[NCN-633] Rework user secret into core hubzero plugin

[jsperhac]

Dependencies

This work is part of Epic NCN-434, whose PRs should all be deployed together:

• 1693, NCN-633 plgUserHubzero (on user login, ensure user has a secret in the DB)

• 1683 NCN-439 com_members (manage user secret)

• 1676 NCN-437 com_newsletter (manage campaign secret)

• 1675 NCN-438 com_config (manage hub secret)

• 1695 NCN-702, NCN-440: com_newsletter (update access verification)

Summary

This code adds functionality to the existing Hubzero core plugin, plgUserHubzero. The new functionality creates and maintains a unique 32 character user secret for each Hub user, at login time. If the user has an existing secret, that secret is retained. If the user is ever deidentified, the plugin will null out the user secret.

User secrets are stored in the jos_users.secret column, which is created on up migration of this plugin. At up migration time, new unique secrets are then generated for all users who have logged in during the past 1 year. The jos_users.secret column is removed on down migration of this plugin.

Motivation

The goal is to create the secret once per user under normal conditions. The user secret can then be hashed with a unique Hub secret and a unique email campaign secret to create a unique code. This code can be used to form a URL that will be emailed to the user to provide them with link-based access to a secure Hub page without requiring login. Should a security incident occur, the user secret can be reset in the admin interface; this is done in com_members PR #1683

Development

This development was done for Nanohub, as part of the Epic NCN-434, "Salesforce Newsletter Expiration Token Rewrite". Details of development task cards:

Epic: NCN-434

• Initial Dev Task: NCN-435
• Rework Dev Task: NCN-633
• Initial secret population: NCN-436
• Migration script secret population: NCN-693

Code Description

The functionality uses the standard Hubzero plugin architecture, including a migration script that creates and populates, or drops, the secret database column. The changes here add to the existing plugin's public onUserLogin() and onUserDeidentify() functions, as well as creating several protected functions that generate the secret, check for the secret, and save or null the secret.

Testing

This plugin was tested on an AWS Hubzero instance running on CentOS7 and previously on a local VirtualBox Hubzero instance. Tests included:

• up/down migration to create and populate/drop database column
• login of site and admin users to create non-null secret if needed:
  • on login with null secret column: secret is created
  • on login with non-null secret column: secret is retained
• logout of site and admin users
• simultaneous login of several users
• test of nulling the secret database column for a single user

Deployment

This plugin should be deployed with other changes stemming from Nanohub epic NCN-434. Hotfixing should not be necessary.

Revisions

This work was initially developed as a standalone plugin, found in PR #1663.

Following initial code review, these revisions were completed (as of 14 Sep 23):

• removed composer.json file
• update copyright years to 2023, on all files
• discuss appropriate table location of secret column, with Pascal
• Use Hubzero library function Password::genRandomPassword() in createUserSecret()
• improve the README
• indicate where the log() statements in migration script write to (that’s informational muse output)

This work was subsequently moved to the plgUserHubzero plugin.

[jsperhac]

@dbenham, I removed the enablePlugin() and disablePlugin() calls and rebased this work as discussed. Thank you!

[jsperhac]

(Superceded by #1704 )