Closed jsperhac closed 9 months ago
One remark: the spec for this epic (specifically card https://sdx-sdsc.atlassian.net/browse/NCN-438) indicates that a given user's secret should be resettable by the admin user. This may require small changes to the original plugin code to enable calling its protected functions (or alternately we might add public functions that enable this operation.)
I'm not sure which approach is appropriate for a plugin.
@dbenham and @nkissebe, I have made the revisions discussed in code review; all are now present in this PR. Please let me know if you have any questions.
I hate to bring this up. But since this is going to core and you want to make some UI elements in admin to manipulate it we should probably just implement this directly in core and not as a separate plugin (when would someone ever want to turn it off). Move some of the core functions into the User class (so then easily accessible by admin UI) and add the trigger events to the hubzero user plugin (for lack of knowing how else to add things to event triggers).
Seems a bit late to talk about moving this code from point A to point B, but @nkissebe has a decent argument. We'll let Rich or Amit make the call on if they want to invest the extra time to make this mod, or if we want to go as is. We'll talk about it at the next dev meeting.
Nick and Jeanette will get together to discuss moving this code into a core user.
Closing this PR. In dev meeting it was decided that this work would be moved into Hubzero Core plugin, plgUserHubzero. A PR for this work will be generated separately. Though the code will be much the same, it will not reside in a freestanding plugin.
Summary
This code creates a new plugin suitable for use in
hubzero-cms
core. The plugin creates and maintains a unique 32 character user secret for each Hub user, at login time. If the user has an existing secret, that secret is retained. If the user is ever deidentified, the plugin will null out the user secret.User secrets are stored in the
jos_users.secret
column, which is created on up migration of this plugin, and removed on down migration of this plugin.Motivation
This development was undertaken for Nanohub, as part of the Epic "Salesforce Newsletter Expiration Token Rewrite", NCN-434. The specific card for this development task is NCN-435.
The goal is to create the secret once per user. The user secret can then be hashed with a unique Hub secret and a unique email campaign secret to create a unique code. This code can be used to form a URL that will be emailed to the user to provide them with access to a Hub newsletter.
Code Description
The plugin uses the standard Hubzero plugin architecture, including a migration script that creates/drops the
secret
database column, and asecret.php
script that provides publiconUserLogin()
andonUserDeidentify()
functions, as well as several protected functions that generate the secret, check for the secret, and save or null the secret.Testing
This plugin was tested on a local Hubzero VM running on CentOS7 under Virtual Box. Tests included:
secret
database column for a single userDeployment
This plugin should be deployed with other changes stemming from Nanohub epic NCN-434. Hotfixing should not be necessary.
Revisions
Following code review, the following revisions were completed (as of 14 Sep 23):