emmar
committed
on 27 Apr 09
Use the same vocabulary everywhere (in this case "biography" instead of "about you")
openacs-4/.../tcl/authorize-procs.tcl (+30 -8)
153 153                 dict set fields $target [dict get $claims $field]
154 154             }
155 155             dict set result fields $fields
156 156             foreach field [:required_fields] {
157 157                 if {![dict exists $fields $field]
158 158                     || [dict get $fields $field] in {"" "null"}
159 159                 } {
160 160                     set not_enough_data $field
161 161                     break
162 162                 }
163 163             }
164 164
165 165             if {[info exists not_enough_data]} {
166 166                 ns_log warning "[self] get_user_data: not enough data:" \
167 167                     $not_enough_data "is missing"
168 168                 dict set result error oacs-not_enough_data
169 169             }
170 170             return $result
171 171         }
172 172
  173         :method record_oauth_registration {user_id} {
  174             #
  175             # Record the fact that this user_id was created via an
  176             # OAuth identity provider.
  177             #
  178             set auth_obj [self]
  179             db_dml _ {
  180                 INSERT INTO xooauth_authorized_users (user_id, auth_obj)
  181                 VALUES (:user_id, :auth_obj)
  182             }
  183         }
  184
173 185         :method register_new_user {
174 186             {-first_names}
175 187             {-last_name}
176 188             {-email}
177 189         } -returns integer {
178 190             #
179 191             # Register the user and return the user_id. In case, the
180 192             # registration of the new user fails, raise an exception.
181 193             #
182 194             # not tested
183 195             #
184 196             db_transaction {
185 197                 set user_info(first_names) $first_names
186 198                 set user_info(last_name) $last_name
187 199                 if {![util_email_unique_p $email]} {
188 200                     error "Email is not unique: $email"
189 201                 }
190 202                 set user_info(email) $email
191 203                 array set creation_info [auth::create_local_account \
192 204                                              -authority_id [auth::authority::local] \
193 205                                              -username $email \
194 206                                              -array user_info]
195 207                 if {$creation_info(creation_status) ne "ok"} {
196                       error "Error when creating user: $creation_info(creation_status) $creation_info(element_messages)"
  208                     set errorMsg ""
  209                     error [append errorMsg "Error when creating user: " \
  210                                $creation_info(creation_status) " " \
  211                                $creation_info(element_messages)]
197 212                 }
  213
198 214                 set user_id $creation_info(user_id)
199                   #
200                   # One might add here a callback to handle cases, where
201                   # externally provided identities should be added to a
202                   # database.
203                   #
204                   #db_dml _ "INSERT INTO azure_users VALUES (:user_id)"
205                   #db_dml _ "INSERT INTO azure_user_mails (user_id, email) VALUES (:user_id, :email)"
  215                 :record_oauth_registration $user_id
206 216
207 217                 if {[apm_package_installed_p dotlrn] && ${:create_with_dotlrn_role} ne ""} {
208 218                     #
209 219                     # We have DotLRN installed, and we want to create
210 220                     # for this register object the new users in the
211 221                     # provided role. Note that one can define
212 222                     # different instances of this class behaving
213 223                     # differently.
214 224                     #
215 225                     dotlrn::user_add \
216 226                         -type ${:create_with_dotlrn_role} \
217 227                         -can_browse=1 \
218 228                         -id $email \
219 229                         -user_id $user_id
220 230
221 231                     acs_privacy::set_user_read_private_data \
222 232                         -user_id $user_id \
223 233                         -object_id [dotlrn::get_package_id] \
224 234                         -value 1
225 235                 }
 
378 388                         dict set result first_names $first_names
379 389                         dict set result last_name $last_name
380 390                     }
381 391                 }
382 392             }
383 393             ns_log notice "[self] get_user_data returns $result"
384 394             return $result
385 395         }
386 396
387 397         :public method logout_url { {page ""} } {
388 398             #
389 399             # Returns the URL for logging out. E.g., GitHub has no
390 400             # logout, so provide simply a redirect URL (maybe, we
391 401             # should logout from the application?)
392 402             #
393 403             return $page
394 404         }
395 405
396 406     }
397 407
  408     #
  409     # In general it might be possible, that a user is identified over
  410     # multiple OAuth identity providers, so the unique constraint
  411     # might be too strong. For now, we add only users to this table,
  412     # which were created from this authority - such that the unique
  413     # constraint holds.
  414     #
  415     ::xo::db::require table xooauth_authorized_users [subst {
  416         user_id   {integer references users(user_id) on delete cascade}
  417         auth_obj  {character varying(255)}
  418     }]
  419     ::xo::db::require index -table xooauth_authorized_users -col user_id -unique true
398 420 }
399 421 ::xo::library source_dependent
400 422 #
401 423 # Local variables:
402 424 #    mode: tcl
403 425 #    tcl-indent-level: 2
404 426 #    indent-tabs-mode: nil
405 427 # End