From 016105cf8c6af85e5140b9c4f10bc5986a53f4b1 Mon Sep 17 00:00:00 2001 From: Agustin Moyano Date: Wed, 26 Oct 2022 09:00:09 -0300 Subject: [PATCH] Bug 31378: Rename Auth Provider to Identity Provider and add Client.t tests Signed-off-by: Lukasz Koszyk Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- Koha/Auth/Client.pm | 22 +- Koha/Auth/Client/OAuth.pm | 20 +- Koha/Auth/{ => Identity}/Provider.pm | 20 +- Koha/Auth/{ => Identity}/Provider/Domain.pm | 6 +- Koha/Auth/{ => Identity}/Provider/Domains.pm | 10 +- Koha/Auth/{ => Identity}/Provider/OAuth.pm | 8 +- Koha/Auth/{ => Identity}/Provider/OIDC.pm | 8 +- Koha/Auth/{ => Identity}/Providers.pm | 10 +- Koha/REST/Plugin/{Auth.pm => Auth/IdP.pm} | 4 +- Koha/REST/V1.pm | 6 +- .../Auth/{ => Identity}/Provider/Domains.pm | 41 +- Koha/REST/V1/Auth/{ => Identity}/Providers.pm | 26 +- .../{AuthProvider.pm => IdentityProvider.pm} | 47 +- ...derDomain.pm => IdentityProviderDomain.pm} | 78 +-- Koha/Template/Plugin/AuthClient.pm | 4 +- ...ion_providers.pl => identity_providers.pl} | 66 +-- ...h_provider.yaml => identity_provider.yaml} | 6 +- ...ain.yaml => identity_provider_domain.yaml} | 7 +- api/v1/swagger/paths/auth.yaml | 490 +++++++++++++++++- api/v1/swagger/swagger.yaml | 38 +- .../data/mysql/atomicupdate/bug_31378.pl | 40 +- installer/data/mysql/kohastructure.sql | 32 +- .../data/mysql/mandatory/userpermissions.sql | 2 +- .../prog/en/includes/admin-menu.inc | 6 +- .../prog/en/includes/permissions.inc | 6 +- .../prog/en/modules/admin/admin-home.tt | 8 +- ...omains.tt => identity_provider_domains.tt} | 112 ++-- ...ion_providers.tt => identity_providers.tt} | 116 ++--- .../intranet-tmpl/prog/en/modules/auth.tt | 8 +- .../bootstrap/en/includes/masthead.inc | 8 +- .../bootstrap/en/modules/opac-auth.tt | 8 +- .../bootstrap/en/modules/opac-main.tt | 8 +- t/db_dependent/Koha/Auth/Client.t | 179 +++++++ .../Koha/Auth/{ => Identity}/Provider.t | 34 +- t/db_dependent/Koha/REST/Plugin/Auth/IdP.t | 133 +++++ t/db_dependent/api/v1/idp.t | 341 ++++++++++++ t/lib/IdP/ExternalIdP.pm | 166 ++++++ 37 files changed, 1713 insertions(+), 411 deletions(-) rename Koha/Auth/{ => Identity}/Provider.pm (88%) rename Koha/Auth/{ => Identity}/Provider/Domain.pm (83%) rename Koha/Auth/{ => Identity}/Provider/Domains.pm (78%) rename Koha/Auth/{ => Identity}/Provider/OAuth.pm (83%) rename Koha/Auth/{ => Identity}/Provider/OIDC.pm (83%) rename Koha/Auth/{ => Identity}/Providers.pm (80%) rename Koha/REST/Plugin/{Auth.pm => Auth/IdP.pm} (97%) rename Koha/REST/V1/Auth/{ => Identity}/Provider/Domains.pm (73%) rename Koha/REST/V1/Auth/{ => Identity}/Providers.pm (85%) rename Koha/Schema/Result/{AuthProvider.pm => IdentityProvider.pm} (72%) rename Koha/Schema/Result/{AuthProviderDomain.pm => IdentityProviderDomain.pm} (73%) rename admin/{authentication_providers.pl => identity_providers.pl} (79%) rename api/v1/swagger/definitions/{auth_provider.yaml => identity_provider.yaml} (94%) rename api/v1/swagger/definitions/{auth_provider_domain.yaml => identity_provider_domain.yaml} (92%) rename koha-tmpl/intranet-tmpl/prog/en/modules/admin/{authentication_provider_domains.tt => identity_provider_domains.tt} (74%) rename koha-tmpl/intranet-tmpl/prog/en/modules/admin/{authentication_providers.tt => identity_providers.tt} (75%) create mode 100644 t/db_dependent/Koha/Auth/Client.t rename t/db_dependent/Koha/Auth/{ => Identity}/Provider.t (80%) create mode 100644 t/db_dependent/Koha/REST/Plugin/Auth/IdP.t create mode 100644 t/db_dependent/api/v1/idp.t create mode 100644 t/lib/IdP/ExternalIdP.pm diff --git a/Koha/Auth/Client.pm b/Koha/Auth/Client.pm index 7fd6627197..4bb71f628e 100644 --- a/Koha/Auth/Client.pm +++ b/Koha/Auth/Client.pm @@ -20,7 +20,7 @@ package Koha::Auth::Client; use Modern::Perl; use Koha::Exceptions::Auth; -use Koha::Auth::Providers; +use Koha::Auth::Identity::Providers; =head1 NAME @@ -58,7 +58,7 @@ sub get_user { my $interface = $params->{interface}; my $config = $params->{config}; - my $provider = Koha::Auth::Providers->search({ code => $provider_code })->next; + my $provider = Koha::Auth::Identity::Providers->search({ code => $provider_code })->next; my ( $mapped_data, $patron ) = $self->_get_data_and_patron({ provider => $provider, data => $data, config => $config }); @@ -68,6 +68,8 @@ sub get_user { $mapped_data->{categorycode} = $domain->default_category_id; $mapped_data->{branchcode} = $domain->default_library_id; + $patron->set($mapped_data)->store if $patron && $domain->update_on_auth; + return ( $patron, $mapped_data, $domain ); } } @@ -93,7 +95,6 @@ sub get_valid_domain_config { my $interface = $params->{interface}; my $domains = $provider->domains; - my $pattern = '@'; my $allow = "allow_$interface"; my @subdomain_matches; my $default_match; @@ -101,19 +102,20 @@ sub get_valid_domain_config { while ( my $domain = $domains->next ) { next unless $domain->$allow; + my $pattern = '@'; my $domain_text = $domain->domain; unless ( defined $domain_text && $domain_text ne '') { $default_match = $domain; next; } my ( $asterisk, $domain_name ) = ( $domain_text =~ /^(\*)?(.+)$/ ); - if ( $asterisk eq '*' ) { + if ( defined $asterisk && $asterisk eq '*' ) { $pattern .= '.*'; } $domain_name =~ s/\./\\\./g; $pattern .= $domain_name . '$'; if ( $user_email =~ /$pattern/ ) { - if ( $asterisk eq '*' ) { + if ( defined $asterisk && $asterisk eq '*' ) { push @subdomain_matches, { domain => $domain, match_length => length $domain_name }; } else { @@ -129,7 +131,7 @@ sub get_valid_domain_config { return $subdomain_matches[0]->{domain}; } - return $default_match || 0; + return $default_match; } =head3 has_valid_domain_config @@ -176,15 +178,15 @@ sub _get_data_and_patron { return {}; } -=head3 _tranverse_hash +=head3 _traverse_hash - my $value = $auth_client->_tranverse_hash( { base => $base_hash, keys => $key_string } ); + my $value = $auth_client->_traverse_hash( { base => $base_hash, keys => $key_string } ); Get deep nested value in a hash. =cut -sub _tranverse_hash { +sub _traverse_hash { my ($self, $params) = @_; my $base = $params->{base}; my $keys = $params->{keys}; @@ -192,7 +194,7 @@ sub _tranverse_hash { return unless defined $key; my $value = ref $base eq 'HASH' ? $base->{$key} : $base->[$key]; return $value unless $rest; - return $self->_tranverse_hash({ base => $value, keys => $rest }); + return $self->_traverse_hash({ base => $value, keys => $rest }); } 1; diff --git a/Koha/Auth/Client/OAuth.pm b/Koha/Auth/Client/OAuth.pm index 728fa4e3ec..3ea30f79b2 100644 --- a/Koha/Auth/Client/OAuth.pm +++ b/Koha/Auth/Client/OAuth.pm @@ -78,9 +78,6 @@ sub _get_data_and_patron { if ( defined $value and $matchpoint_rs->count ) { $patron = $matchpoint_rs->next; } - - return ( $mapped_data, $patron ) - if $patron; } if ( defined $config->{userinfo_url} ) { @@ -97,22 +94,25 @@ sub _get_data_and_patron { foreach my $key ( keys %$mapping ) { my $pkey = $mapping->{$key}; - my $value = $self->_tranverse_hash( { base => $claim, keys => $pkey } ); + my $value = $self->_traverse_hash( { base => $claim, keys => $pkey } ); $mapped_data->{$key} = $value if defined $value; } - my $value = $mapped_data->{$matchpoint}; + unless ($patron) { + my $value = $mapped_data->{$matchpoint}; - my $matchpoint_rs = Koha::Patrons->search( { $matchpoint => $value } ); + my $matchpoint_rs = Koha::Patrons->search( { $matchpoint => $value } ); - if ( defined $value and $matchpoint_rs->count ) { - $patron = $matchpoint_rs->next; + if ( defined $value and $matchpoint_rs->count ) { + $patron = $matchpoint_rs->next; + } } - return ( $mapped_data, $patron ) - if $patron; } + + return ( $mapped_data, $patron ) + if $patron; } 1; diff --git a/Koha/Auth/Provider.pm b/Koha/Auth/Identity/Provider.pm similarity index 88% rename from Koha/Auth/Provider.pm rename to Koha/Auth/Identity/Provider.pm index 7a652dec55..4d29b81270 100644 --- a/Koha/Auth/Provider.pm +++ b/Koha/Auth/Identity/Provider.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Provider; +package Koha::Auth::Identity::Provider; # Copyright Theke Solutions 2022 # @@ -24,13 +24,13 @@ use base qw(Koha::Object); use JSON qw( decode_json encode_json ); use Try::Tiny; -use Koha::Auth::Provider::Domains; +use Koha::Auth::Identity::Provider::Domains; use Koha::Exceptions; use Koha::Exceptions::Object; =head1 NAME -Koha::Auth::Provider - Koha Auth Provider Object class +Koha::Auth::Identity::Provider - Koha Auth Provider Object class =head1 API @@ -40,14 +40,14 @@ Koha::Auth::Provider - Koha Auth Provider Object class my $domains = $provider->domains; -Returns the related I iterator. +Returns the related I iterator. =cut sub domains { my ($self) = @_; - return Koha::Auth::Provider::Domains->_new_from_dbic( scalar $self->_result->domains ); + return Koha::Auth::Identity::Provider::Domains->_new_from_dbic( scalar $self->_result->domains ); } =head3 get_config @@ -183,7 +183,7 @@ sub upgrade_class { my $json = $provider->to_api; -Overloaded method that returns a JSON representation of the Koha::Auth::Provider object, +Overloaded method that returns a JSON representation of the Koha::Auth::Identity::Provider object, suitable for API output. =cut @@ -206,12 +206,12 @@ sub to_api { =cut sub _type { - return 'AuthProvider'; + return 'IdentityProvider'; } =head3 protocol_to_class_mapping - my $mapping = Koha::Auth::Provider::protocol_to_class_mapping + my $mapping = Koha::Auth::Identity::Provider::protocol_to_class_mapping Internal method that returns a mapping between I codes and implementing I. To be used by B. @@ -220,8 +220,8 @@ implementing I. To be used by B. sub protocol_to_class_mapping { return { - OAuth => 'Koha::Auth::Provider::OAuth', - OIDC => 'Koha::Auth::Provider::OIDC', + OAuth => 'Koha::Auth::Identity::Provider::OAuth', + OIDC => 'Koha::Auth::Identity::Provider::OIDC', }; } diff --git a/Koha/Auth/Provider/Domain.pm b/Koha/Auth/Identity/Provider/Domain.pm similarity index 83% rename from Koha/Auth/Provider/Domain.pm rename to Koha/Auth/Identity/Provider/Domain.pm index 6208ff2d3a..16d8a5d79c 100644 --- a/Koha/Auth/Provider/Domain.pm +++ b/Koha/Auth/Identity/Provider/Domain.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Provider::Domain; +package Koha::Auth::Identity::Provider::Domain; # Copyright Theke Solutions 2022 # @@ -23,7 +23,7 @@ use base qw(Koha::Object); =head1 NAME -Koha::Auth::Provider::Domain - Koha Auth Provider Domain Object class +Koha::Auth::Identity::Provider::Domain - Koha Auth Provider Domain Object class =head1 API @@ -34,7 +34,7 @@ Koha::Auth::Provider::Domain - Koha Auth Provider Domain Object class =cut sub _type { - return 'AuthProviderDomain'; + return 'IdentityProviderDomain'; } 1; diff --git a/Koha/Auth/Provider/Domains.pm b/Koha/Auth/Identity/Provider/Domains.pm similarity index 78% rename from Koha/Auth/Provider/Domains.pm rename to Koha/Auth/Identity/Provider/Domains.pm index 8f15f6ec45..4ab2e7589d 100644 --- a/Koha/Auth/Provider/Domains.pm +++ b/Koha/Auth/Identity/Provider/Domains.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Provider::Domains; +package Koha::Auth::Identity::Provider::Domains; # Copyright Theke Solutions 2022 # @@ -20,13 +20,13 @@ package Koha::Auth::Provider::Domains; use Modern::Perl; use Koha::Database; -use Koha::Auth::Provider::Domain; +use Koha::Auth::Identity::Provider::Domain; use base qw(Koha::Objects); =head1 NAME -Koha::Auth::Providers - Koha Auth Provider Object class +Koha::Auth::Identity::Providers - Koha Auth Provider Object class =head1 API @@ -39,7 +39,7 @@ Koha::Auth::Providers - Koha Auth Provider Object class =cut sub _type { - return 'AuthProviderDomain'; + return 'IdentityProviderDomain'; } =head3 object_class @@ -47,7 +47,7 @@ sub _type { =cut sub object_class { - return 'Koha::Auth::Provider::Domain'; + return 'Koha::Auth::Identity::Provider::Domain'; } 1; diff --git a/Koha/Auth/Provider/OAuth.pm b/Koha/Auth/Identity/Provider/OAuth.pm similarity index 83% rename from Koha/Auth/Provider/OAuth.pm rename to Koha/Auth/Identity/Provider/OAuth.pm index b77f4af5ad..45f74a3f75 100644 --- a/Koha/Auth/Provider/OAuth.pm +++ b/Koha/Auth/Identity/Provider/OAuth.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Provider::OAuth; +package Koha::Auth::Identity::Provider::OAuth; # Copyright Theke Solutions 2022 # @@ -19,11 +19,11 @@ package Koha::Auth::Provider::OAuth; use Modern::Perl; -use base qw(Koha::Auth::Provider); +use base qw(Koha::Auth::Identity::Provider); =head1 NAME -Koha::Auth::Provider::OAuth - Koha Auth Provider Object class +Koha::Auth::Identity::Provider::OAuth - Koha Auth Provider Object class =head1 API @@ -31,7 +31,7 @@ Koha::Auth::Provider::OAuth - Koha Auth Provider Object class =head3 new - my $oauth = Koha::Auth::Provider::OAuth->new( \%{params} ); + my $oauth = Koha::Auth::Identity::Provider::OAuth->new( \%{params} ); Overloaded class to create a new OAuth provider. diff --git a/Koha/Auth/Provider/OIDC.pm b/Koha/Auth/Identity/Provider/OIDC.pm similarity index 83% rename from Koha/Auth/Provider/OIDC.pm rename to Koha/Auth/Identity/Provider/OIDC.pm index 5945555994..56bacff94e 100644 --- a/Koha/Auth/Provider/OIDC.pm +++ b/Koha/Auth/Identity/Provider/OIDC.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Provider::OIDC; +package Koha::Auth::Identity::Provider::OIDC; # Copyright Theke Solutions 2022 # @@ -19,11 +19,11 @@ package Koha::Auth::Provider::OIDC; use Modern::Perl; -use base qw(Koha::Auth::Provider); +use base qw(Koha::Auth::Identity::Provider); =head1 NAME -Koha::Auth::Provider::OIDC - Koha Auth Provider Object class +Koha::Auth::Identity::Provider::OIDC - Koha Auth Provider Object class =head1 API @@ -31,7 +31,7 @@ Koha::Auth::Provider::OIDC - Koha Auth Provider Object class =head3 new - my $oidc = Koha::Auth::Provider::OIDC->new( \%{params} ); + my $oidc = Koha::Auth::Identity::Provider::OIDC->new( \%{params} ); Overloaded class to create a new OIDC provider. diff --git a/Koha/Auth/Providers.pm b/Koha/Auth/Identity/Providers.pm similarity index 80% rename from Koha/Auth/Providers.pm rename to Koha/Auth/Identity/Providers.pm index 51e32b7606..6f1f85cf75 100644 --- a/Koha/Auth/Providers.pm +++ b/Koha/Auth/Identity/Providers.pm @@ -1,4 +1,4 @@ -package Koha::Auth::Providers; +package Koha::Auth::Identity::Providers; # Copyright Theke Solutions 2022 # @@ -20,13 +20,13 @@ package Koha::Auth::Providers; use Modern::Perl; use Koha::Database; -use Koha::Auth::Provider; +use Koha::Auth::Identity::Provider; use base qw(Koha::Objects); =head1 NAME -Koha::Auth::Providers - Koha Auth Provider Object class +Koha::Auth::Identity::Providers - Koha Auth Provider Object class =head1 API @@ -39,7 +39,7 @@ Koha::Auth::Providers - Koha Auth Provider Object class =cut sub _type { - return 'AuthProvider'; + return 'IdentityProvider'; } =head3 object_class @@ -47,7 +47,7 @@ sub _type { =cut sub object_class { - return 'Koha::Auth::Provider'; + return 'Koha::Auth::Identity::Provider'; } 1; diff --git a/Koha/REST/Plugin/Auth.pm b/Koha/REST/Plugin/Auth/IdP.pm similarity index 97% rename from Koha/REST/Plugin/Auth.pm rename to Koha/REST/Plugin/Auth/IdP.pm index 0aa261a0a4..e1a0e2f593 100644 --- a/Koha/REST/Plugin/Auth.pm +++ b/Koha/REST/Plugin/Auth/IdP.pm @@ -1,4 +1,4 @@ -package Koha::REST::Plugin::Auth; +package Koha::REST::Plugin::Auth::IdP; # Copyright Theke Solutions 2022 # @@ -31,7 +31,7 @@ use CGI; =head1 NAME -Koha::REST::Plugin::Auth +Koha::REST::Plugin::Auth::IdP =head1 API diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm index c0cd59608a..0c35c6f005 100644 --- a/Koha/REST/V1.pm +++ b/Koha/REST/V1.pm @@ -21,7 +21,7 @@ use Mojo::Base 'Mojolicious'; use C4::Context; use Koha::Logger; -use Koha::Auth::Providers; +use Koha::Auth::Identity::Providers; use Mojolicious::Plugin::OAuth2; use JSON::Validator::Schema::OpenAPIv2; @@ -141,7 +141,7 @@ sub startup { my $oauth_configuration = {}; my $search_options = { protocol => [ "OIDC", "OAuth" ] }; - my $providers = Koha::Auth::Providers->search( $search_options ); + my $providers = Koha::Auth::Identity::Providers->search( $search_options ); while(my $provider = $providers->next) { $oauth_configuration->{$provider->code} = decode_json($provider->config); @@ -151,7 +151,7 @@ sub startup { $self->plugin( 'Koha::REST::Plugin::Query' ); $self->plugin( 'Koha::REST::Plugin::Objects' ); $self->plugin( 'Koha::REST::Plugin::Exceptions' ); - $self->plugin( 'Koha::REST::Plugin::Auth' ); + $self->plugin( 'Koha::REST::Plugin::Auth::IdP' ); $self->plugin( 'Mojolicious::Plugin::OAuth2' => $oauth_configuration ); } diff --git a/Koha/REST/V1/Auth/Provider/Domains.pm b/Koha/REST/V1/Auth/Identity/Provider/Domains.pm similarity index 73% rename from Koha/REST/V1/Auth/Provider/Domains.pm rename to Koha/REST/V1/Auth/Identity/Provider/Domains.pm index f53954ac9f..cac05a8d96 100644 --- a/Koha/REST/V1/Auth/Provider/Domains.pm +++ b/Koha/REST/V1/Auth/Identity/Provider/Domains.pm @@ -1,4 +1,4 @@ -package Koha::REST::V1::Auth::Provider::Domains; +package Koha::REST::V1::Auth::Identity::Provider::Domains; # This file is part of Koha. # @@ -19,8 +19,8 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; -use Koha::Auth::Provider::Domains; -use Koha::Auth::Providers; +use Koha::Auth::Identity::Provider::Domains; +use Koha::Auth::Identity::Providers; use Koha::Database; @@ -29,7 +29,7 @@ use Try::Tiny; =head1 NAME -Koha::REST::V1::Auth::Provider::Domains - Controller library for handling +Koha::REST::V1::Auth::Identity::Provider::Domains - Controller library for handling authentication provider domains routes. =head2 Operations @@ -44,8 +44,8 @@ sub list { my $c = shift->openapi->valid_input or return; return try { - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $provider = Koha::Auth::Providers->find($auth_provider_id); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $provider = Koha::Auth::Identity::Providers->find($identity_provider_id); unless ($provider) { return $c->render( @@ -78,8 +78,8 @@ sub get { return try { - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $provider = Koha::Auth::Providers->find($auth_provider_id); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $provider = Koha::Auth::Identity::Providers->find($identity_provider_id); unless ($provider) { return $c->render( @@ -93,8 +93,8 @@ sub get { my $domains_rs = $provider->domains; - my $auth_provider_domain_id = $c->validation->param('auth_provider_domain_id'); - my $domain = $c->objects->find( $domains_rs, $auth_provider_domain_id ); + my $identity_provider_domain_id = $c->validation->param('identity_provider_domain_id'); + my $domain = $c->objects->find( $domains_rs, $identity_provider_domain_id ); unless ($domain) { return $c->render( @@ -122,10 +122,11 @@ sub add { my $c = shift->openapi->valid_input or return; return try { - + my $params = $c->validation->param('body'); + $params->{identity_provider_id} = $c->validation->param('identity_provider_id'); Koha::Database->new->schema->txn_do( sub { - my $domain = Koha::Auth::Provider::Domain->new_from_api( $c->validation->param('body') ); + my $domain = Koha::Auth::Identity::Provider::Domain->new_from_api( $params ); $domain->store; $c->res->headers->location( $c->req->url->to_string . '/' . $domain->id ); @@ -159,11 +160,11 @@ Controller method for updating an authentication provider domain. sub update { my $c = shift->openapi->valid_input or return; - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $auth_provider_domain_id = $c->validation->param('auth_provider_domain_id'); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $identity_provider_domain_id = $c->validation->param('identity_provider_domain_id'); - my $domain = Koha::Auth::Provider::Domains->find( - { auth_provider_id => $auth_provider_id, auth_provider_domain_id => $auth_provider_domain_id } ); + my $domain = Koha::Auth::Identity::Provider::Domains->find( + { identity_provider_id => $identity_provider_id, identity_provider_domain_id => $identity_provider_domain_id } ); unless ($domain) { return $c->render( @@ -203,11 +204,11 @@ Controller method for deleting an authentication provider. sub delete { my $c = shift->openapi->valid_input or return; - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $auth_provider_domain_id = $c->validation->param('auth_provider_domain_id'); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $identity_provider_domain_id = $c->validation->param('identity_provider_domain_id'); - my $domain = Koha::Auth::Provider::Domains->find( - { auth_provider_id => $auth_provider_id, auth_provider_domain_id => $auth_provider_domain_id } ); + my $domain = Koha::Auth::Identity::Provider::Domains->find( + { identity_provider_id => $identity_provider_id, identity_provider_domain_id => $identity_provider_domain_id } ); unless ($domain) { return $c->render( diff --git a/Koha/REST/V1/Auth/Providers.pm b/Koha/REST/V1/Auth/Identity/Providers.pm similarity index 85% rename from Koha/REST/V1/Auth/Providers.pm rename to Koha/REST/V1/Auth/Identity/Providers.pm index c31b2588bb..6862ae7570 100644 --- a/Koha/REST/V1/Auth/Providers.pm +++ b/Koha/REST/V1/Auth/Identity/Providers.pm @@ -1,4 +1,4 @@ -package Koha::REST::V1::Auth::Providers; +package Koha::REST::V1::Auth::Identity::Providers; # This file is part of Koha. # @@ -19,9 +19,9 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; -use Koha::Auth::Provider::OAuth; -use Koha::Auth::Provider::OIDC; -use Koha::Auth::Providers; +use Koha::Auth::Identity::Provider::OAuth; +use Koha::Auth::Identity::Provider::OIDC; +use Koha::Auth::Identity::Providers; use Koha::Database; @@ -30,7 +30,7 @@ use Try::Tiny; =head1 NAME -Koha::REST::V1::Auth::Providers - Controller library for handling +Koha::REST::V1::Auth::Identity::Providers - Controller library for handling authentication providers routes. =head2 Operations @@ -45,7 +45,7 @@ sub list { my $c = shift->openapi->valid_input or return; return try { - my $providers_rs = Koha::Auth::Providers->new; + my $providers_rs = Koha::Auth::Identity::Providers->new; return $c->render( status => 200, openapi => $c->objects->search($providers_rs) @@ -66,8 +66,8 @@ sub get { return try { - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $provider = $c->objects->find( Koha::Auth::Providers->new, $auth_provider_id ); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $provider = $c->objects->find( Koha::Auth::Identity::Providers->new, $identity_provider_id ); unless ( $provider ) { return $c->render( @@ -106,7 +106,7 @@ sub add { my $mapping = delete $body->{mapping}; my $protocol = delete $body->{protocol}; - my $class = Koha::Auth::Provider::protocol_to_class_mapping->{$protocol}; + my $class = Koha::Auth::Identity::Provider::protocol_to_class_mapping->{$protocol}; my $provider = $class->new_from_api( $body ); $provider->store; @@ -114,7 +114,7 @@ sub add { $provider->set_config( $config ); $provider->set_mapping( $mapping ); - $c->res->headers->location( $c->req->url->to_string . '/' . $provider->auth_provider_id ); + $c->res->headers->location( $c->req->url->to_string . '/' . $provider->identity_provider_id ); return $c->render( status => 201, openapi => $provider->to_api @@ -148,8 +148,8 @@ Controller method for updating an authentication provider. sub update { my $c = shift->openapi->valid_input or return; - my $auth_provider_id = $c->validation->param('auth_provider_id'); - my $provider = Koha::Auth::Providers->find( $auth_provider_id ); + my $identity_provider_id = $c->validation->param('identity_provider_id'); + my $provider = Koha::Auth::Identity::Providers->find( $identity_provider_id ); unless ( $provider ) { return $c->render( @@ -211,7 +211,7 @@ Controller method for deleting an authentication provider. sub delete { my $c = shift->openapi->valid_input or return; - my $provider = Koha::Auth::Providers->find( $c->validation->param('auth_provider_id') ); + my $provider = Koha::Auth::Identity::Providers->find( $c->validation->param('identity_provider_id') ); unless ( $provider ) { return $c->render( status => 404, diff --git a/Koha/Schema/Result/AuthProvider.pm b/Koha/Schema/Result/IdentityProvider.pm similarity index 72% rename from Koha/Schema/Result/AuthProvider.pm rename to Koha/Schema/Result/IdentityProvider.pm index c62a79a365..3528a4eaeb 100644 --- a/Koha/Schema/Result/AuthProvider.pm +++ b/Koha/Schema/Result/IdentityProvider.pm @@ -1,12 +1,12 @@ use utf8; -package Koha::Schema::Result::AuthProvider; +package Koha::Schema::Result::IdentityProvider; # Created by DBIx::Class::Schema::Loader # DO NOT MODIFY THE FIRST PART OF THIS FILE =head1 NAME -Koha::Schema::Result::AuthProvider +Koha::Schema::Result::IdentityProvider =cut @@ -15,15 +15,15 @@ use warnings; use base 'DBIx::Class::Core'; -=head1 TABLE: C +=head1 TABLE: C =cut -__PACKAGE__->table("auth_providers"); +__PACKAGE__->table("identity_providers"); =head1 ACCESSORS -=head2 auth_provider_id +=head2 identity_provider_id data_type: 'integer' is_auto_increment: 1 @@ -90,7 +90,7 @@ Provider icon URL =cut __PACKAGE__->add_columns( - "auth_provider_id", + "identity_provider_id", { data_type => "integer", is_auto_increment => 1, is_nullable => 0 }, "code", { data_type => "varchar", is_nullable => 0, size => 20 }, @@ -120,13 +120,13 @@ __PACKAGE__->add_columns( =over 4 -=item * L +=item * L =back =cut -__PACKAGE__->set_primary_key("auth_provider_id"); +__PACKAGE__->set_primary_key("identity_provider_id"); =head1 UNIQUE CONSTRAINTS @@ -144,46 +144,37 @@ __PACKAGE__->add_unique_constraint("code", ["code"]); =head1 RELATIONS -=head2 auth_provider_domains +=head2 identity_provider_domains Type: has_many -Related object: L +Related object: L =cut __PACKAGE__->has_many( - "auth_provider_domains", - "Koha::Schema::Result::AuthProviderDomain", - { "foreign.auth_provider_id" => "self.auth_provider_id" }, + "identity_provider_domains", + "Koha::Schema::Result::IdentityProviderDomain", + { "foreign.identity_provider_id" => "self.identity_provider_id" }, { cascade_copy => 0, cascade_delete => 0 }, ); -# Created by DBIx::Class::Schema::Loader v0.07049 @ 2022-09-30 19:43:00 -# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:ZqUo3by0ZXca5RI3QFNypw - - -=head2 domains - -Type: has_many - -Related object: L - -=cut +# Created by DBIx::Class::Schema::Loader v0.07049 @ 2022-10-20 15:27:55 +# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:jmqAwH7/6QvawJ73/0rkQg __PACKAGE__->has_many( "domains", - "Koha::Schema::Result::AuthProviderDomain", - { "foreign.auth_provider_id" => "self.auth_provider_id" }, + "Koha::Schema::Result::IdentityProviderDomain", + { "foreign.identity_provider_id" => "self.identity_provider_id" }, { cascade_copy => 0, cascade_delete => 0 }, ); sub koha_object_class { - 'Koha::Auth::Provider'; + 'Koha::Auth::Identity::Provider'; } sub koha_objects_class { - 'Koha::Auth::Providers'; + 'Koha::Auth::Identity::Providers'; } 1; diff --git a/Koha/Schema/Result/AuthProviderDomain.pm b/Koha/Schema/Result/IdentityProviderDomain.pm similarity index 73% rename from Koha/Schema/Result/AuthProviderDomain.pm rename to Koha/Schema/Result/IdentityProviderDomain.pm index 117627f2db..897c796e4c 100644 --- a/Koha/Schema/Result/AuthProviderDomain.pm +++ b/Koha/Schema/Result/IdentityProviderDomain.pm @@ -1,12 +1,12 @@ use utf8; -package Koha::Schema::Result::AuthProviderDomain; +package Koha::Schema::Result::IdentityProviderDomain; # Created by DBIx::Class::Schema::Loader # DO NOT MODIFY THE FIRST PART OF THIS FILE =head1 NAME -Koha::Schema::Result::AuthProviderDomain +Koha::Schema::Result::IdentityProviderDomain =cut @@ -15,15 +15,15 @@ use warnings; use base 'DBIx::Class::Core'; -=head1 TABLE: C +=head1 TABLE: C =cut -__PACKAGE__->table("auth_provider_domains"); +__PACKAGE__->table("identity_provider_domains"); =head1 ACCESSORS -=head2 auth_provider_domain_id +=head2 identity_provider_domain_id data_type: 'integer' is_auto_increment: 1 @@ -31,7 +31,7 @@ __PACKAGE__->table("auth_provider_domains"); unique key, used to identify providers domain -=head2 auth_provider_id +=head2 identity_provider_id data_type: 'integer' is_foreign_key: 1 @@ -92,7 +92,7 @@ Allow provider from opac interface =head2 allow_staff data_type: 'tinyint' - default_value: 1 + default_value: 0 is_nullable: 0 Allow provider from staff interface @@ -100,9 +100,9 @@ Allow provider from staff interface =cut __PACKAGE__->add_columns( - "auth_provider_domain_id", + "identity_provider_domain_id", { data_type => "integer", is_auto_increment => 1, is_nullable => 0 }, - "auth_provider_id", + "identity_provider_id", { data_type => "integer", is_foreign_key => 1, is_nullable => 0 }, "domain", { data_type => "varchar", is_nullable => 1, size => 100 }, @@ -117,28 +117,28 @@ __PACKAGE__->add_columns( "allow_opac", { data_type => "tinyint", default_value => 1, is_nullable => 0 }, "allow_staff", - { data_type => "tinyint", default_value => 1, is_nullable => 0 }, + { data_type => "tinyint", default_value => 0, is_nullable => 0 }, ); =head1 PRIMARY KEY =over 4 -=item * L +=item * L =back =cut -__PACKAGE__->set_primary_key("auth_provider_domain_id"); +__PACKAGE__->set_primary_key("identity_provider_domain_id"); =head1 UNIQUE CONSTRAINTS -=head2 C +=head2 C =over 4 -=item * L +=item * L =item * L @@ -146,25 +146,10 @@ __PACKAGE__->set_primary_key("auth_provider_domain_id"); =cut -__PACKAGE__->add_unique_constraint("auth_provider_id", ["auth_provider_id", "domain"]); +__PACKAGE__->add_unique_constraint("identity_provider_id", ["identity_provider_id", "domain"]); =head1 RELATIONS -=head2 auth_provider - -Type: belongs_to - -Related object: L - -=cut - -__PACKAGE__->belongs_to( - "auth_provider", - "Koha::Schema::Result::AuthProvider", - { auth_provider_id => "auth_provider_id" }, - { is_deferrable => 1, on_delete => "CASCADE", on_update => "RESTRICT" }, -); - =head2 default_category Type: belongs_to @@ -205,22 +190,37 @@ __PACKAGE__->belongs_to( }, ); +=head2 identity_provider -# Created by DBIx::Class::Schema::Loader v0.07049 @ 2022-08-24 15:03:07 -# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:1b0q+e8Ym8icJ6bYAY/Mbw +Type: belongs_to + +Related object: L + +=cut + +__PACKAGE__->belongs_to( + "identity_provider", + "Koha::Schema::Result::IdentityProvider", + { identity_provider_id => "identity_provider_id" }, + { is_deferrable => 1, on_delete => "CASCADE", on_update => "RESTRICT" }, +); -sub koha_object_class { - 'Koha::Auth::Provider::Domain'; -} -sub koha_objects_class { - 'Koha::Auth::Providers::Domains'; -} + +# Created by DBIx::Class::Schema::Loader v0.07049 @ 2022-11-08 17:35:26 +# DO NOT MODIFY THIS OR ANYTHING ABOVE! md5sum:uUnzFzRKWAiYUsmapofXwQ __PACKAGE__->add_columns( '+auto_register' => { is_boolean => 1 }, '+update_on_auth' => { is_boolean => 1 }, '+allow_opac' => { is_boolean => 1 }, - '+allow_staff' => { is_boolean => 1 }, + '+allow_staff' => { is_boolean => 1 } ); +sub koha_object_class { + 'Koha::Auth::Identity::Provider::Domain'; +} +sub koha_objects_class { + 'Koha::Auth::Identity::Provider::Domains'; +} + 1; diff --git a/Koha/Template/Plugin/AuthClient.pm b/Koha/Template/Plugin/AuthClient.pm index 6e4ee144b0..db07509538 100644 --- a/Koha/Template/Plugin/AuthClient.pm +++ b/Koha/Template/Plugin/AuthClient.pm @@ -22,7 +22,7 @@ use Modern::Perl; use Template::Plugin; use base qw( Template::Plugin ); -use Koha::Auth::Providers; +use Koha::Auth::Identity::Providers; =head1 NAME @@ -49,7 +49,7 @@ sub get_providers { $interface = 'staff' if $interface eq 'intranet'; - my $providers = Koha::Auth::Providers->search( { "domains.allow_$interface" => 1 }, { prefetch => 'domains' } ); + my $providers = Koha::Auth::Identity::Providers->search( { "domains.allow_$interface" => 1 }, { prefetch => 'domains' } ); my $base_url = ( $interface ne 'staff' ) ? "/api/v1/public/oauth/login" : "/api/v1/public/oauth/login"; my @urls; diff --git a/admin/authentication_providers.pl b/admin/identity_providers.pl similarity index 79% rename from admin/authentication_providers.pl rename to admin/identity_providers.pl index 07c33b9324..2f7a433683 100644 --- a/admin/authentication_providers.pl +++ b/admin/identity_providers.pl @@ -26,24 +26,24 @@ use Try::Tiny qw( catch try ); use C4::Auth qw( get_template_and_user ); use C4::Output qw( output_html_with_http_headers ); -use Koha::Auth::Providers; +use Koha::Auth::Identity::Providers; my $input = CGI->new; my $op = $input->param('op') || 'list'; my $domain_ops = $input->param('domain_ops'); -my $auth_provider_id = $input->param('auth_provider_id'); -my $auth_provider; +my $identity_provider_id = $input->param('identity_provider_id'); +my $identity_provider; -$auth_provider = Koha::Auth::Providers->find($auth_provider_id) - unless !$auth_provider_id; +$identity_provider = Koha::Auth::Identity::Providers->find($identity_provider_id) + unless !$identity_provider_id; -my $template_name = $domain_ops ? 'admin/authentication_provider_domains.tt' : 'admin/authentication_providers.tt'; +my $template_name = $domain_ops ? 'admin/identity_provider_domains.tt' : 'admin/identity_providers.tt'; my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => $template_name, query => $input, type => "intranet", - flagsrequired => { parameters => 'manage_authentication_providers' }, + flagsrequired => { parameters => 'manage_identity_providers' }, } ); @@ -60,7 +60,7 @@ if ( !$domain_ops && $op eq 'add' ) { my $protocol = $input->param('protocol'); try { - my $provider = Koha::Auth::Provider->new( + my $provider = Koha::Auth::Identity::Provider->new( { code => $code, config => $config, description => $description, @@ -71,9 +71,9 @@ if ( !$domain_ops && $op eq 'add' ) { } )->store; - Koha::Auth::Provider::Domain->new( + Koha::Auth::Identity::Provider::Domain->new( { - auth_provider_id => $provider->auth_provider_id, + identity_provider_id => $provider->identity_provider_id, } )->store; @@ -97,7 +97,7 @@ elsif ( $domain_ops && $op eq 'add' ) { my $allow_opac = $input->param('allow_opac'); my $allow_staff = $input->param('allow_staff'); - my $auth_provider_id = $input->param('auth_provider_id'); + my $identity_provider_id = $input->param('identity_provider_id'); my $auto_register = $input->param('auto_register'); my $default_category_id = $input->param('default_category_id'); my $default_library_id = $input->param('default_library_id'); @@ -106,11 +106,11 @@ elsif ( $domain_ops && $op eq 'add' ) { try { - Koha::Auth::Provider::Domain->new( + Koha::Auth::Identity::Provider::Domain->new( { allow_opac => $allow_opac, allow_staff => $allow_staff, - auth_provider_id => $auth_provider_id, + identity_provider_id => $identity_provider_id, auto_register => $auto_register, default_category_id => $default_category_id, default_library_id => $default_library_id, @@ -137,9 +137,9 @@ elsif ( $domain_ops && $op eq 'add' ) { } elsif ( !$domain_ops && $op eq 'edit_form' ) { - if ( $auth_provider ) { + if ( $identity_provider ) { $template->param( - auth_provider => $auth_provider + identity_provider => $identity_provider ); } else { @@ -152,15 +152,15 @@ elsif ( !$domain_ops && $op eq 'edit_form' ) { } } elsif ( $domain_ops && $op eq 'edit_form' ) { - my $auth_provider_domain_id = $input->param('auth_provider_domain_id'); - my $auth_provider_domain; + my $identity_provider_domain_id = $input->param('identity_provider_domain_id'); + my $identity_provider_domain; - $auth_provider_domain = Koha::Auth::Provider::Domains->find($auth_provider_domain_id) - unless !$auth_provider_domain_id; + $identity_provider_domain = Koha::Auth::Identity::Provider::Domains->find($identity_provider_domain_id) + unless !$identity_provider_domain_id; - if ( $auth_provider_domain ) { + if ( $identity_provider_domain ) { $template->param( - auth_provider_domain => $auth_provider_domain + identity_provider_domain => $identity_provider_domain ); } else { @@ -174,7 +174,7 @@ elsif ( $domain_ops && $op eq 'edit_form' ) { } elsif ( !$domain_ops && $op eq 'edit_save' ) { - if ( $auth_provider ) { + if ( $identity_provider ) { my $code = $input->param('code'); my $config = $input->param('config'); @@ -186,7 +186,7 @@ elsif ( !$domain_ops && $op eq 'edit_save' ) { try { - $auth_provider->set( + $identity_provider->set( { code => $code, config => $config, description => $description, @@ -225,15 +225,15 @@ elsif ( !$domain_ops && $op eq 'edit_save' ) { } elsif ( $domain_ops && $op eq 'edit_save' ) { - my $auth_provider_domain_id = $input->param('auth_provider_domain_id'); - my $auth_provider_domain; + my $identity_provider_domain_id = $input->param('identity_provider_domain_id'); + my $identity_provider_domain; - $auth_provider_domain = Koha::Auth::Provider::Domains->find($auth_provider_domain_id) - unless !$auth_provider_domain_id; + $identity_provider_domain = Koha::Auth::Identity::Provider::Domains->find($identity_provider_domain_id) + unless !$identity_provider_domain_id; - if ( $auth_provider_domain ) { + if ( $identity_provider_domain ) { - my $auth_provider_id = $input->param('auth_provider_id'); + my $identity_provider_id = $input->param('identity_provider_id'); my $domain = $input->param('domain'); my $auto_register = $input->param('auto_register'); my $update_on_auth = $input->param('update_on_auth'); @@ -244,9 +244,9 @@ elsif ( $domain_ops && $op eq 'edit_save' ) { try { - $auth_provider_domain->set( + $identity_provider_domain->set( { - auth_provider_id => $auth_provider_id, + identity_provider_id => $identity_provider_id, domain => $domain, auto_register => $auto_register, update_on_auth => $update_on_auth, @@ -286,8 +286,8 @@ elsif ( $domain_ops && $op eq 'edit_save' ) { if ( $domain_ops ) { $template->param( - auth_provider_code => $auth_provider->code, - auth_provider_id => $auth_provider_id, + identity_provider_code => $identity_provider->code, + identity_provider_id => $identity_provider_id, ); } diff --git a/api/v1/swagger/definitions/auth_provider.yaml b/api/v1/swagger/definitions/identity_provider.yaml similarity index 94% rename from api/v1/swagger/definitions/auth_provider.yaml rename to api/v1/swagger/definitions/identity_provider.yaml index 93e587b2af..c69d60a595 100644 --- a/api/v1/swagger/definitions/auth_provider.yaml +++ b/api/v1/swagger/definitions/identity_provider.yaml @@ -1,7 +1,7 @@ --- type: object properties: - auth_provider_id: + identity_provider_id: type: integer description: Internally assigned authentication provider identifier readOnly: true @@ -36,7 +36,9 @@ properties: type: object icon_url: description: Icon url - type: string + type: + - string + - "null" domains: description: Configured domains for the authentication provider type: diff --git a/api/v1/swagger/definitions/auth_provider_domain.yaml b/api/v1/swagger/definitions/identity_provider_domain.yaml similarity index 92% rename from api/v1/swagger/definitions/auth_provider_domain.yaml rename to api/v1/swagger/definitions/identity_provider_domain.yaml index bc9f60a7a3..d03e99dbe6 100644 --- a/api/v1/swagger/definitions/auth_provider_domain.yaml +++ b/api/v1/swagger/definitions/identity_provider_domain.yaml @@ -1,11 +1,11 @@ --- type: object properties: - auth_provider_domain_id: + identity_provider_domain_id: type: integer description: Internally assigned authentication provider domain identifier readOnly: true - auth_provider_id: + identity_provider_id: type: integer description: Internally assigned authentication provider identifier domain: @@ -37,8 +37,7 @@ properties: type: boolean additionalProperties: false required: - - auth_provider_domain_id - - auth_provider_id + - identity_provider_domain_id - domain - auto_register - update_on_auth diff --git a/api/v1/swagger/paths/auth.yaml b/api/v1/swagger/paths/auth.yaml index ae9c655d21..d7be7e8687 100644 --- a/api/v1/swagger/paths/auth.yaml +++ b/api/v1/swagger/paths/auth.yaml @@ -567,4 +567,492 @@ $ref: ../swagger.yaml#/definitions/error x-koha-authorization: permissions: - parameters: manage_authentication_providers \ No newline at end of file + parameters: manage_authentication_providers +/auth/identity_providers: + get: + x-mojo-to: Auth::Identity::Providers#list + operationId: listIdentityProviders + tags: + - identity_providers + summary: List configured authentication providers + parameters: + - $ref: ../swagger.yaml#/parameters/match + - $ref: ../swagger.yaml#/parameters/order_by + - $ref: ../swagger.yaml#/parameters/page + - $ref: ../swagger.yaml#/parameters/per_page + - $ref: ../swagger.yaml#/parameters/q_param + - $ref: ../swagger.yaml#/parameters/q_body + - $ref: ../swagger.yaml#/parameters/q_header + - $ref: ../swagger.yaml#/parameters/request_id_header + - name: x-koha-embed + in: header + required: false + description: Embed list sent as a request header + type: array + items: + type: string + enum: + - domains + collectionFormat: csv + produces: + - application/json + responses: + "200": + description: A list of authentication providers + schema: + type: array + items: + $ref: ../swagger.yaml#/definitions/identity_provider + "400": + description: Bad Request + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + post: + x-mojo-to: Auth::Identity::Providers#add + operationId: addIdentityProvider + tags: + - identity_providers + summary: Add a new authentication provider + parameters: + - name: body + in: body + description: | + A JSON object containing OAuth provider parameters. + + The `config` object required attributes depends on the chosen `protocol` + + ## OAuth + + Requires: + + * key + * secret + * authorize_url + * token_url + + ## OIDC + + Requires: + + * key + * secret + * well_known_url + required: true + schema: + $ref: ../swagger.yaml#/definitions/identity_provider + produces: + - application/json + responses: + "201": + description: The generated authentication provider + schema: + $ref: ../swagger.yaml#/definitions/identity_provider + "400": + description: Bad Request + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers +"/auth/identity_providers/{identity_provider_id}": + get: + x-mojo-to: Auth::Identity::Providers#get + operationId: getIdentityProvider + tags: + - identity_providers + summary: Get authentication provider + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - name: x-koha-embed + in: header + required: false + description: Embed list sent as a request header + type: array + items: + type: string + enum: + - domains + collectionFormat: csv + produces: + - application/json + responses: + "200": + description: An authentication provider + schema: + $ref: ../swagger.yaml#/definitions/identity_provider + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + put: + x-mojo-to: Auth::Identity::Providers#update + operationId: updateIdentityProvider + tags: + - identity_providers + summary: Update an authentication provider + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - name: body + in: body + description: | + A JSON object containing OAuth provider parameters. + + The `config` object required attributes depends on the chosen `protocol` + + ## OAuth + + Requires: + + * key + * secret + * authorize_url + * token_url + + ## OIDC + + Requires: + + * key + * secret + * well_known_url + required: true + schema: + $ref: ../swagger.yaml#/definitions/identity_provider + produces: + - application/json + responses: + "200": + description: Updated authentication provider + schema: + $ref: ../swagger.yaml#/definitions/identity_provider + "400": + description: Bad Request + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + delete: + x-mojo-to: Auth::Identity::Providers#delete + operationId: delIdentityProvider + tags: + - identity_providers + summary: Delete authentication provider + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + produces: + - application/json + responses: + "204": + description: Authentication provider deleted + "401": + description: Authentication required + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "404": + description: City not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers +"/auth/identity_providers/{identity_provider_id}/domains": + get: + x-mojo-to: Auth::Identity::Provider::Domains#list + operationId: listIdentityProviderDomains + tags: + - identity_providers + summary: Get authentication provider configured domains + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - $ref: ../swagger.yaml#/parameters/match + - $ref: ../swagger.yaml#/parameters/order_by + - $ref: ../swagger.yaml#/parameters/page + - $ref: ../swagger.yaml#/parameters/per_page + - $ref: ../swagger.yaml#/parameters/q_param + - $ref: ../swagger.yaml#/parameters/q_body + - $ref: ../swagger.yaml#/parameters/q_header + - $ref: ../swagger.yaml#/parameters/request_id_header + - name: x-koha-embed + in: header + required: false + description: Embed list sent as a request header + type: array + items: + type: string + enum: + - domains + collectionFormat: csv + produces: + - application/json + responses: + "200": + description: An authentication provider + schema: + items: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + post: + x-mojo-to: Auth::Identity::Provider::Domains#add + operationId: addIdentityProviderDomain + tags: + - identity_providers + summary: Add an authentication provider domain + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - name: body + in: body + description: An authentication provider domain object + required: true + schema: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + produces: + - application/json + responses: + "201": + description: Updated authentication provider domain + schema: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + "400": + description: Bad Request + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers +"/auth/identity_providers/{identity_provider_id}/domains/{identity_provider_domain_id}": + get: + x-mojo-to: Auth::Identity::Provider::Domains#get + operationId: getIdentityProviderDomain + tags: + - identity_providers + summary: Get authentication provider domain + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - $ref: ../swagger.yaml#/parameters/identity_provider_domain_id_pp + produces: + - application/json + responses: + "200": + description: An authentication provider + schema: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + put: + x-mojo-to: Auth::Identity::Provider::Domains#update + operationId: updateIdentityProviderDomain + tags: + - identity_providers + summary: Update an authentication provider domain + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - $ref: ../swagger.yaml#/parameters/identity_provider_domain_id_pp + - name: body + in: body + description: An authentication provider domain object + required: true + schema: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + produces: + - application/json + responses: + "200": + description: Updated authentication provider domain + schema: + $ref: ../swagger.yaml#/definitions/identity_provider_domain + "400": + description: Bad Request + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "404": + description: Object not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + schema: + $ref: ../swagger.yaml#/definitions/error + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers + delete: + x-mojo-to: Auth::Identity::Provider::Domains#delete + operationId: delIdentityProviderDomain + tags: + - identity_providers + summary: Delete authentication provider + parameters: + - $ref: ../swagger.yaml#/parameters/identity_provider_id_pp + - $ref: ../swagger.yaml#/parameters/identity_provider_domain_id_pp + produces: + - application/json + responses: + "204": + description: Authentication provider deleted + "401": + description: Authentication required + schema: + $ref: ../swagger.yaml#/definitions/error + "403": + description: Access forbidden + schema: + $ref: ../swagger.yaml#/definitions/error + "404": + description: City not found + schema: + $ref: ../swagger.yaml#/definitions/error + "500": + description: | + Internal server error. Possible `error_code` attribute values: + + * `internal_server_error` + "503": + description: Under maintenance + schema: + $ref: ../swagger.yaml#/definitions/error + x-koha-authorization: + permissions: + parameters: manage_identity_providers \ No newline at end of file diff --git a/api/v1/swagger/swagger.yaml b/api/v1/swagger/swagger.yaml index 0344c0c3b7..696a73be8b 100644 --- a/api/v1/swagger/swagger.yaml +++ b/api/v1/swagger/swagger.yaml @@ -8,10 +8,10 @@ definitions: $ref: ./definitions/advancededitormacro.yaml allows_renewal: $ref: ./definitions/allows_renewal.yaml - auth_provider: - "$ref": ./definitions/auth_provider.yaml - auth_provider_domain: - "$ref": ./definitions/auth_provider_domain.yaml + identity_provider: + "$ref": ./definitions/identity_provider.yaml + identity_provider_domain: + "$ref": ./definitions/identity_provider_domain.yaml basket: $ref: ./definitions/basket.yaml bundle_link: @@ -129,14 +129,14 @@ paths: $ref: paths/auth.yaml#/~1auth~1two-factor~1registration /auth/two-factor/registration/verification: $ref: paths/auth.yaml#/~1auth~1two-factor~1registration~1verification - /auth/providers: - $ref: paths/auth.yaml#/~1auth~1providers - "/auth/providers/{auth_provider_id}": - $ref: paths/auth.yaml#/~1auth~1providers~1{auth_provider_id} - "/auth/providers/{auth_provider_id}/domains": - $ref: paths/auth.yaml#/~1auth~1providers~1{auth_provider_id}~1domains - "/auth/providers/{auth_provider_id}/domains/{auth_provider_domain_id}": - $ref: paths/auth.yaml#/~1auth~1providers~1{auth_provider_id}~1domains~1{auth_provider_domain_id} + /auth/identity_providers: + $ref: paths/auth.yaml#/~1auth~1identity_providers + "/auth/identity_providers/{identity_provider_id}": + $ref: paths/auth.yaml#/~1auth~1identity_providers~1{identity_provider_id} + "/auth/identity_providers/{identity_provider_id}/domains": + $ref: paths/auth.yaml#/~1auth~1identity_providers~1{identity_provider_id}~1domains + "/auth/identity_providers/{identity_provider_id}/domains/{identity_provider_domain_id}": + $ref: paths/auth.yaml#/~1auth~1identity_providers~1{identity_provider_id}~1domains~1{identity_provider_domain_id} "/biblios/{biblio_id}": $ref: "./paths/biblios.yaml#/~1biblios~1{biblio_id}" "/biblios/{biblio_id}/checkouts": @@ -336,16 +336,16 @@ parameters: name: agreement_period_id required: true type: integer - auth_provider_id_pp: + identity_provider_id_pp: description: Authentication provider internal identifier in: path - name: auth_provider_id + name: identity_provider_id required: true type: integer - auth_provider_domain_id_pp: + identity_provider_domain_id_pp: description: Authentication provider domain internal identifier in: path - name: auth_provider_domain_id + name: identity_provider_domain_id required: true type: integer biblio_id_pp: @@ -680,9 +680,9 @@ tags: - description: "Manage article requests\n" name: article_requests x-displayName: Article requests - - description: "Manage authentication providers\n" - name: auth_providers - x-displayName: Authentication providers + - description: "Manage identity providers\n" + name: identity_providers + x-displayName: Identity providers - description: "Manage baskets for the acquisitions module\n" name: baskets x-displayName: Baskets diff --git a/installer/data/mysql/atomicupdate/bug_31378.pl b/installer/data/mysql/atomicupdate/bug_31378.pl index 915bd2fef9..37563e4a29 100755 --- a/installer/data/mysql/atomicupdate/bug_31378.pl +++ b/installer/data/mysql/atomicupdate/bug_31378.pl @@ -3,7 +3,7 @@ use C4::Context; return { bug_number => "31378", - description => "Add auth_provider and auth_provider_domains configuration tables", + description => "Add identity_provider and identity_provider_domains configuration tables", up => sub { my ($args) = @_; my ($dbh, $out) = @$args{qw(dbh out)}; @@ -12,15 +12,15 @@ return { $dbh->do(qq{ INSERT IGNORE permissions (module_bit, code, description) VALUES - ( 3, 'manage_authentication_providers', 'Manage authentication providers') + ( 3, 'manage_identity_providers', 'Manage authentication providers') }); - say $out "manage_authentication_providers permission added"; + say $out "manage_identity_providers permission added"; - unless (TableExists('auth_providers')) { + unless (TableExists('identity_providers')) { $dbh->do(q{ - CREATE TABLE `auth_providers` ( - `auth_provider_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify the provider', + CREATE TABLE `identity_providers` ( + `identity_provider_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify the provider', `code` varchar(20) NOT NULL COMMENT 'Provider code', `description` varchar(255) NOT NULL COMMENT 'Description for the provider', `protocol` enum('OAuth', 'OIDC', 'LDAP', 'CAS') COLLATE utf8mb4_unicode_ci NOT NULL COMMENT 'Protocol provider speaks', @@ -28,33 +28,33 @@ return { `mapping` longtext NOT NULL DEFAULT '{}' COMMENT 'Configuration to map provider data to Koha user', `matchpoint` enum('email','userid','cardnumber') NOT NULL COMMENT 'The patron attribute to be used as matchpoint', `icon_url` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Provider icon URL', - PRIMARY KEY (`auth_provider_id`), + PRIMARY KEY (`identity_provider_id`), UNIQUE KEY (`code`), KEY `protocol` (`protocol`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; }); } - unless (TableExists('auth_provider_domains')) { + unless (TableExists('identity_provider_domains')) { $dbh->do(q{ - CREATE TABLE `auth_provider_domains` ( - `auth_provider_domain_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify providers domain', - `auth_provider_id` int(11) NOT NULL COMMENT 'Reference to provider', + CREATE TABLE `identity_provider_domains` ( + `identity_provider_domain_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify providers domain', + `identity_provider_id` int(11) NOT NULL COMMENT 'Reference to provider', `domain` varchar(100) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Domain name. If null means all domains', `auto_register` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Allow user auto register', `update_on_auth` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Update user data on auth login', `default_library_id` varchar(10) DEFAULT NULL COMMENT 'Default library to create user if auto register is enabled', `default_category_id` varchar(10) DEFAULT NULL COMMENT 'Default category to create user if auto register is enabled', `allow_opac` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from opac interface', - `allow_staff` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from staff interface', - PRIMARY KEY (`auth_provider_domain_id`), - UNIQUE KEY (`auth_provider_id`, `domain`), + `allow_staff` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Allow provider from staff interface', + PRIMARY KEY (`identity_provider_domain_id`), + UNIQUE KEY (`identity_provider_id`, `domain`), KEY `domain` (`domain`), KEY `allow_opac` (`allow_opac`), KEY `allow_staff` (`allow_staff`), - CONSTRAINT `auth_provider_domain_ibfk_1` FOREIGN KEY (`auth_provider_id`) REFERENCES `auth_providers` (`auth_provider_id`) ON DELETE CASCADE, - CONSTRAINT `auth_provider_domain_ibfk_2` FOREIGN KEY (`default_library_id`) REFERENCES `branches` (`branchcode`) ON DELETE CASCADE, - CONSTRAINT `auth_provider_domain_ibfk_3` FOREIGN KEY (`default_category_id`) REFERENCES `categories` (`categorycode`) ON DELETE CASCADE + CONSTRAINT `identity_provider_domain_ibfk_1` FOREIGN KEY (`identity_provider_id`) REFERENCES `identity_providers` (`identity_provider_id`) ON DELETE CASCADE, + CONSTRAINT `identity_provider_domain_ibfk_2` FOREIGN KEY (`default_library_id`) REFERENCES `branches` (`branchcode`) ON DELETE CASCADE, + CONSTRAINT `identity_provider_domain_ibfk_3` FOREIGN KEY (`default_category_id`) REFERENCES `categories` (`categorycode`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; }); } @@ -63,7 +63,7 @@ return { # Print useful stuff here say $out "Setting google provider"; $dbh->do(q{ - INSERT INTO `auth_providers` (name, protocol, config, mapping), auto_register, registration_config, interface) + INSERT INTO `identity_providers` (name, protocol, config, mapping), auto_register, registration_config, interface) SELECT 'google' as name, 'OIDC' as protocol, JSON_OBJECT("key", k.value, "secret", s.value, "well_known_url", "https://accounts.google.com/.well-known/openid-configuration", "scope", "openid email profile") as config, @@ -75,7 +75,7 @@ return { }); $dbh->do(q{ - INSERT INTO `auth_provider_domains` (auth_provider_id, domain, auto_register, update_on_auth, default_library_id, default_category_id, allow_opac, allow_staff) + INSERT INTO `identity_provider_domains` (identity_provider_id, domain, auto_register, update_on_auth, default_library_id, default_category_id, allow_opac, allow_staff) p.id as provider_id, d.value as domain, r.value as auto_register, @@ -85,7 +85,7 @@ return { 1 as allow_opac, 0 as allow_interface FROM - (SELECT id FROM `auth_provider` WHERE name = 'google') p + (SELECT id FROM `identity_provider` WHERE name = 'google') p JOIN (SELECT CASE WHEN value = '' OR value IS NULL THEN NULL ELSE value END as value FROM `systempreferences` where variable = 'GoogleOpenIDConnectDomain') d JOIN diff --git a/installer/data/mysql/kohastructure.sql b/installer/data/mysql/kohastructure.sql index b524b8917a..c30cd7ac53 100644 --- a/installer/data/mysql/kohastructure.sql +++ b/installer/data/mysql/kohastructure.sql @@ -851,14 +851,14 @@ CREATE TABLE `auth_header` ( /*!40101 SET character_set_client = @saved_cs_client */; -- --- Table structure for table `auth_provider` +-- Table structure for table `identity_provider` -- -DROP TABLE IF EXISTS `auth_providers`; +DROP TABLE IF EXISTS `identity_providers`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE `auth_providers` ( - `auth_provider_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify the provider', +CREATE TABLE `identity_providers` ( + `identity_provider_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify the provider', `code` varchar(20) NOT NULL COMMENT 'Provider code', `description` varchar(255) NOT NULL COMMENT 'Description for the provider', `protocol` enum('OAuth', 'OIDC', 'LDAP', 'CAS') COLLATE utf8mb4_unicode_ci NOT NULL COMMENT 'Protocol provider speaks', @@ -866,37 +866,37 @@ CREATE TABLE `auth_providers` ( `mapping` longtext NOT NULL DEFAULT '{}' COMMENT 'Configuration to map provider data to Koha user', `matchpoint` enum('email','userid','cardnumber') NOT NULL COMMENT 'The patron attribute to be used as matchpoint', `icon_url` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Provider icon URL', - PRIMARY KEY (`auth_provider_id`), + PRIMARY KEY (`identity_provider_id`), UNIQUE KEY (`code`), KEY `protocol` (`protocol`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- --- Table structure for table `auth_provider` +-- Table structure for table `identity_provider` -- -DROP TABLE IF EXISTS `auth_provider_domains`; +DROP TABLE IF EXISTS `identity_provider_domains`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE `auth_provider_domains` ( - `auth_provider_domain_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify providers domain', - `auth_provider_id` int(11) NOT NULL COMMENT 'Reference to provider', +CREATE TABLE `identity_provider_domains` ( + `identity_provider_domain_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'unique key, used to identify providers domain', + `identity_provider_id` int(11) NOT NULL COMMENT 'Reference to provider', `domain` varchar(100) COLLATE utf8mb4_unicode_ci DEFAULT NULL COMMENT 'Domain name. If null means all domains', `auto_register` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Allow user auto register', `update_on_auth` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Update user data on auth login', `default_library_id` varchar(10) DEFAULT NULL COMMENT 'Default library to create user if auto register is enabled', `default_category_id` varchar(10) DEFAULT NULL COMMENT 'Default category to create user if auto register is enabled', `allow_opac` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from opac interface', - `allow_staff` tinyint(1) NOT NULL DEFAULT 1 COMMENT 'Allow provider from staff interface', - PRIMARY KEY (`auth_provider_domain_id`), - UNIQUE KEY (`auth_provider_id`, `domain`), + `allow_staff` tinyint(1) NOT NULL DEFAULT 0 COMMENT 'Allow provider from staff interface', + PRIMARY KEY (`identity_provider_domain_id`), + UNIQUE KEY (`identity_provider_id`, `domain`), KEY `domain` (`domain`), KEY `allow_opac` (`allow_opac`), KEY `allow_staff` (`allow_staff`), - CONSTRAINT `auth_provider_domain_ibfk_1` FOREIGN KEY (`auth_provider_id`) REFERENCES `auth_providers` (`auth_provider_id`) ON DELETE CASCADE, - CONSTRAINT `auth_provider_domain_ibfk_2` FOREIGN KEY (`default_library_id`) REFERENCES `branches` (`branchcode`) ON DELETE CASCADE, - CONSTRAINT `auth_provider_domain_ibfk_3` FOREIGN KEY (`default_category_id`) REFERENCES `categories` (`categorycode`) ON DELETE CASCADE + CONSTRAINT `identity_provider_domain_ibfk_1` FOREIGN KEY (`identity_provider_id`) REFERENCES `identity_providers` (`identity_provider_id`) ON DELETE CASCADE, + CONSTRAINT `identity_provider_domain_ibfk_2` FOREIGN KEY (`default_library_id`) REFERENCES `branches` (`branchcode`) ON DELETE CASCADE, + CONSTRAINT `identity_provider_domain_ibfk_3` FOREIGN KEY (`default_category_id`) REFERENCES `categories` (`categorycode`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; -- diff --git a/installer/data/mysql/mandatory/userpermissions.sql b/installer/data/mysql/mandatory/userpermissions.sql index 78d06a9f2f..8733ce995a 100644 --- a/installer/data/mysql/mandatory/userpermissions.sql +++ b/installer/data/mysql/mandatory/userpermissions.sql @@ -41,7 +41,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES ( 3, 'manage_background_jobs', 'Manage background jobs'), ( 3, 'manage_curbside_pickups', 'Manage curbside pickups'), ( 3, 'manage_search_filters', 'Manage custom search filters'), - ( 3, 'manage_authentication_providers', 'Manage authentication providers'), + ( 3, 'manage_identity_providers', 'Manage authentication providers'), ( 4, 'delete_borrowers', 'Delete patrons'), ( 4, 'edit_borrowers', 'Add, modify and view patron information'), ( 4, 'view_borrower_infos_from_any_libraries', 'View patron infos from any libraries'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc index fa771e629f..9c9a24c545 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/admin-menu.inc @@ -141,11 +141,11 @@ [% END %] - [% IF ( CAN_user_parameters_manage_authentication_providers || CAN_user_parameters_manage_smtp_servers || CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || ( CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields || ( Koha.Preference('EnableAdvancedCatalogingEditor') && CAN_user_parameters_manage_keyboard_shortcuts ) ) %] + [% IF ( CAN_user_parameters_manage_identity_providers || CAN_user_parameters_manage_smtp_servers || CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || ( CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields || ( Koha.Preference('EnableAdvancedCatalogingEditor') && CAN_user_parameters_manage_keyboard_shortcuts ) ) %]
Additional parameters
    - [% IF ( CAN_user_parameters_manage_authentication_providers) %] -
  • Authentication providers
  • + [% IF ( CAN_user_parameters_manage_identity_providers) %] +
  • Authentication providers
  • [% END %] [% IF ( CAN_user_parameters_manage_search_targets ) %]
  • Z39.50/SRU servers
  • diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index d0ca3769b7..c071e1a2b0 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -830,9 +830,9 @@ Manage recalls for patrons ([% name | html %]) - [%# authentication_providers %] - [%- CASE 'manage_authentication_providers' -%] - + [%# identity_providers %] + [%- CASE 'manage_identity_providers' -%] + Manage authentication providers ([% name | html %]) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt index 4cc7f83139..0e83b36721 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/admin-home.tt @@ -238,14 +238,14 @@ [% END %] - [% IF ( ( CAN_user_parameters_manage_authentication_providers || CAN_user_parameters_manage_smtp_servers || CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields || CAN_user_parameters_manage_mana || (Koha.Preference('EnableAdvancedCatalogingEditor') && CAN_user_parameters_manage_keyboard_shortcuts) ) %] + [% IF ( ( CAN_user_parameters_manage_identity_providers || CAN_user_parameters_manage_smtp_servers || CAN_user_parameters_manage_search_targets || CAN_user_parameters_manage_didyoumean || CAN_user_parameters_manage_column_config || CAN_user_parameters_manage_audio_alerts || CAN_user_parameters_manage_sms_providers && Koha.Preference('SMSSendDriver') == 'Email' ) || CAN_user_parameters_manage_usage_stats || CAN_user_parameters_manage_additional_fields || CAN_user_parameters_manage_mana || (Koha.Preference('EnableAdvancedCatalogingEditor') && CAN_user_parameters_manage_keyboard_shortcuts) ) %]

    Additional parameters

    - [% IF ( CAN_user_parameters_manage_authentication_providers) %] -
    Authentication providers
    -
    Define which external authentication providers to use
    + [% IF ( CAN_user_parameters_manage_identity_providers) %] +
    Identity providers
    +
    Define which external identity providers to use
    [% END %] [% IF ( CAN_user_parameters_manage_search_targets ) %]
    Z39.50/SRU servers
    diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authentication_provider_domains.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/identity_provider_domains.tt similarity index 74% rename from koha-tmpl/intranet-tmpl/prog/en/modules/admin/authentication_provider_domains.tt rename to koha-tmpl/intranet-tmpl/prog/en/modules/admin/identity_provider_domains.tt index 582842ae08..7a7cd85eb5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authentication_provider_domains.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/identity_provider_domains.tt @@ -6,15 +6,15 @@ [% INCLUDE 'doc-head-open.inc' %] [% IF op == 'add_form' %] - New authentication provider domain › [% ELSIF op == 'edit_form' %] - Edit authentication provider domain › [% END %] + New identity provider domain › [% ELSIF op == 'edit_form' %] + Edit identity provider domain › [% END %] - Authentication providers › Administration › Koha + Identity providers › Administration › Koha [% INCLUDE 'doc-head-close.inc' %] - + [% INCLUDE 'header.inc' %] [% INCLUDE 'prefs-admin-search.inc' %] @@ -28,12 +28,12 @@
  • - Authentication providers + Identity providers
  • [% IF op == 'add_form' %]
  • - Domains for [%- auth_provider_name | html -%] + Domains for [%- identity_provider_name | html -%]
  • @@ -43,7 +43,7 @@ [% ELSIF op == 'edit_form' %]
  • - Domains for [%- auth_provider_name | html -%] + Domains for [%- identity_provider_name | html -%]
  • @@ -54,7 +54,7 @@ [% ELSE %]
  • - Domains for [%- auth_provider_code | html -%] + Domains for [%- identity_provider_code | html -%]
  • [% END %] @@ -67,31 +67,31 @@
    [% FOREACH m IN messages %] -
    +
    [% SWITCH m.code %] [% CASE 'error_on_update' %] - An error occurred trying to open the authentication provider domain for editing. The passed id is invalid. + An error occurred trying to open the identity provider domain for editing. The passed id is invalid. [% CASE 'error_on_insert' %] - An error occurred when adding a new authentication provider domain. + An error occurred when adding a new identity provider domain. [% CASE 'success_on_update' %] - Authentication provider domain updated successfully. + Identity provider domain updated successfully. [% CASE 'success_on_insert' %] - Authentication provider domain added successfully. + Identity provider domain added successfully. [% CASE %] [% m.code | html %] [% END %]
    [% END %] - - + + [% IF op == 'add_form' %] -

    New authentication provider domain

    -
    +

    New identity provider domain

    + - +
    1. @@ -140,7 +140,7 @@ - opac users of this domain to login with this authentication provider + opac users of this domain to login with this identity provider
    2. @@ -154,23 +154,23 @@
    - Cancel + Cancel
    [% END %] [% IF op == 'edit_form' %] -

    Edit authentication provider domain

    -
    +

    Edit identity provider domain

    + - - + +
    1. - +
    @@ -180,7 +180,7 @@
  • - [% IF auth_provider_domain.auto_register == "1" %] + [% IF identity_provider_domain.auto_register == "1" %] [% ELSE %] @@ -206,7 +206,7 @@
  • @@ -214,7 +214,7 @@ [% SET categories = Categories.all() %] - [% IF auth_provider_domain.allow_opac == "1" %] + [% IF identity_provider_domain.allow_opac == "1" %] [% ELSE %] @@ -233,12 +233,12 @@ [% END %] - opac users of this domain to login with this authentication provider + opac users of this domain to login with this identity provider
  • - staff users of this domain to login with this authentication provider + staff users of this domain to login with this identity provider
  • - Cancel + Cancel
    [% END %] @@ -260,12 +260,12 @@ [% IF op == 'list' %] -

    Authentication provider domains

    +

    Identity provider domains

    - +
    @@ -286,7 +286,7 @@
    Domain