artntek
commented
1 year ago I think option 3 is a good, iterative step in the right direction, and we can then do option 1 later, maybe after the v3.0.0 release?
Closed taojing2002 closed 6 months ago
artntek
commented
1 year ago I think option 3 is a good, iterative step in the right direction, and we can then do option 1 later, maybe after the v3.0.0 release?
taojing2002
commented
1 year ago Yeah. Option 3 sounds good to me as well.
mbjones
commented
11 months ago After our call discussing this, I think we decided Option 1 to use DataONE auth APIs is the best approach. Does that sounds right to you @taojing2002 ?
taojing2002
commented
11 months ago Yes, we decided to use option 1 and Dou is working on the issue. @doulikecookiedough
artntek
commented
7 months ago Also need to change auth.administrators properties list to be semicolon-delimited instead of colon-delimited, since it now includes orcids with colons
doulikecookiedough
commented
6 months ago Reminder for me or @artntek to resolve:
AuthAdmin does not persist properties in memory (ex. when adding a user during auth configuration). Code was unintentionally deleted during clean up to prepare existing code changes for handoff (after Line 169)
for (Integer globalPropertyIndex : globalPropertyIndexes) {
String globalPropertyKey = globalPropertyMap.get(globalPropertyIndex).getKey();
PropertyService.checkAndSetProperty(request, globalPropertyKey);
}auth-configuration.jsp page needs to be revisited (it may be malformed) because existing code that was assumed to be redundant was deleted hastily. Suggestion: we should restore the previous layout and leave it as is to minimize unexpected errors (?).artntek
commented
6 months ago Reminder for me or @artntek to resolve:
AuthAdmindoes not persist properties in memory [...]- The
auth-configuration.jsppage [...] restore the previous layout
Thanks for making a note of these @doulikecookiedough! Since you're closest to that code, would you mind reverting the changes in those 2 files and pushing them to feature-1694-dou-develop, so I can pick them up? (I have not touched either file so far in my branch)
Thanks!
doulikecookiedough
commented
6 months ago @artntek I've pushed the updates discussed above to dou-develop. Note - I was unsuccessful in including http://orcid.org/ as part of the admin user string. This is due to the : present - our existing code splits the single string (ex. http://orcid.org/0000-0000-0000-000X into two users when being iterated over. I am not sure how to best handle it at the moment, but did not want to leave dou-develop to be in a broken state so I pushed with the current fixes.
To expand a bit further on this issue, when MN node checks for admin privileges, even if the Metacat admin ORCID user is valid, it will be considered not due to the omitted http://orcid.org/. Either the method to check needs to be updated, or we should figure out how to ensure that http://orcid.org/0000-0000-0000-000X is read as one string/admin user.
artntek
commented
6 months ago Note the PR #1824 is focused on getting the admin login working. There is some subsequent cleanup that should be done, once it is merged, to get rid of old code that is no longer used. I deferred this to a separate PR, to increase speed and reduce risk and reviewer burden.
Cleanup reminders:
lib/admin/auth-configuration.jsp src/edu/ucsb/nceas/metacat/admin/AuthAdmin.javaAuthInterface and its implementations. We only need group info now (for legacy reasons)SessionService and friendsadmin.js and admin.cssartntek
commented
6 months ago moving these to a new issue #1846, so they can be done in following milestone, and we can close this issue:
I have disabled all old Metacat API calls (actions) except the log-in method since currently Metacat admin pages need the method. We can have those options to fix the issue: