Closed taojing2002 closed 6 months ago
I think option 3 is a good, iterative step in the right direction, and we can then do option 1 later, maybe after the v3.0.0 release?
Yeah. Option 3 sounds good to me as well.
After our call discussing this, I think we decided Option 1 to use DataONE auth APIs is the best approach. Does that sounds right to you @taojing2002 ?
Yes, we decided to use option 1 and Dou is working on the issue. @doulikecookiedough
Also need to change auth.administrators
properties list to be semicolon-delimited instead of colon-delimited, since it now includes orcids with colons
Reminder for me or @artntek to resolve:
AuthAdmin
does not persist properties in memory (ex. when adding a user during auth configuration). Code was unintentionally deleted during clean up to prepare existing code changes for handoff (after Line 169)
for (Integer globalPropertyIndex : globalPropertyIndexes) {
String globalPropertyKey = globalPropertyMap.get(globalPropertyIndex).getKey();
PropertyService.checkAndSetProperty(request, globalPropertyKey);
}
auth-configuration.jsp
page needs to be revisited (it may be malformed) because existing code that was assumed to be redundant was deleted hastily. Suggestion: we should restore the previous layout and leave it as is to minimize unexpected errors (?).Reminder for me or @artntek to resolve:
AuthAdmin
does not persist properties in memory [...]- The
auth-configuration.jsp
page [...] restore the previous layout
Thanks for making a note of these @doulikecookiedough! Since you're closest to that code, would you mind reverting the changes in those 2 files and pushing them to feature-1694-dou-develop
, so I can pick them up? (I have not touched either file so far in my branch)
Thanks!
@artntek I've pushed the updates discussed above to dou-develop
. Note - I was unsuccessful in including http://orcid.org/
as part of the admin user string. This is due to the :
present - our existing code splits the single string (ex. http://orcid.org/0000-0000-0000-000X
into two users when being iterated over. I am not sure how to best handle it at the moment, but did not want to leave dou-develop
to be in a broken state so I pushed with the current fixes.
To expand a bit further on this issue, when MN node checks for admin privileges, even if the Metacat admin ORCID user is valid, it will be considered not due to the omitted http://orcid.org/
. Either the method to check needs to be updated, or we should figure out how to ensure that http://orcid.org/0000-0000-0000-000X
is read as one string/admin user.
Note the PR #1824 is focused on getting the admin login working. There is some subsequent cleanup that should be done, once it is merged, to get rid of old code that is no longer used. I deferred this to a separate PR, to increase speed and reduce risk and reviewer burden.
Cleanup reminders:
lib/admin/auth-configuration.jsp
src/edu/ucsb/nceas/metacat/admin/AuthAdmin.java
AuthInterface
and its implementations. We only need group info now (for legacy reasons)SessionService
and friendsadmin.js
and admin.css
moving these to a new issue #1846, so they can be done in following milestone, and we can close this issue:
I have disabled all old Metacat API calls (actions) except the log-in method since currently Metacat admin pages need the method. We can have those options to fix the issue: