8 14 2023 Tech Team Report - QualitativeDataRepository/TechnicalTeam GitHub Wiki

8-14-2023

Logged Tasks

                            Date             Task Hours (Main) Hours (EOLS) Hours (PII) Hours (QDAS)
7-Aug-2023 Reporting, meeting, investigate reported missing guestbook scenarios 2
8-Aug-2023 Continue investigating missing guestbook issue, find/fix issues re: no popup when no TofA and GBAR, no validation/messaging, SSO - try reg form, start tracking/fixing LDAP save issues, e.g. re: removal of posixAccount class. 4
9-Aug-2023 Remove gidNumber, start migrating t&c functionality from shib-auth module 4
10-Aug-2023 Get T&C ~working for existing and new users, investigate/fix issue with getting new accounts from both ORCID/Google and local working with same Keycloak config, start investigating redirect for new accounts to reg form, check/remove some unused shib_auth related code in qdr_oidc_sso module. 6
11-Aug-2023 Develop reg form variants for social new users, investigate/change keycloak-orcid plugin to use email as username/id/uid to match existing accounts. 6

Operations

SSO

  • Refactor Terms&Conditions code to remove the connections to the shib_auth module and to trigger it after OIDC login (when needed)
  • Update LDAP code in qdr custom modules to no longer send the posixAccount class and related attributes. (FWIW: It was difficult to support attributes that aren't hardcoded or directly connected to OIDC attributes, so I removed posixAccount earlier on the Keycloak side. This week I removed the LDAP code that was writing these removed attributes from Drupal upon new account creation. posixAccount included a gidNumber which we had hardcoded, another attribute that we just used as a sequential counter, and a directory path that we set but never used.)
  • Investigated problem in getting new accounts from Google and ORCID to work at the same time - as it was, when Google worked, ORCID accounts would get the ORCID itself as the Drupal/LDAP account name (instead of email). That could be fixed with a Keycloak config change, but that would break Google. I resolved this by making a change to the open-source keycloak-orcid plugin. The downside of this is that we need to maintain a fork there. It may be that this won't be needed if/when we switch to having account names separate from the email/the ability to change the email associated with existing accounts. Until then, this looks like a workable fix.
  • Investigate/start development to support popping up a partial reg form when creating a new account via ORCID/Google. This allows us to ask the questions about being over 18 and in an allowed country as we do with local login. As of the end of last week, I had most of the form creation and validation working and just need to finish the submit step (i.e. to update Drupal/LDAP, adding the reg form answers to the initial minimal entry created by Keycloak/OIDC login.)
  • Prioritize completing the reg form over agreeing to the T&C for new accounts. This ~mirrors the local account creation process (fill in reg form, then accept T&C).

Drupal

Dataverse

  • Investigate reported 'missing guestbook' scenarios - unable to reproduce, appears to be gone after other fixes
  • Find/fix issue with no popup for access requests when there are no terms of access but guestbook-at-request is enabled,
  • Find fix issues with validation (i.e. requiring required fields) and error messaging

AnnoRep

Discussion

  • Status: SSO for current accounts should be working for local and Google or ORCID accounts, with a check for terms-and-conditions
  • For using Google/ORCID for new accounts, we're close to having new users redirected to finish filling out the reg form (a modified copy that doesn't ask for name/email (already provided by the OIDC login) or local password (never used)).

Plans

  • SSO - continue to explore/build OIDC options
    • Finalize handling for new accounts from Google/ORCID, e.g. submission of the reg form questions.
    • Setup email from keycloak to allow 'forgot password' from Keycloak.
    • Cleanup old Shib code, document, verify deploy from github
    • Start process to get formal Google/ORCID production creds for our app (needed to go beyond a few test users)
  • Fix #115 if possible
  • Matomo - investigate event-level tracking via tag manager, remove non-working google scripts
  • AnnoRep - explore round-trip, configure auto-start and log rotation
  • Ops
    • Clean out old corrupt test datasets
    • check missing globalidcreationdates and fix via /modifyRegistration or alternative
  • Dataverse
    • Track ADA guestbook branch and merge when working, Make PR for guestbook adding datasetversion fix, deploy to stage
    • Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
  • Drupal - v10 - review compatibility and start updates.
  • QDAS Previewer
    • Updates per request
    • Investigate writing aux file/previewing lower-sensitivity version and/or other write options
  • TBD: FRDR Security