-
Notifications
You must be signed in to change notification settings - Fork 0
8 14 2023 Tech Team Report
qqmyers edited this page Aug 14, 2023
·
1 revision
| Date | Task | Hours (Main) | Hours (EOLS) | Hours (PII) | Hours (QDAS) |
|---|---|---|---|---|---|
| 7-Aug-2023 | Reporting, meeting, investigate reported missing guestbook scenarios | 2 | |||
| 8-Aug-2023 | Continue investigating missing guestbook issue, find/fix issues re: no popup when no TofA and GBAR, no validation/messaging, SSO - try reg form, start tracking/fixing LDAP save issues, e.g. re: removal of posixAccount class. | 4 | |||
| 9-Aug-2023 | Remove gidNumber, start migrating t&c functionality from shib-auth module | 4 | |||
| 10-Aug-2023 | Get T&C ~working for existing and new users, investigate/fix issue with getting new accounts from both ORCID/Google and local working with same Keycloak config, start investigating redirect for new accounts to reg form, check/remove some unused shib_auth related code in qdr_oidc_sso module. | 6 | |||
| 11-Aug-2023 | Develop reg form variants for social new users, investigate/change keycloak-orcid plugin to use email as username/id/uid to match existing accounts. | 6 |
- Refactor Terms&Conditions code to remove the connections to the shib_auth module and to trigger it after OIDC login (when needed)
- Update LDAP code in qdr custom modules to no longer send the posixAccount class and related attributes. (FWIW: It was difficult to support attributes that aren't hardcoded or directly connected to OIDC attributes, so I removed posixAccount earlier on the Keycloak side. This week I removed the LDAP code that was writing these removed attributes from Drupal upon new account creation. posixAccount included a gidNumber which we had hardcoded, another attribute that we just used as a sequential counter, and a directory path that we set but never used.)
- Investigated problem in getting new accounts from Google and ORCID to work at the same time - as it was, when Google worked, ORCID accounts would get the ORCID itself as the Drupal/LDAP account name (instead of email). That could be fixed with a Keycloak config change, but that would break Google. I resolved this by making a change to the open-source keycloak-orcid plugin. The downside of this is that we need to maintain a fork there. It may be that this won't be needed if/when we switch to having account names separate from the email/the ability to change the email associated with existing accounts. Until then, this looks like a workable fix.
- Investigate/start development to support popping up a partial reg form when creating a new account via ORCID/Google. This allows us to ask the questions about being over 18 and in an allowed country as we do with local login. As of the end of last week, I had most of the form creation and validation working and just need to finish the submit step (i.e. to update Drupal/LDAP, adding the reg form answers to the initial minimal entry created by Keycloak/OIDC login.)
- Prioritize completing the reg form over agreeing to the T&C for new accounts. This ~mirrors the local account creation process (fill in reg form, then accept T&C).
- Investigate reported 'missing guestbook' scenarios - unable to reproduce, appears to be gone after other fixes
- Find/fix issue with no popup for access requests when there are no terms of access but guestbook-at-request is enabled,
- Find fix issues with validation (i.e. requiring required fields) and error messaging
- Status: SSO for current accounts should be working for local and Google or ORCID accounts, with a check for terms-and-conditions
- For using Google/ORCID for new accounts, we're close to having new users redirected to finish filling out the reg form (a modified copy that doesn't ask for name/email (already provided by the OIDC login) or local password (never used)).
- SSO - continue to explore/build OIDC options
- Finalize handling for new accounts from Google/ORCID, e.g. submission of the reg form questions.
- Setup email from keycloak to allow 'forgot password' from Keycloak.
- Cleanup old Shib code, document, verify deploy from github
- Start process to get formal Google/ORCID production creds for our app (needed to go beyond a few test users)
- Fix #115 if possible
- Matomo - investigate event-level tracking via tag manager, remove non-working google scripts
- AnnoRep - explore round-trip, configure auto-start and log rotation
- Ops
- Clean out old corrupt test datasets
- check missing globalidcreationdates and fix via /modifyRegistration or alternative
- Dataverse
- Track ADA guestbook branch and merge when working, Make PR for guestbook adding datasetversion fix, deploy to stage
- Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
- Drupal - v10 - review compatibility and start updates.
- QDAS Previewer
- Updates per request
- Investigate writing aux file/previewing lower-sensitivity version and/or other write options
- TBD: FRDR Security