search

hubzero / hubzero-cms

Platform for Scientific Collaboration
https://hubzero.org
GNU General Public License v2.0
46 stars 57 forks source link

[NCN-435] Create plugin plgUserSecret #1663

Closed jsperhac closed 9 months ago

jsperhac commented 1 year ago

Summary

This code creates a new plugin suitable for use in hubzero-cms core. The plugin creates and maintains a unique 32 character user secret for each Hub user, at login time. If the user has an existing secret, that secret is retained. If the user is ever deidentified, the plugin will null out the user secret.

User secrets are stored in the jos_users.secret column, which is created on up migration of this plugin, and removed on down migration of this plugin.

Motivation

This development was undertaken for Nanohub, as part of the Epic "Salesforce Newsletter Expiration Token Rewrite", NCN-434. The specific card for this development task is NCN-435.

The goal is to create the secret once per user. The user secret can then be hashed with a unique Hub secret and a unique email campaign secret to create a unique code. This code can be used to form a URL that will be emailed to the user to provide them with access to a Hub newsletter.

Code Description

The plugin uses the standard Hubzero plugin architecture, including a migration script that creates/drops the secret database column, and a secret.php script that provides public onUserLogin() and onUserDeidentify() functions, as well as several protected functions that generate the secret, check for the secret, and save or null the secret.

Testing

This plugin was tested on a local Hubzero VM running on CentOS7 under Virtual Box. Tests included:

Deployment

This plugin should be deployed with other changes stemming from Nanohub epic NCN-434. Hotfixing should not be necessary.

Revisions

Following code review, the following revisions were completed (as of 14 Sep 23):

jsperhac commented 1 year ago

One remark: the spec for this epic (specifically card https://sdx-sdsc.atlassian.net/browse/NCN-438) indicates that a given user's secret should be resettable by the admin user. This may require small changes to the original plugin code to enable calling its protected functions (or alternately we might add public functions that enable this operation.)

I'm not sure which approach is appropriate for a plugin.

jsperhac commented 12 months ago

@dbenham and @nkissebe, I have made the revisions discussed in code review; all are now present in this PR. Please let me know if you have any questions.

nkissebe commented 11 months ago

I hate to bring this up. But since this is going to core and you want to make some UI elements in admin to manipulate it we should probably just implement this directly in core and not as a separate plugin (when would someone ever want to turn it off). Move some of the core functions into the User class (so then easily accessible by admin UI) and add the trigger events to the hubzero user plugin (for lack of knowing how else to add things to event triggers).

dbenham commented 11 months ago

Seems a bit late to talk about moving this code from point A to point B, but @nkissebe has a decent argument. We'll let Rich or Amit make the call on if they want to invest the extra time to make this mod, or if we want to go as is. We'll talk about it at the next dev meeting.

dbenham commented 11 months ago

Nick and Jeanette will get together to discuss moving this code into a core user.

jsperhac commented 9 months ago

Closing this PR. In dev meeting it was decided that this work would be moved into Hubzero Core plugin, plgUserHubzero. A PR for this work will be generated separately. Though the code will be much the same, it will not reside in a freestanding plugin.