backdrop-contrib / simplesamlphp_auth

Support SAML for authentication of users. The module will auto-provision user accounts and dynamically assign roles in Backdrop CMS if you want it to.
https://backdropcms.org/project/simplesamlphp_auth
GNU General Public License v2.0
2 stars 3 forks source link

Remove code/features that aren't used #5

Open kreynen opened 2 years ago

kreynen commented 2 years ago

The D7 project evolved a lot since Robert Douglas started it 11+ years ago. I'd like to remove some of the features added in the last decade that are no longer of interest to anyone using this project in Backdrop.

I'm sure there is more questionable code in this, but this is probably more of a 1.1.x change. Just wanted to get the conversation started.

argiepiano commented 2 years ago

Regarding point 1 (rules integration). This module defines two rules events, and makes the appropriate invocations to them in specific points of the code (within simplesamlphp_auth_user_insert(), and simplesamlphp_auth_init()).

So, from the point of view of functionality, this looks fine, and will work fine if you create a Rule that reacts to those events.

kreynen commented 2 years ago

That still doesn't explain the "that couldn't be handled by rules_user_login or rules_user_logout" part of the should this be included?

Maybe if a site allowed both local and SAML authentication AND wanted something different to happen to just the SAML users, this might be useful... but I'm unaware of that use case at any organization interested in using this.

The bigger points are that getting this project to a stable, 2.0.0 release that requires a supported version of PHP and simpleSAMLphp library is important for security reasons. The previous D7 project never got beyond an alpha. The development resources to maintain this project in Backdrop, write test coverage, review feature requests, etc are very limited. Including code for Rules when no one is using simpleSAMLphp_auth with Rules, there is no testing to ensure it continues to work when dependencies are updated and responding to support requests for that feature would require a configuration no one involved is running is the type of unfocused approach that leads to an 11 year old project used by 9K+ sites only having an alpha2 release.

The authentication needs at Stanford and the University of Colorado are really well defined.

Doing less better is how we get from alpha2 to 2.0.0.

joelsteidl commented 2 years ago

I'm all about ripping out stuff we don't need. This shouldn't support rules in my opinion.

argiepiano commented 2 years ago

I'm not advocating one way or another. I was just responding to your question "I'm not sure the Rules integration in the module works with https://backdropcms.org/project/rules.". My answer was, yes, they do work.

And yes, probably the Rules event simplesamlphp_auth_rules_event_login is not really needed, as it can be handled by the user_login Rules event. simplesamlphp_auth_rules_event_register can be also handled by the rules-provided event user_insert