OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



proposal for allowing custom implicitAuth plugin

OJS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
Developer Resources:

Documentation: The OJS Technical Reference and the OJS API Reference are both available from the OJS Documentation page.

Git: You can access our public Git Repository here. Comprehensive Git usage instructions are available on the wiki.

Bugzilla: You can access our Bugzilla report tracker here.

Search: You can use our Google Custom Search to search across our main website, the support forum, and Bugzilla.

Questions and discussion are welcome, but if you have a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a technical support question, try the OJS Technical Support subforum.

proposal for allowing custom implicitAuth plugin

Postby budalokko » Fri Oct 08, 2010 10:15 am

Hi,

I had to implement another implicitAuth plugin different from Shibboleth. I used its code to generate mine and it was a great reference, but there is one simple change that has to be done to Shibboleth plugin and to core to allow different systems than Shibboleth. I think it would be great that OJS allowed us developers to do this without any change to core.

On Shibboleth's source there is a clue about what the problem is:

At /plugins/implicitAuth/shibboleth/ShibAuthPlugin.inc.php, line 11 we can find:
Code: Select all
// If there ends up being another implicitAuth plugin - then this registration statement
// should be removed - so that the other plugin gets called
HookRegistry::register('ImplicitAuthPlugin::implicitAuth', array(&$this, 'implicitAuth'));

Obviously it does not look like a great idea to change Shibboleth code so the system can use other implicitAuth plugins, that's why my proposal would be to add a new line on config.inc.php [security] block just after the implicit_auth definition, defaulting to Shibboleth:
Code: Select all
;Is implicit authentication enabled or not
;implicit_auth = On
;implicit_auth_plugin_name = ShibAuthPlugin

then, the /plugins/implicitAuth/shibboleth/ShibAuthPlugin.inc.php code I quoted before could be changed by:

Code: Select all
// Only load this plugin's hooks if it is selected in config file
if( Config::getVar('security', 'implicit_auth_plugin_name') == $this->getName() ){
  HookRegistry::register('ImplicitAuthPlugin::implicitAuth', array(&$this, 'implicitAuth'));
}


and should be added to Shibboleth plugin and any other implicitAuth plugins somebody might like to create. I think this forum is the right place to contact on this subject with OJS devs, but I am quite new to OJS so, if it isn't, I would be happy to go wherever you point me to.

I hope somebody has interest on this subject and would be happy to discuss on it. Oh! my plugin is about using Drupal auth system, I didn't find anything on the forums, but if somebody has some ideas on it I would be glad to know them.

cheers.
budalokko
 
Posts: 2
Joined: Fri Oct 08, 2010 9:54 am

Re: proposal for allowing custom implicitAuth plugin

Postby mcrider » Tue Oct 12, 2010 3:50 pm

Hi budalokko,

Could you tell us more about what you're doing with drupal? From a quick search, it looks like they have an authentication API, is that what you're using? Sounds very interesting--We'd be very happy if you'd contribute this plugin back to the community :)

Anyways, your code change sounds reasonable, though I figure why that hasn't been implemented is because it is expected that if you use a different implicitAuth plugin than Shibboleth, you'd delete the Shib plugin. I'd suggest starting a bugzilla entry against OJS, and then uploading a unified diff. Even better, if you're familiar with Git (see http://pkp.sfu.ca/wiki/index.php/ for info on checking out OJS through Git) is to pull down a fresh copy of OJS and pushing your code to your own repository, then send us a pull request (if that's alien to you, a patch is fine!)

Cheers,
Matt
mcrider
 
Posts: 952
Joined: Mon May 05, 2008 10:29 am
Location: Vancouver, BC

Re: proposal for allowing custom implicitAuth plugin

Postby budalokko » Wed Oct 13, 2010 6:08 am

Hi mcrider,

thanks for your feedback. For the drupal stuff, I am not using their API. Actually I did nothing to my Drupal install. I only made changes on OJS land.
My implicitAuth plugin does the following:
    -Retrieve Drupal's session id from $_COOKIE.
    -Open a new DBConnection for the Drupal database (Drupal sessions are stored in database).
    -Retrieve session information. Here it is easy to retrieve all user informations and the Drupal permissions.
    -If session is not correct redirect to Drupal login form.
    -If session is correct do the same as Shib plugin:
      -Create user if it is not created
      -Set admin if necessary
      -Set "author" (this is particular to my app: all drupal users do have author role on ojs).
      -Set user as loged in as in shib plugin and redirect to author main page.
I, and hopefully my bosses would be happy to contribute it back to OJS community, but the code should be checked by somebody more familiar with OJS than me, because maybe I am doing things "not exactly right" with these DB connections, user creations, etc..

Regarding my code change proposal, I personally hate modifying things on the open source systems I use, I tend to forget the changes I did to systems maintained by others. The GIT stuff you tell me only sounds 50% alien to me. It is probably a good moment for me to dig a bit more into GIT so yes, I will proceed as you told me: Soon I will create my git branch and start the bugzilla entry.

you can tell me too how you want that I proceed with Drupal stuff. I can email my code to somebody willing to browse it, but it is not yet good enough to think on a release.
I am quite unfamiliar with OJS so, some questions arise to me: is there a place I can add configurations particular to my implicitAuth plugin, such as "roles to set automatically for Drupal users", Drupal DB connection data, etc. I have put that information in config.inc.php atm.

Cheers,
Marc ///
budalokko
 
Posts: 2
Joined: Fri Oct 08, 2010 9:54 am

Re: proposal for allowing custom implicitAuth plugin

Postby mcrider » Fri Oct 15, 2010 12:57 pm

Hi Marc,

If you want to wait until you get your plugin up on your own github repository, you can post back on this thread and we'll take a look at it. Github has a nice facility for commenting on code, so that would be a great place to put it.

For configuring settings, I would look into packaging an .xml file with your plugin that people can edit to set the connection parameters and other stuff. OJS in general does this with the xml files in the ojs/registry/ directory, and various plugins such as the webFeed plugin (ojs/plugins/generic/webFeed/) do this with a settings.xml file in their root directory. I'm not 100% sure how those work, but I think that when a new journal is created, it loads those settings in the xml file into the plugin_settings table, so in your code you would call something like $this->getSetting('drupalDBName') to get the name of the DB you should be writing to.

Cheers,
Matt
mcrider
 
Posts: 952
Joined: Mon May 05, 2008 10:29 am
Location: Vancouver, BC


Return to OJS Development

Who is online

Users browsing this forum: Yahoo [Bot] and 2 guests