PKP Support

[budalokko]

Hi,

I had to implement another implicitAuth plugin different from Shibboleth. I used its code to generate mine and it was a great reference, but there is one simple change that has to be done to Shibboleth plugin and to core to allow different systems than Shibboleth. I think it would be great that OJS allowed us developers to do this without any change to core.

On Shibboleth's source there is a clue about what the problem is:

At /plugins/implicitAuth/shibboleth/ShibAuthPlugin.inc.php, line 11 we can find:

Code: Select all

// If there ends up being another implicitAuth plugin - then this registration statement
// should be removed - so that the other plugin gets called
HookRegistry::register('ImplicitAuthPlugin::implicitAuth', array(&$this, 'implicitAuth'));


Obviously it does not look like a great idea to change Shibboleth code so the system can use other implicitAuth plugins, that's why my proposal would be to add a new line on config.inc.php [security] block just after the implicit_auth definition, defaulting to Shibboleth:

Code: Select all

;Is implicit authentication enabled or not
;implicit_auth = On
;implicit_auth_plugin_name = ShibAuthPlugin


then, the /plugins/implicitAuth/shibboleth/ShibAuthPlugin.inc.php code I quoted before could be changed by:

Code: Select all

// Only load this plugin's hooks if it is selected in config file
if( Config::getVar('security', 'implicit_auth_plugin_name') == $this->getName() ){
  HookRegistry::register('ImplicitAuthPlugin::implicitAuth', array(&$this, 'implicitAuth'));
}

and should be added to Shibboleth plugin and any other implicitAuth plugins somebody might like to create. I think this forum is the right place to contact on this subject with OJS devs, but I am quite new to OJS so, if it isn't, I would be happy to go wherever you point me to.

I hope somebody has interest on this subject and would be happy to discuss on it. Oh! my plugin is about using Drupal auth system, I didn't find anything on the forums, but if somebody has some ideas on it I would be glad to know them.

cheers.

[mcrider]

Hi budalokko,

Could you tell us more about what you're doing with drupal? From a quick search, it looks like they have an authentication API, is that what you're using? Sounds very interesting--We'd be very happy if you'd contribute this plugin back to the community

Anyways, your code change sounds reasonable, though I figure why that hasn't been implemented is because it is expected that if you use a different implicitAuth plugin than Shibboleth, you'd delete the Shib plugin. I'd suggest starting a bugzilla entry against OJS, and then uploading a unified diff. Even better, if you're familiar with Git (see http://pkp.sfu.ca/wiki/index.php/ for info on checking out OJS through Git) is to pull down a fresh copy of OJS and pushing your code to your own repository, then send us a pull request (if that's alien to you, a patch is fine!)

Cheers,
Matt

[budalokko]

Hi mcrider,

thanks for your feedback. For the drupal stuff, I am not using their API. Actually I did nothing to my Drupal install. I only made changes on OJS land.
My implicitAuth plugin does the following:

-Retrieve Drupal's session id from $_COOKIE.
-Open a new DBConnection for the Drupal database (Drupal sessions are stored in database).
-Retrieve session information. Here it is easy to retrieve all user informations and the Drupal permissions.
-If session is not correct redirect to Drupal login form.
-If session is correct do the same as Shib plugin:

-Create user if it is not created
-Set admin if necessary
-Set "author" (this is particular to my app: all drupal users do have author role on ojs).
-Set user as loged in as in shib plugin and redirect to author main page.

I, and hopefully my bosses would be happy to contribute it back to OJS community, but the code should be checked by somebody more familiar with OJS than me, because maybe I am doing things "not exactly right" with these DB connections, user creations, etc..

Regarding my code change proposal, I personally hate modifying things on the open source systems I use, I tend to forget the changes I did to systems maintained by others. The GIT stuff you tell me only sounds 50% alien to me. It is probably a good moment for me to dig a bit more into GIT so yes, I will proceed as you told me: Soon I will create my git branch and start the bugzilla entry.

you can tell me too how you want that I proceed with Drupal stuff. I can email my code to somebody willing to browse it, but it is not yet good enough to think on a release.
I am quite unfamiliar with OJS so, some questions arise to me: is there a place I can add configurations particular to my implicitAuth plugin, such as "roles to set automatically for Drupal users", Drupal DB connection data, etc. I have put that information in config.inc.php atm.

Cheers,
Marc ///

[mcrider]

Hi Marc,

If you want to wait until you get your plugin up on your own github repository, you can post back on this thread and we'll take a look at it. Github has a nice facility for commenting on code, so that would be a great place to put it.

For configuring settings, I would look into packaging an .xml file with your plugin that people can edit to set the connection parameters and other stuff. OJS in general does this with the xml files in the ojs/registry/ directory, and various plugins such as the webFeed plugin (ojs/plugins/generic/webFeed/) do this with a settings.xml file in their root directory. I'm not 100% sure how those work, but I think that when a new journal is created, it loads those settings in the xml file into the plugin_settings table, so in your code you would call something like $this->getSetting('drupalDBName') to get the name of the DB you should be writing to.

Cheers,
Matt