From 1b0d57b4999c488ec00e5e3c139b5f160f40f10c Mon Sep 17 00:00:00 2001
From: Paul Boon <paul.boon@dans.knaw.nl>
Date: Thu, 12 Oct 2023 10:14:05 +0200
Subject: [PATCH] Implement the Shibboleth login changes that are needed for
 DataverseNL (#175)

* Implement ShibIdpSelectEnabled and thus allow disabling it

* Add Shib attribute characterset conversion to getValueFromAssertion
---
 .../harvard/iq/dataverse/SettingsWrapper.java | 14 +++++++--
 .../java/edu/harvard/iq/dataverse/Shib.java   |  8 +++++
 .../settings/SettingsServiceBean.java         |  4 +++
 .../iq/dataverse/util/SystemConfig.java       |  5 ++++
 src/main/webapp/loginpage.xhtml               | 29 ++++++++++++++++++-
 5 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
index 307301049f0..2fff140ab76 100644
--- a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
@@ -82,7 +82,10 @@ public class SettingsWrapper implements java.io.Serializable {
     private String appVersionWithBuildNumber = null; 
     
     private Boolean shibPassiveLoginEnabled = null; 
-    
+
+    // DANS Shib login without discofeed
+    private Boolean shibIdpSelectEnabled = null;
+
     private String footerCopyrightAndYear = null; 
     
     //External Vocabulary support
@@ -666,7 +669,14 @@ public boolean isShibPassiveLoginEnabled() {
         }
         return shibPassiveLoginEnabled;
     }
-    
+    // DANS Shib login without discofeed
+    public boolean isShibIdpSelectEnabled() {
+        if (shibIdpSelectEnabled == null) {
+            shibIdpSelectEnabled = systemConfig.isShibIdpSelectEnabled();
+        }
+        return shibIdpSelectEnabled;
+    }
+
     // Caching this result may not be saving much, *currently* (since the value is 
     // stored in the bundle). -- L.A. 5.8
     public String getFooterCopyrightAndYear() {
diff --git a/src/main/java/edu/harvard/iq/dataverse/Shib.java b/src/main/java/edu/harvard/iq/dataverse/Shib.java
index bee1182e248..45e622246eb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/Shib.java
+++ b/src/main/java/edu/harvard/iq/dataverse/Shib.java
@@ -19,6 +19,7 @@
 import org.apache.commons.lang3.StringUtils;
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.sql.Timestamp;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -416,6 +417,13 @@ private String getValueFromAssertion(String key) {
         Object attribute = request.getAttribute(key);
         if (attribute != null) {
             String attributeValue = attribute.toString();
+            if(systemConfig.isShibAttributeCharacterSetConversionEnabled()) {
+                try {
+                    attributeValue = new String(attributeValue.getBytes("ISO-8859-1"), "UTF-8");
+                } catch (UnsupportedEncodingException e) {
+                    logger.warning("Character conversion failed for Shib attribute (key, value) = (" + key + ", " + attributeValue + ") ; ignoring it");
+                }
+            }
             String trimmedValue = attributeValue.trim();
             if (!trimmedValue.isEmpty()) {
                 logger.fine("The SAML assertion for \"" + key + "\" (optional) was \"" + attributeValue + "\" and was trimmed to \"" + trimmedValue + "\".");
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 2826df74ed1..32e07225835 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -439,6 +439,10 @@ Whether Harvesting (OAI) service is enabled
          *Split the affiliation array on given string, default ";"
          */
         ShibAffiliationSeparator,
+        /**
+         * Get list of providers from discofeed and provide selection for login within Dataverse, default true
+         */
+        ShibIdpSelectEnabled,
         /**
          * Validate physical files for all the datafiles in the dataset when publishing
          */
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index 4fed3a05976..c9b54d7e0a7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -614,6 +614,11 @@ public boolean isShibAttributeCharacterSetConversionEnabled() {
         boolean defaultResponse = true;
         return settingsService.isTrueForKey(SettingsServiceBean.Key.ShibAttributeCharacterSetConversionEnabled, defaultResponse);
     }
+    // DANS Shib login without discofeed
+    public boolean isShibIdpSelectEnabled() {
+        boolean defaultResponse = true;
+        return settingsService.isTrueForKey(SettingsServiceBean.Key.ShibIdpSelectEnabled, defaultResponse);
+    }
 
     /**
      * getPVDictionaries
diff --git a/src/main/webapp/loginpage.xhtml b/src/main/webapp/loginpage.xhtml
index e1b77e9583b..a825fa95dd5 100644
--- a/src/main/webapp/loginpage.xhtml
+++ b/src/main/webapp/loginpage.xhtml
@@ -120,8 +120,34 @@
                                         </h:outputFormat>
                                     </p>
                                 </h:form>
-
+                                <!-- DANS Shib login without discofeed; idpselect is not done here! - Start -->
+                                <div jsf:rendered="#{!settingsWrapper.shibIdpSelectEnabled}">
                                 <div class="form-horizontal">
+                                    <div class="form-group text-left">
+                                        <div class="col-sm-12" >
+                                            <form action="/Shibboleth.sso/Login" method="POST" autocomplete="OFF" class="form-inline">
+                                                <input type="hidden" name="SAMLDS" value="1"/>
+                                                <input name="target" value="#{systemConfig.dataverseSiteUrl}/shib.xhtml" type="hidden"/>
+                                                <!-- <div class="IdPSelectTextDiv help-block"></div> -->
+                                                <div class="form-group">
+                                                    <div class="col-sm-9 button-block">
+                                                        <button id="login" name="login" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only btn btn-default" onclick="return true;" type="submit" role="button" aria-disabled="false">
+                                                            <!-- <span class="ui-button-text ui-c text-nowrap">#{bundle['login.institution']}</span> -->
+                                                            <!-- #{bundle['login.institution']} used to be 'Institutional Login' -->
+                                                            <span class="ui-button-text ui-c text-nowrap">
+                                                                <h:outputText value="#{LoginPage.getLoginButtonText()}"/>
+                                                            </span>
+                                                        </button>
+                                                    </div>
+                                                </div>
+                                            </form>
+                                        </div>
+                                    </div>
+                                </div>
+                                </div>
+                                <!-- DANS Shib login without discofeed - End -->
+                                <div jsf:rendered="#{settingsWrapper.shibIdpSelectEnabled}">
+                                <div class="form-horizontal" >
                                     <div class="form-group text-left">
                                         <label class="col-sm-4 control-label">
                                             #{bundle['auth.providers.title.shib']}
@@ -162,6 +188,7 @@
                                 <script src="/resources/js/shib/idpselect.js"></script>
                                 <script src="/resources/js/shib/idpselect_style.js"></script>
                             </div>
+                            </div>
 
                             <!--ONLY RENDER BUTTON FOR OAUTH PROVIDERS (ORCID, Google, GitHub)-->
                             <div class="form-horizontal" jsf:rendered="#{LoginPage.authProvider.OAuthProvider}">