAffiliation()),
- $account->eduPersonPrincipalName(),
- $account->schacHomeOrganization(),
- $account->schacHomeOrganizationType(),
- ]);
+ my $tt2 = Template->new({
+ ENCODING => 'utf8',
+ PRE_CHOMP => CHOMP_ONE,
+ INCLUDE_PATH => [
+ sprintf("%s/other", $templates_dir),
+ sprintf("%s/accounts", $templates_dir),
+ ],
+ });
+
+ unless ($tt2->process("accounts.csv.tt2", { accounts => $accounts }, \*STDOUT)) {
+ printf "Content-type: text/plain\n\n Error: %s", $tt2->error();
+ $self->{logger}->errorf("Web parser error : %s", $tt2->error());
}
}
diff --git a/lib/AccountManager/L10N/fr.pm b/lib/AccountManager/L10N/fr.pm
index 5848c36..ab1199c 100644
--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -17,38 +17,38 @@ __DATA__
msgid "_AUTO"
msgstr "1"
-msgid "An ex-student with 'alum' value for eduPersonAffiliation."
-msgstr "Un ancient étudiant avec la valeur 'alum' pour eduPersonAffiliation."
+msgid "An ex-student with 'alum' value for eduPersonAffiliation"
+msgstr "Un ancient étudiant avec la valeur 'alum' pour eduPersonAffiliation"
-msgid "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation."
-msgstr "Une personne avec les valeurs 'member', 'staff' et 'employee' pour eduPersonAffiliation."
+msgid "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation"
+msgstr "Une personne avec les valeurs 'member', 'staff' et 'employee' pour eduPersonAffiliation"
-msgid "A person with all eduGAIN user attributes plus givenName and surname."
-msgstr "Une personne avec tous les attributs eduGAIN plus givenName et surname."
+msgid "A person with all eduGAIN user attributes plus givenName and surname"
+msgstr "Une personne avec tous les attributs eduGAIN plus givenName et surname"
-msgid "A person with only an eduPersonTargetedID attribute."
-msgstr "Une personne avec uniquement un attribut eduPersonTargetedID."
+msgid "A person with only an eduPersonTargetedID attribute"
+msgstr "Une personne avec uniquement un attribut eduPersonTargetedID"
-msgid "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)."
-msgstr "Une personne avec un ensembe d'attributs limités (eduPersonPrincipalName, mail et displayName)."
+msgid "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)"
+msgstr "Une personne avec un ensembe d'attributs limités (eduPersonPrincipalName, mail et displayName)"
-msgid "A library user on the campus network."
-msgstr "Un utilisateur de la bibliothèque sur le réseau du campus."
+msgid "A library user on the campus network"
+msgstr "Un utilisateur de la bibliothèque sur le réseau du campus"
-msgid "A student with 'member' and 'student' values for eduPersonAffiliation."
-msgstr "Un étudiant avec les valeurs 'member' et 'student' pour eduPersonAffiliation."
+msgid "A student with 'member' and 'student' values for eduPersonAffiliation"
+msgstr "Un étudiant avec les valeurs 'member' et 'student' pour eduPersonAffiliation"
-msgid "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation."
-msgstr "Un étudiant en thèse avec les valeurs 'member', 'student' et 'faculty' pour eduPersonAffiliation."
+msgid "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation"
+msgstr "Un étudiant en thèse avec les valeurs 'member', 'student' et 'faculty' pour eduPersonAffiliation"
-msgid "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)."
-msgstr "Un enseignant avec un ensemble d'attributs limités (eduPersonScopedAffiliation and eduPersonTargetedID)."
+msgid "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)"
+msgstr "Un enseignant avec un ensemble d'attributs limités (eduPersonScopedAffiliation and eduPersonTargetedID)"
-msgid "A teacher with 'member' and 'faculty' values for eduPersonAffiliation."
-msgstr "Un enseignant avec les valeurs 'member' et 'faculty' pour eduPersonAffiliation."
+msgid "A teacher with 'member' and 'faculty' values for eduPersonAffiliation"
+msgstr "Un enseignant avec les valeurs 'member' et 'faculty' pour eduPersonAffiliation"
-msgid "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation."
-msgstr "Un chercheur, indifférenciable d'un enseignant car il n'y a pas de valeur standard pour eduPersonAffiliation."
+msgid "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation"
+msgstr "Un chercheur, indifférenciable d'un enseignant car il n'y a pas de valeur standard pour eduPersonAffiliation"
#: templates/web/edugain/create_accounts.tt2.html:74 templates/web/renater/create_accounts.tt2.html:78
msgid "(1) eduPersonAffiliation and eduPersonScoppedAffilisation attributes are assigned quite differently from federation to federation."
diff --git a/lib/AccountManager/Tools.pm b/lib/AccountManager/Tools.pm
index 08287ed..548d5f5 100644
--- a/lib/AccountManager/Tools.pm
+++ b/lib/AccountManager/Tools.pm
@@ -11,7 +11,8 @@ use List::MoreUtils qw(pairwise);
use MIME::Base64;
use Template;
use Template::Constants qw(:chomp);
-use Template::Stash;
+
+use AccountManager::Template::Plugin::Quote;
sub encrypt {
my ($string, $key) = @_;
@@ -96,30 +97,21 @@ sub generate_secret {
sub update_ssp_authsources {
my ($templates_dir, $output, $accounts) = @_;
- # scalar virtual method to return a quoted value
- $Template::Stash::SCALAR_OPS->{ quote } = sub {
- my $scalar = shift;
- return "'" . $scalar . "'";
- };
-
- # list virtual method to return a list of quoted values
- $Template::Stash::LIST_OPS->{ quote } = sub {
- my $list = shift;
- return [ map { "'" . $_ . "'" } @$list ];
- };
-
my $tt2 = Template->new({
ENCODING => 'utf8',
PRE_CHOMP => CHOMP_ONE,
- INCLUDE_PATH => $templates_dir . '/accounts'
+ INCLUDE_PATH => [
+ sprintf("%s/other", $templates_dir),
+ sprintf("%s/accounts", $templates_dir),
+ ],
});
- my $template = 'accounts.php.tt2';
- my $data = {
- accounts => $accounts,
- };
- $tt2->process($template, $data, $output, { binmode => ':utf8' })
- or die $tt2->error();
+ $tt2->process(
+ 'accounts.php.tt2',
+ { accounts => $accounts},
+ $output,
+ { binmode => ':utf8' }
+ ) or die $tt2->error();
}
1;
diff --git a/lib/Makefile.am b/lib/Makefile.am
index d2550af..64a8c99 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -11,6 +11,7 @@ nobase_modules_DATA = \
AccountManager/L10N.pm \
AccountManager/L10N/en.pm \
AccountManager/L10N/fr.pm \
- AccountManager/App.pm
+ AccountManager/App.pm \
+ AccountManager/Template/Plugin/Quote.pm
EXTRA_DIST = $(nobase_modules_DATA)
diff --git a/templates/Makefile.am b/templates/Makefile.am
index c190276..26b98f4 100644
--- a/templates/Makefile.am
+++ b/templates/Makefile.am
@@ -1,7 +1,19 @@
nobase_templates_DATA = \
- accounts/accounts.php.tt2 \
+ accounts/alumni1.tt2 \
+ accounts/employee1.tt2 \
+ accounts/fullset1.tt2 \
+ accounts/generic1.tt2 \
+ accounts/librarywalkin1.tt2 \
+ accounts/limitedset1.tt2 \
+ accounts/researcher1.tt2 \
+ accounts/student1.tt2 \
+ accounts/student2.tt2 \
+ accounts/teacher1.tt2 \
+ accounts/teacher2.tt2 \
mail/send_authentication_token.tt2.txt \
mail/send_authentication_token.tt2.html \
+ other/accounts.csv.tt2 \
+ other/accounts.php.tt2 \
web/edugain/errors.tt2.html \
web/edugain/home.tt2.html \
web/edugain/index.tt2.html \
diff --git a/templates/accounts/accounts.php.tt2 b/templates/accounts/accounts.php.tt2
deleted file mode 100644
index 1f04f5a..0000000
--- a/templates/accounts/accounts.php.tt2
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php
-// PhP configuration file loaded in simpleSamlPhp authsources.php file
-$validTestAccounts = array (
- 'authcrypt:Hash',
-
-[% FOREACH account IN accounts %]
- 'user[% account.id() %]:{SHA256}[% account.password_hash() %]=' => array(
- 'internal_uid' => array([% account.internal_uid().quote %]),
- 'associatedSP' => array([% account.associatedSP().quote %]),
- [% IF account.cn() %]
- 'cn' => array([% account.cn().quote %]),
- [% END %]
- [% IF account.sn() %]
- 'sn' => array([% account.sn().quote %]),
- [% END %]
- [% IF account.displayName() %]
- 'displayName' => array([% account.displayName().quote %]),
- [% END %]
- [% IF account.givenName() %]
- 'givenName' => array([% account.givenName().quote %]),
- [% END %]
- [% IF account.mail() %]
- 'mail' => array([% account.mail().quote %]),
- [% END %]
- [% IF account.eduPersonAffiliation() %]
- 'eduPersonAffiliation' => array([% account.eduPersonAffiliation().quote.join(', ') %]),
- [% END %]
- [% IF account.eduPersonScopedAffiliation() %]
- 'eduPersonScopedAffiliation' => array([% account.eduPersonScopedAffiliation().quote.join(', ') %]),
- [% END %]
- [% IF account.eduPersonPrincipalName() %]
- 'eduPersonPrincipalName' => array([% account.eduPersonPrincipalName().quote %]),
- [% END %]
- [% IF account.schacHomeOrganization() %]
- 'schacHomeOrganization' => array([% account.schacHomeOrganization().quote %]),
- [% END %]
- [% IF account.schacHomeOrganizationType() %]
- 'schacHomeOrganizationType' => array([% account.schacHomeOrganizationType().quote %]),
- [% END %]
- ),
-
-[% END %]
-);
diff --git a/templates/accounts/alumni1.tt2 b/templates/accounts/alumni1.tt2
new file mode 100644
index 0000000..ef0a840
--- /dev/null
+++ b/templates/accounts/alumni1.tt2
@@ -0,0 +1,18 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: alumni
+ Value "member" is not set for eduPersonAffiliation, contrary to current students
+%]
+[%
+ description = "An ex-student with 'alum' value for eduPersonAffiliation"
+ attributes = {
+ cn = "Åsold Wahlstrøm - eduGAIN Access Check account"
+ displayName = "Åsold Wahlstrøm - eduGAIN Access Check account"
+ mail = "asold.wahlstrom@${scope}"
+ eduPersonAffiliation = [ "alum" ]
+ eduPersonScopedAffiliation = [ "alum@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/employee1.tt2 b/templates/accounts/employee1.tt2
new file mode 100644
index 0000000..7eae237
--- /dev/null
+++ b/templates/accounts/employee1.tt2
@@ -0,0 +1,21 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: employee
+ There are conflicting definitions of "staff" and "employee" from
+ country to country that make those values particularly unreliable
+ in any international context. However in this example we set both
+ values
+%]
+[%
+ description = "A person with 'member', 'staff' and 'employee' values for eduPersonAffiliation"
+ attributes = {
+ cn = "Linnéa Hsu - eduGAIN Access Check account"
+ displayName = "Linnéa Hsu - eduGAIN Access Check account"
+ mail = "linnea.hsu@${scope}"
+ eduPersonAffiliation = [ "member", "staff", "employee" ]
+ eduPersonScopedAffiliation = [ "member@${scope}", "staff@${scope}", "employee@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/fullset1.tt2 b/templates/accounts/fullset1.tt2
new file mode 100644
index 0000000..85abc14
--- /dev/null
+++ b/templates/accounts/fullset1.tt2
@@ -0,0 +1,21 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: full set
+ This user profile respresents a researcher with all eduGAIN user
+ attributes plus givenName and surname
+%]
+[%
+ description = "A person with all eduGAIN user attributes plus givenName and surname"
+ attributes = {
+ cn = "Gundabald Lightfoot - eduGAIN Access Check account"
+ displayName = "Gundabald Lightfoot - eduGAIN Access Check account"
+ givenName = "Gundabald"
+ sn = "Lightfoot - eduGAIN Access Check account"
+ mail = "gundabald.lightfoot@${scope}"
+ eduPersonAffiliation = [ "member", "faculty" ]
+ eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/generic1.tt2 b/templates/accounts/generic1.tt2
new file mode 100644
index 0000000..6dbad5b
--- /dev/null
+++ b/templates/accounts/generic1.tt2
@@ -0,0 +1,13 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: generic
+ This account provides a limited set of user attributes (eduPersonPrincipalName, mail and displayName)
+%]
+[%
+ description = "A person with a limited set of attributes (eduPersonPrincipalName, mail and displayName)"
+ attributes = {
+ displayName = "山崎 弘å樫野 陽å - eduGAIN Access Check account"
+ mail = "forearartian@${scope}"
+ eduPersonPrincipalName = "${id}@${scope}"
+ }
+%]
diff --git a/templates/accounts/librarywalkin1.tt2 b/templates/accounts/librarywalkin1.tt2
new file mode 100644
index 0000000..9973cec
--- /dev/null
+++ b/templates/accounts/librarywalkin1.tt2
@@ -0,0 +1,30 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: library walk-in
+ This term was created to cover the case where physical presence in
+ a library facility grants someone access to electronic resources
+ typically licensed for faculty, staff and students. In recent years
+ the library walk-in provision has been extended to cover other
+ cases such as library users on the campus network, or those using
+ on-campus workstations. Licensed resource providers have often
+ been willing to interpret their contracts with licensees to accept
+ this broader definition of "library-walk-in," though specific terms
+ may vary. For a more direct way of using eduPerson attributes to
+ express library privilege information, see the eduPersonEntitlement
+ value "urn:mace:dir:entitlement:common-lib-terms" as defined in the
+ MACE-Dir Registry of eduPersonEntitlement values http://middleware.internet2.edu/urn-mace/urn-mace-dir-entitlement.html
+%]
+[%
+ description = "A library user on the campus network"
+ attributes = {
+ cn = "Ramón Núñez - eduGAIN Access Check account"
+ displayName = "Ramón Núñez - eduGAIN Access Check account"
+ mail = "ramon.nunez@" _ scope
+ eduPersonAffiliation = [ "library-walk-in" ]
+ eduPersonScopedAffiliation = [ "library-walk-in@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ eduPersonEntitlement = "urn:mace:dir:entitlement:common-lib-terms"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/limitedset1.tt2 b/templates/accounts/limitedset1.tt2
new file mode 100644
index 0000000..0567110
--- /dev/null
+++ b/templates/accounts/limitedset1.tt2
@@ -0,0 +1,9 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ profile type: limited set
+ This account provides only an eduPersonTargetedID attribute
+%]
+[%
+ description = "A person with only an eduPersonTargetedID attribute"
+ attributes = {}
+%]
diff --git a/templates/accounts/researcher1.tt2 b/templates/accounts/researcher1.tt2
new file mode 100644
index 0000000..89374f0
--- /dev/null
+++ b/templates/accounts/researcher1.tt2
@@ -0,0 +1,19 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ No standard value for eduPersonAffiliation can be used to represent a
+ researcher. Therefore you can't differenciate a teacher from a
+ researcher.
+%]
+[%
+ description = "A researcher, undifferenciable from a teacher as there is no standard value for eduPersonAffiliation"
+ attributes = {
+ cn = "Stéphane Larivière - eduGAIN Access Check account"
+ displayName = "Stéphane Larivière - eduGAIN Access Check account"
+ mail = "stephane.lariviere@${scope}"
+ eduPersonAffiliation = [ "member", "faculty"]
+ eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/student1.tt2 b/templates/accounts/student1.tt2
new file mode 100644
index 0000000..f3ea5d0
--- /dev/null
+++ b/templates/accounts/student1.tt2
@@ -0,0 +1,17 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ An active student has both "member" and "student" values set for eduPersonAffiliation
+%]
+[%
+ description = "A student with 'member' and 'student' values for eduPersonAffiliation"
+ attributes = {
+ cn = "Ciarán MacCárthaigh - eduGAIN Access Check account"
+ displayName = "Ciarán MacCárthaigh - eduGAIN Access Check account"
+ mail = "ciaran.maccarthaigh@${scope}"
+ eduPersonAffiliation = [ "member", "student" ],
+ eduPersonScopedAffiliation = [ "member@${scope}", "student@${scope}" ],
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/student2.tt2 b/templates/accounts/student2.tt2
new file mode 100644
index 0000000..78c9d23
--- /dev/null
+++ b/templates/accounts/student2.tt2
@@ -0,0 +1,18 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ A PhD student, having three values set for eduPersonAffiliation:
+ "member" and "student" and "faculty"
+%]
+[%
+ description = "A PhD student with 'member', 'student' and 'faculty' values for eduPersonAffiliation"
+ attributes = {
+ cn = "Damiën Kuijper - eduGAIN Access Check account"
+ displayName = "Damiën Kuijper - eduGAIN Access Check account"
+ mail = "damien.kuijper@${scope}"
+ eduPersonAffiliation = [ "member", "student", "faculty" ]
+ eduPersonScopedAffiliation = [ "member@${scope}", "student@${scope}", "faculty@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/teacher1.tt2 b/templates/accounts/teacher1.tt2
new file mode 100644
index 0000000..06716ad
--- /dev/null
+++ b/templates/accounts/teacher1.tt2
@@ -0,0 +1,17 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ An active teacher has both "member" and "faculty" values set for eduPersonAffiliation
+%]
+[%
+ description = "A teacher with a limited set of attributes (eduPersonScopedAffiliation and eduPersonTargetedID)"
+ attributes = {
+ cn = "Peter Müller - eduGAIN Access Check account"
+ displayName = "Peter Müller - eduGAIN Access Check account"
+ mail = "peter.muller@${scope}"
+ eduPersonAffiliation = [ "member", "faculty" ]
+ eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+ eduPersonPrincipalName = "${id}@${scope}"
+ schacHomeOrganization = scope
+ schacHomeOrganizationType = "urn:schac:homeOrganizationType:int:other"
+ }
+%]
diff --git a/templates/accounts/teacher2.tt2 b/templates/accounts/teacher2.tt2
new file mode 100644
index 0000000..602369e
--- /dev/null
+++ b/templates/accounts/teacher2.tt2
@@ -0,0 +1,10 @@
+[%# vim:set ft=html et ts=4 sw=4: %]
+[%#
+ This account provides a limited set of user attributes (eduPersonScopedAffiliation and eduPersonTargetedID)
+%]
+[%
+ description = "A teacher with 'member' and 'faculty' values for eduPersonAffiliation"
+ attributes = {
+ eduPersonScopedAffiliation = [ "member@${scope}", "faculty@${scope}" ]
+ }
+%]
diff --git a/templates/other/accounts.php.tt2 b/templates/other/accounts.php.tt2
new file mode 100644
index 0000000..e208c87
--- /dev/null
+++ b/templates/other/accounts.php.tt2
@@ -0,0 +1,23 @@
+<?php
+// PhP configuration file loaded in simpleSamlPhp authsources.php file
+$validTestAccounts = array (
+ 'authcrypt:Hash',
+
+[% FOREACH account IN accounts %]
+ [% template = account.profile() _ '.tt2' %]
+ [% PROCESS $template scope=account.scope() id=account.id() | trim %]
+ '[% account.internal_uid() %]:{SHA256}[% account.password_hash() %]=' => array(
+ 'internal_uid' => array([% account.internal_uid().quote %]),
+ 'associatedSP' => array([% account.associatedSP().quote %]),
+ [% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] %]
+ [% NEXT UNLESS attributes.$attribute %]
+ '[% attribute %]' => array([% attributes.$attribute.quote("'") %]),
+ [% END %]
+ [% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] %]
+ [% NEXT UNLESS attributes.$attribute %]
+ '[% attribute %]' => array([% attributes.$attribute.quote("'").join(', ') %]),
+ [% END %]
+ ),
+
+[% END %]
+);
diff --git a/templates/web/edugain/create_accounts.tt2.html b/templates/web/edugain/create_accounts.tt2.html
index 36ba8eb..56b8984 100644
--- a/templates/web/edugain/create_accounts.tt2.html
+++ b/templates/web/edugain/create_accounts.tt2.html
@@ -16,6 +16,8 @@
<div class="accounts row">
[% FOREACH account IN accounts %]
+ [% template = account.profile() _ '.tt2' %]
+ [% PROCESS $template scope=account.scope() id=account.id() | trim %]
<div class="small-12 medium-6 large-4 columns">
<div class="account">
<table>
@@ -31,7 +33,7 @@
<tr>
<td colspan="2">
<strong>[% lh.maketext("comment:") %]</strong>
- <div class="comment">[% lh.maketext(account.comment()) %]</div>
+ <div class="comment">[% lh.maketext(description) %]</div>
</td>
</tr>
<tr>
@@ -56,12 +58,12 @@
<caption>[% lh.maketext("List of user attributes") %]</caption>
[% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] %]
<tr>
- <th>[% attribute %]</th><td>[% account.$attribute() %]</td>
+ <th>[% attribute %]</th><td>[% attributes.$attribute %]</td>
</tr>
[% END %]
[% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] %]
<tr>
- <th>[% attribute %]</th><td>[% account.$attribute().join(', ') %]</td>
+ <th>[% attribute %]</th><td>[% attributes.$attribute.join(', ') %]</td>
</tr>
[% END %]
<tr>
diff --git a/templates/web/renater/create_accounts.tt2.html b/templates/web/renater/create_accounts.tt2.html
index 6c2f2b8..a8bc3f2 100644
--- a/templates/web/renater/create_accounts.tt2.html
+++ b/templates/web/renater/create_accounts.tt2.html
@@ -18,6 +18,8 @@
<div class="accounts row">
[% FOREACH account IN accounts %]
+ [% template = account.profile() _ '.tt2' %]
+ [% PROCESS $template scope=account.scope() id=account.id() | trim %]
<div class="small-12 medium-6 large-4 columns">
<div class="account">
<table>
@@ -33,7 +35,7 @@
<tr>
<td colspan="2">
<strong>[% lh.maketext("comment:") %]</strong>
- <div class="comment">[% lh.maketext(account.comment()) %]</div>
+ <div class="comment">[% lh.maketext(description) %]</div>
</td>
</tr>
<tr>
@@ -58,12 +60,12 @@
<caption>[% lh.maketext("List of user attributes") %]</caption>
[% FOREACH attribute IN [ 'cn', 'displayName', 'givenName', 'sn', 'mail', 'schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonPrincipalName' ] %]
<tr>
- <th>[% attribute %]</th><td>[% account.$attribute() %]</td>
+ <th>[% attribute %]</th><td>[% attributes.$attribute %]</td>
</tr>
[% END %]
[% FOREACH attribute IN [ 'eduPersonAffiliation', 'eduPersonScopedAffiliation' ] %]
<tr>
- <th>[% attribute %]</th><td>[% account.$attribute().join(', ') %]</td>
+ <th>[% attribute %]</th><td>[% attributes.$attribute.join(', ') %]</td>
</tr>
[% END %]
<tr>
--
GitLab