X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=lib%2FAuth%2FSource%2FFSFDrupalAuth.php;h=a543e04003ce50626b550c2f85952d7821e7c9f6;hb=2d61361e521b27d4f92655dca920cb10ad4e9934;hp=4acf2babad500dfc5dc4a8dc70222a3f7d3fcfb9;hpb=f58b2b6ba9fcc5440bc62e74cabe74b624683968;p=fsfdrupalauth.git diff --git a/lib/Auth/Source/FSFDrupalAuth.php b/lib/Auth/Source/FSFDrupalAuth.php index 4acf2ba..a543e04 100644 --- a/lib/Auth/Source/FSFDrupalAuth.php +++ b/lib/Auth/Source/FSFDrupalAuth.php @@ -44,6 +44,23 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase private $query_main; private $query_membership; private $query_staff; + private $query_nomination_process_donations; + private $query_nomination_process_gift_receipt; + private $query_nomination_process_adhoc; + + /** + * SQL query parameters, or variables that help determine which attributes + * someone has + */ + private $fsf_org_id; + private $gift_redeem_page_id; + + private $nomination_process_active; + private $nomination_process_contrib_start_date; + private $nomination_process_contrib_end_date; + private $nomination_process_adhoc_access_group_id; + private $membership_monthly_rate; + private $student_membership_monthly_rate; /** * Constructor for this authentication source. @@ -60,7 +77,29 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase parent::__construct($info, $config); // Make sure that all required parameters are present. - foreach (['dsn', 'username', 'password', 'query_main', 'query_membership', 'query_staff'] as $param) { + foreach (['dsn', + 'username', + 'password', + + 'query_main', + 'query_membership', + 'query_staff', + + 'query_nomination_process_donations', + 'query_nomination_process_gift_receipt', + 'query_nomination_process_adhoc', + + 'fsf_org_id', + 'gift_redeem_page_id', + + 'nomination_process_active', + 'nomination_process_contrib_start_date', + 'nomination_process_contrib_end_date', + 'nomination_process_adhoc_access_group_id', + 'membership_monthly_rate', + 'student_membership_monthly_rate'] + as $param) { + if (!array_key_exists($param, $config)) { throw new Exception('Missing required attribute \''.$param. '\' for authentication source '.$this->authId); @@ -72,14 +111,10 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase ' to be a string. Instead it was: '. var_export($config[$param], true)); } + + $this->$param = $config[$param]; } - $this->dsn = $config['dsn']; - $this->username = $config['username']; - $this->password = $config['password']; - $this->query_main = $config['query_main']; - $this->query_membership = $config['query_membership']; - $this->query_staff = $config['query_staff']; if (isset($config['options'])) { $this->options = $config['options']; } @@ -137,9 +172,9 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase // pipes code based off of https://www.php.net/manual/en/function.proc-open.php // CC-BY 3.0 or later $descriptorspec = array( - 0 => array("pipe", "r"), // stdin is a pipe that the child will read from - 1 => array("pipe", "w"), // stdout is a pipe that the child will write to - 2 => array("pipe", "w") // stderr is a file to write to + 0 => array("pipe", "r"), // stdin is a pipe that the child may read from + 1 => array("pipe", "w"), // stdout is a pipe that the child may write to + 2 => array("pipe", "w") // stderr is a pipe that the child may write to ); $cwd = "../modules/fsfdrupalauth/extlib"; @@ -167,17 +202,19 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase $return_value = proc_close($process); //Logger::debug('fsfdrupalauth:'.$this->authId.': authenticator stdout: '.$result); - + + $errors_found_yet = false; if ($errors != "") { Logger::error('fsfdrupalauth:'.$this->authId.': authenticator stderr: '.$errors); + $errors_found_yet = true; } - + if ($return_value != 0) { Logger::error('fsfdrupalauth:'.$this->authId.': authenticator non-zero return code: '.$return_value); - return false; + $errors_found_yet = true; } - - return ($return_value == 0 && rtrim($result) == "true"); + + return (!$errors_found_yet && is_string($result) && rtrim($result) == "true"); } else { @@ -192,7 +229,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase * query the database with arbitrary queries that only require a user name. * */ - private function query_db($queryname, $username) + private function query_db($queryname, $query_params) { assert(is_string($queryname)); assert(is_string($username)); @@ -207,7 +244,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase } try { - $sth->execute(['username' => $username]); + $sth->execute($query_params); } catch (PDOException $e) { throw new Exception('fsfdrupalauth:'.$this->authId. ': - Failed to execute queryname: '.$queryname.': '.$e->getMessage()); @@ -231,11 +268,11 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase */ private function add_more_attributes(&$attributes, $username) { - // - // query on membership - // + // + // query on membership + // - $membership_data = $this->query_db('query_membership', $username); + $membership_data = $this->query_db('query_membership', ['username' => $username]); if (count($membership_data) === 0) { // No rows returned - invalid username @@ -243,7 +280,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase ': No rows in result set. Probably no membership.'); } - $attributes['is_member'] = ['false']; + $attributes['is_member'] = ['false']; $attributes['was_member'] = ['false']; foreach ($membership_data as $row) { @@ -253,20 +290,121 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase } $value = (string) $value; - if ($value === '1' || $value === '2' || $value === '3') { + if ($value === '1' || $value === '2' || $value === '3') { $attributes['is_member'] = ['true']; $attributes['was_member'] = ['true']; - } elseif ($value === '4') { + } elseif ($value === '4') { $attributes['was_member'] = ['true']; - } + } } } - // - // query on staff - // + // + // query for access to board nomination process + // + + $start_date = $this->nomination_process_contrib_start_date; + $end_date = $this->nomination_process_contrib_end_date; - $staff_data = $this->query_db('query_staff', $username); + /** + * @param string $query_name Name of query in authsources + * @param array $extra_params Associative array of parameters to include in query + */ + $donation_query = function ($query_name, $extra_params) + use ($username) { + + $parameters = ['username' => $username]; + + foreach ($extra_params as $key => $value) { + $parameters[$key] = $value; + } + + return $this->query_db($query_name, $parameters); + }; + + $compare_res = function ($result, $amount) { + foreach ($result[0] as $key => $value) { + if (intval($value) >= $amount) { + return true; + } + } + return false; + }; + + // looks for memberships / comparable donations in time window. also + // looks for a membership or donation (included as a param) that + // occurred up to a year before, and that would have carried over into + // the time window with a single donation. this approximates whether + // the person was, or would have been, a member during the configured + // time window. + $analyze_history = function ($selective_donations_history) + use ($start_date, $end_date) { + + $eligible = false; + + $start_date_obj = new \DateTime($start_date); + $end_date_obj = new \DateTime($end_date); + + foreach ($selective_donations_history as $row) { + + $amount = intval($row['amount']); + $member_type_id = $row['member_type_id']; + $receive_date_obj = new \DateTime($row['receive_date']); + + if ($amount < 5) { + continue; + + } elseif ($receive_date_obj >= $start_date_obj and $receive_date_obj <= $end_date_obj) { + return true; + + } elseif ($receive_date_obj < $start_date_obj) { + switch ($member_type_id) { + case '1': + case '2': + $rate = intval($this->student_membership_monthly_rate); + break; + case '8': + case '9': + case null: + default: + $rate = intval($this->membership_monthly_rate); + break; + } + $membership_end_date_obj = new \DateTime($row['receive_date']); + $membership_end_date_obj->add(new \DateInterval("P" . ceil($amount / $rate) . "M")); + + if ($membership_end_date_obj >= $start_date_obj) { + return true; + } + } + } + return false; + }; + + $donation_params = ['start_date' => $start_date, 'end_date' => $end_date]; + $gift_member_params = ['start_date' => $start_date, 'end_date' => $end_date, 'gift_redeem_page_id' => intval($this->gift_redeem_page_id)]; + $adhoc_params = ['adhoc_access_group_id' => intval($this->nomination_process_adhoc_access_group_id)]; + + if ($this->nomination_process_active == 'true' ) { + if ($compare_res($donation_query('query_nomination_process_adhoc', $adhoc_params), 1) || ($attributes['is_member'] == ['true'] + && ($analyze_history($donation_query('query_nomination_process_donations', $donation_params)) + || $compare_res($donation_query('query_nomination_process_gift_receipt', $gift_member_params), 1)))) { + + $attributes['nomination_process'] = ['true']; + } else { + Logger::debug('fsfdrupalauth:'.$this->authId. + ': Not a member / comparable donor during window for board process.'); + $attributes['nomination_process'] = ['false']; + } + } else { + $attributes['nomination_process'] = ['false']; + } + + // + // query on staff + // + + $staff_data = $this->query_db('query_staff', ['username' => $username, 'fsf_org_id' => $this->fsf_org_id]); if (count($staff_data) === 0) { // No rows returned - invalid username @@ -274,7 +412,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase ': No rows in result set. Probably not FSF staff.'); } - $attributes['is_fsf_staff'] = ['false']; + $attributes['is_fsf_staff'] = ['false']; foreach ($staff_data as $row) { foreach ($row as $key => $value) { @@ -291,6 +429,24 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase } } } + + // + // aggregate attribute + // + + $groups_list = ''; + $first = true; + foreach ($attributes as $key => $value) { + if ($value == ['true']) { + if (!$first) { + $groups_list .= ', '; + } + $groups_list .= $key; + $first = false; + } + } + + $attributes['groups_list'] = [$groups_list]; } /** @@ -315,7 +471,7 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase //Logger::debug('fsfdrupalauth:'.$this->authId.': entered password: '.$password); - $user_data = $this->query_db('query_main', $username); + $user_data = $this->query_db('query_main', ['username' => $username]); if (count($user_data) === 0) { @@ -331,11 +487,11 @@ class FSFDrupalAuth extends \SimpleSAML\Module\core\Auth\UserPassBase */ $attributes = []; - // use the entered user name so we don't forcibly change it to all - // lower case. this is to preserve the behavior of the old cas server, - // and to remain compatible with our MW and Discourse sites that are - // case sensitive. - $attributes['name'][] = $username; + // use the entered user name so we don't forcibly change it to all + // lower case. this is to preserve the behavior of the old cas server, + // and to remain compatible with our MW and Discourse sites that are + // case sensitive. + $attributes['name'][] = $username; foreach ($user_data as $row) { foreach ($row as $key => $value) {