- Publicity: Public Only All
apm-callback-procs.tcl
Installation procs for authentication, account management, and password management,
- Location:
- packages/acs-authentication/tcl/apm-callback-procs.tcl
- Created:
- 2003-05-13
- Author:
- Lars Pind <lars@collaobraid.biz>
- CVS Identification:
$Id: apm-callback-procs.tcl,v 1.21.2.4 2020/07/03 07:53:44 gustafn Exp $
Procedures in this file
Detailed information
[ hide source ] | [ make this the default ]Content File Source
ad_library { Installation procs for authentication, account management, and password management, @author Lars Pind (lars@collaobraid.biz) @creation-date 2003-05-13 @cvs-id $Id: apm-callback-procs.tcl,v 1.21.2.4 2020/07/03 07:53:44 gustafn Exp $ } namespace eval auth {} namespace eval auth::authentication {} namespace eval auth::password {} namespace eval auth::registration {} namespace eval auth::get_doc {} namespace eval auth::process_doc {} namespace eval auth::user_info {} namespace eval auth::search {} d_proc -private auth::package_install {} {} { db_transaction { # Create service contracts auth::authentication::create_contract auth::password::create_contract auth::registration::create_contract auth::get_doc::create_contract auth::process_doc::create_contract auth::user_info::create_contract auth::search::create_contract # Register local authentication implementations and update the local authority auth::local::install # Register HTTP method for GetDocument auth::sync::get_doc::http::register_impl # Register local filesystem method for GetDocument auth::sync::get_doc::file::register_impl # Register IMS Enterprise 1.1 ProcessDocument implementation auth::sync::process_doc::ims::register_impl } } d_proc -private auth::package_uninstall {} {} { db_transaction { # Unregister IMS Enterprise 1.1 ProcessDocument implementation auth::sync::process_doc::ims::unregister_impl # Unregister HTTP method for GetDocument auth::sync::get_doc::http::unregister_impl # Unregister local filesystem method for GetDocument auth::sync::get_doc::file::unregister_impl # Unregister local authentication implementations and update the local authority auth::local::uninstall # Delete service contracts auth::authentication::delete_contract auth::password::delete_contract auth::registration::delete_contract auth::get_doc::delete_contract auth::process_doc::delete_contract auth::user_info::delete_contract auth::search::delete_contract } } d_proc -private auth::after_upgrade { {-from_version_name:required} {-to_version_name:required} } { After upgrade callback. } { apm_upgrade_logic \ -from_version_name $from_version_name \ -to_version_name $to_version_name \ -spec { 5.0a1 5.0a2 { db_transaction { # Delete and recreate contract auth::process_doc::delete_contract auth::process_doc::create_contract # The old implementation is still there, but now it's unbound # We change the name of the old implementation, so we can recreate it, but don't break foreign key references to it set old_impl_id [acs_sc::impl::get_id -name "IMS_Enterprise_v_1p1" -owner "acs-authentication"] db_dml update { update acs_sc_impls set impl_name = 'IMS_Enterprise_v_1p1_old' where impl_id = :old_impl_id } db_dml update { update acs_sc_impl_aliases set impl_name = 'IMS_Enterprise_v_1p1_old' where impl_id = :old_impl_id } # Create the new implementation set new_impl_id [auth::sync::process_doc::ims::register_impl] # Update authorities that used to use the old impl to use the new impl db_dml update_authorities { update auth_authorities set process_doc_impl_id = :new_impl_id where process_doc_impl_id = :old_impl_id } # Delete the old implementation acs_sc::impl::delete -contract_name "auth_sync_process" -impl_name "IMS_Enterprise_v_1p1_old" } } 5.1.1 5.1.2d1 { db_transaction { # this is a direct update to the SC tables, we should expect a new # API for handling updates on SC, but since there's no one yet, # we'll do this way now .... (roc) set sc_change [list {auth_authentication.Authenticate.InputType} {auth_password.ChangePassword.InputType} {auth_password.ResetPassword.InputType}] set element_msg_type_name integer foreach msg_type_name $sc_change { set msg_type_id [db_string get_msg_type_id { select msg_type_id from acs_sc_msg_types where msg_type_name = :msg_type_name }] set element_pos [db_string get_pos { select max(element_pos) from acs_sc_msg_type_elements where msg_type_id = :msg_type_id }] incr element_pos acs_sc::msg_type::element::new \ -msg_type_name $msg_type_name \ -element_name authority_id \ -element_msg_type_name $element_msg_type_name \ -element_msg_type_isset_p f \ -element_pos $element_pos } } } 5.1.5 5.2.0a1 { db_transaction { # I will add support to MergeUser operation # this is a direct update to the SC tables, # we should expect a new API for handling updates on SC, # but since there's no one yet, we'll do it # in this way. (quio@galileo.edu) ns_log notice "acs_authentication: Starting Upgrade (adding merge support)" acs_sc::contract::operation::new \ -contract_name "auth_authentication" \ -operation "MergeUser" \ -input { from_user_id:integer to_user_id:integer authority_id:integer } \ -output {} \ -description "Merges two accounts given the user_id of each one" acs_sc::impl::alias::new \ -contract_name "auth_authentication" \ -impl_name "local" \ -operation "MergeUser" \ -alias "auth::local::authentication::MergeUser" \ ns_log notice "acs_authentication: Finishing Upgrade (adding merge support)" } } 5.5.0d1 5.5.0d2 { auth::search::create_contract } } } ##### # # auth_authentication service contract # ##### ad_proc -private auth::authentication::create_contract {} { Create service contract for authentication. } { set spec { name "auth_authentication" description "Authenticate users and retrieve their account status." operations { Authenticate { description { Validate this username/password combination, and return the result. Valid auth_status codes are 'ok', 'no_account', 'bad_password', 'auth_error', 'failed_to_connect'. The last, 'failed_to_connect', is reserved for communications or implementation errors. auth_message is a human-readable explanation of what went wrong, may contain HTML. Only checked if auth_status is not ok. Valid account_status codes are 'ok' and 'closed'. account_message may be supplied regardless of account_status, and may contain HTML. } input { username:string password:string parameters:string,multiple authority_id:integer } output { auth_status:string auth_message:string account_status:string account_message:string } } MergeUser { description { Merges two accounts given the user_id of each one } input { from_user_id:integer to_user_id:integer authority_id:integer } output {} } GetParameters { description { Get an arraay-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::authentication::delete_contract {} { Delete service contract for authentication. } { acs_sc::contract::delete -name "auth_authentication" } ##### # # auth_password service contract # ##### ad_proc -private auth::password::create_contract {} { Create service contract for password management. } { set spec { name "auth_password" description "Update, reset, and retrieve passwords for authentication." operations { CanChangePassword { description { Return whether the user can change his/her password through this implementation. The value is not supposed to depend on the username and should be cacheable. } input { parameters:string,multiple } output { changeable_p:boolean } iscacheable_p "t" } ChangePassword { description { Change the user's password. } input { username:string old_password:string new_password:string parameters:string,multiple authority_id:integer } output { password_status:string password_message:string } } CanRetrievePassword { description { Return whether the user can retrieve his/her password through this implementation. The value is not supposed to depend on the username and should be cacheable. } input { parameters:string,multiple } output { retrievable_p:boolean } iscacheable_p "t" } RetrievePassword { description { Retrieve the user's password. The implementation can either return the password, in which case the authentication API will email the password to the user. Or it can email the password itself, in which case it would return the empty string for password. } input { username:string parameters:string,multiple } output { password_status:string password_message:string password:string } } CanResetPassword { description { Return whether the user can reset his/her password through this implementation. The value is not supposed to depend on the username and should be cacheable. } input { parameters:string,multiple } output { resettable_p:boolean } iscacheable_p "t" } ResetPassword { description { Reset the user's password to a new, randomly generated value. The implementation can either return the password, in which case the authentication API will email the password to the user. Or it can email the password itself, in which case it would return the empty string. } input { username:string parameters:string,multiple authority_id:integer } output { password_status:string password_message:string password:string } } GetParameters { description { Get an arraay-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::password::delete_contract {} { Delete service contract for password management. } { acs_sc::contract::delete -name "auth_password" } ##### # # auth_registration service contract # ##### ad_proc -private auth::registration::create_contract {} { Create service contract for account registration. } { set spec { name "auth_registration" description "Registering accounts for authentication" operations { GetElements { description { Get a list of required and a list of optional fields available when registering accounts through this service contract implementation. } input { parameters:string,multiple } output { required:string,multiple optional:string,multiple } } Register { description { Register a new account. Valid status codes are: 'ok', 'data_error', and 'reg_error', and 'fail'. 'data_error' means that the implementation is returning an array-list of element-name, message with error messages for each individual element. 'reg_error' is any other registration error, and 'fail' is reserved to communications or implementation errors. } input { parameters:string,multiple username:string authority_id:integer first_names:string last_name:string screen_name:string email:string url:string password:string secret_question:string secret_answer:string } output { creation_status:string creation_message:string element_messages:string,multiple account_status:string account_message:string } } GetParameters { description { Get an array-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::registration::delete_contract {} { Delete service contract for account registration. } { acs_sc::contract::delete -name "auth_registration" } ##### # # auth_get_doc service contract # ##### ad_proc -private auth::get_doc::create_contract {} { Create service contract for account registration. } { set spec { name "auth_sync_retrieve" description "Retrieve a document, e.g. using HTTP, SMP, FTP, SOAP, etc." operations { GetDocument { description { Retrieves the document. Returns doc_status of 'ok', 'get_error', or 'failed_to_connect'. If not 'ok', then it should set doc_message to explain the problem. If 'ok', it must set document to the document retrieved, and set snapshot_p to t if it has retrieved a snapshot document. } input { parameters:string,multiple } output { doc_status:string doc_message:string document:string snapshot_p:string } } GetParameters { description { Get an array-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::get_doc::delete_contract {} { Delete service contract for account registration. } { acs_sc::contract::delete -name "auth_sync_retrieve" } ##### # # auth_process_doc service contract # ##### ad_proc -private auth::process_doc::create_contract {} { Create service contract for account registration. } { set spec { name "auth_sync_process" description "Process a document containing user information from a remote authentication authority" operations { ProcessDocument { description { Process a user synchronization document. } input { job_id:integer document:string parameters:string,multiple } } GetAcknowledgementDocument { description { Return an acknowledgement document in a format suitable for display on. } input { job_id:integer document:string parameters:string,multiple } } GetElements { description { Get a list of the elements handled by this batch synchronization (first_names, last_name, username, email, etc). These elements will not be editable by the user, so as not to risk overwriting the user's changes with a later synchronization. } input { parameters:string,multiple } output { elements:string,multiple } } GetParameters { description { Get an array-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::process_doc::delete_contract {} { Delete service contract for account registration. } { acs_sc::contract::delete -name "auth_sync_process" } ##### # # auth_user_info service contract # ##### ad_proc -private auth::user_info::create_contract {} { Create service contract for account registration. } { set spec { name "auth_user_info" description "Get information about a user in real-time" operations { GetUserInfo { description { Request information about a user. Returns info_status 'ok', 'no_account', 'info_error', or 'failed_to_connect'. info_message is a human-readable explanation to the user. } input { username:string parameters:string,multiple } output { info_status:string info_message:string user_info:string,multiple } } GetParameters { description { Get an array-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::user_info::delete_contract {} { Delete service contract for account registration. } { acs_sc::contract::delete -name "auth_user_info" } ##### # # auth_search service contract # ##### ad_proc -private auth::search::create_contract {} { Create service contract for authority searches. } { set spec { name "auth_search" description "Search users in given authority" operations { Search { description { Search authority using "search" string. Returns array-list of usernames. } input { search:string parameters:string,multiple } output { usernames:string,multiple } } GetParameters { description { Get an array-list of the parameters required by this service contract implementation. } output { parameters:string,multiple } } FormInclude { description { File location of an includable search form } output { form_include:string } } } } acs_sc::contract::new_from_spec -spec $spec } ad_proc -private auth::search::delete_contract {} { Delete service contract for authority search. } { acs_sc::contract::delete -name "auth_search" } # Local variables: # mode: tcl # tcl-indent-level: 4 # indent-tabs-mode: nil # End:
