This code adds functionality to the existing Hubzero core plugin, plgUserHubzero. The new functionality creates and maintains a unique 32 character user secret for each Hub user, at login time. If the user has an existing secret, that secret is retained. If the user is ever deidentified, the plugin will null out the user secret.
User secrets are stored in the jos_users.secret column, which is created on up migration of this plugin. At up migration time, new unique secrets are then generated for all users who have logged in during the past 1 year. The jos_users.secret column is removed on down migration of this plugin.
Motivation
The goal is to create the secret once per user under normal conditions. The user secret can then be hashed with a unique Hub secret and a unique email campaign secret to create a unique code. This code can be used to form a URL that will be emailed to the user to provide them with link-based access to a secure Hub page without requiring login. Should a security incident occur, the user secret can be reset in the admin interface; this is done in com_membersPR #1683
The functionality uses the standard Hubzero plugin architecture, including a migration script that creates and populates, or drops, the secret database column. The changes here add to the existing plugin's public onUserLogin() and onUserDeidentify() functions, as well as creating several protected functions that generate the secret, check for the secret, and save or null the secret.
Testing
This plugin was tested on an AWS Hubzero instance running on CentOS7 and previously on a local VirtualBox Hubzero instance. Tests included:
up/down migration to create and populate/drop database column
login of site and admin users to create non-null secret if needed:
on login with null secret column: secret is created
on login with non-null secret column: secret is retained
logout of site and admin users
simultaneous login of several users
test of nulling the secret database column for a single user
Deployment
This plugin should be deployed with other changes stemming from Nanohub epic NCN-434. Hotfixing should not be necessary.
Revisions
This work was initially developed as a standalone plugin, found in PR #1663.
Following initial code review, these revisions were completed (as of 14 Sep 23):
removed composer.json file
update copyright years to 2023, on all files
discuss appropriate table location of secret column, with Pascal
Use Hubzero library function Password::genRandomPassword() in createUserSecret()
improve the README
indicate where the log() statements in migration script write to (that’s informational muse output)
This work was subsequently moved to the plgUserHubzero plugin.
Dependencies
This work is part of Epic NCN-434, whose PRs should all be deployed together:
1693, NCN-633
plgUserHubzero
(on user login, ensure user has a secret in the DB)1683 NCN-439
com_members
(manage user secret)1676 NCN-437
com_newsletter
(manage campaign secret)1675 NCN-438
com_config
(manage hub secret)1695 NCN-702, NCN-440:
com_newsletter
(update access verification)Summary
This code adds functionality to the existing Hubzero core plugin,
plgUserHubzero
. The new functionality creates and maintains a unique 32 character user secret for each Hub user, at login time. If the user has an existing secret, that secret is retained. If the user is ever deidentified, the plugin will null out the user secret.User secrets are stored in the
jos_users.secret
column, which is created on up migration of this plugin. At up migration time, new unique secrets are then generated for all users who have logged in during the past 1 year. Thejos_users.secret
column is removed on down migration of this plugin.Motivation
The goal is to create the secret once per user under normal conditions. The user secret can then be hashed with a unique Hub secret and a unique email campaign secret to create a unique code. This code can be used to form a URL that will be emailed to the user to provide them with link-based access to a secure Hub page without requiring login. Should a security incident occur, the user secret can be reset in the admin interface; this is done in
com_members
PR #1683Development
This development was done for Nanohub, as part of the Epic NCN-434, "Salesforce Newsletter Expiration Token Rewrite". Details of development task cards:
Epic: NCN-434
Code Description
The functionality uses the standard Hubzero plugin architecture, including a migration script that creates and populates, or drops, the
secret
database column. The changes here add to the existing plugin's publiconUserLogin()
andonUserDeidentify()
functions, as well as creating several protected functions that generate the secret, check for the secret, and save or null the secret.Testing
This plugin was tested on an AWS Hubzero instance running on CentOS7 and previously on a local VirtualBox Hubzero instance. Tests included:
secret
database column for a single userDeployment
This plugin should be deployed with other changes stemming from Nanohub epic NCN-434. Hotfixing should not be necessary.
Revisions
This work was initially developed as a standalone plugin, found in PR #1663.
Following initial code review, these revisions were completed (as of 14 Sep 23):
This work was subsequently moved to the
plgUserHubzero
plugin.