clarin-dspace
clarin-dspace copied to clipboard
ufal
Shibboleth not updating email, first name, last name
EPerson's email, firstname and/or last name should be updated when the idp sends updated attributes.
The issue is https://github.com/ufal/clarin-dspace/blob/d3715efe7d57371e0baf981b89d56bd6043ae22f/dspace-api/src/main/java/cz/cuni/mff/ufal/dspace/authenticate/ShibAuthentication.java#L749-L754
where only values that have not been set are updated. Ie. the email, firstname and lastname keep the values from the first visit of the user. There's no option for the user to change these and we even show "This field is automatically filled in from authenticated session attributes". More details on how this happened below.
- [ ] allow updating of email/firstname/lastname (looks like an easy fix https://github.com/ufal/clarin-dspace/compare/ufal:d3715ef...kosarko:700315e)
- [ ] cope with situation where the idp provides no email (ie. don't overwrite what user has filled in with blank)
- [ ] This can complicate logins for some users. Some our old users have pre shibboleth (password) accounts. For some of them we've received multivalued email attribute, that we didn't treat properly - that was a bug (6a641b0 and others). Ie the shibboleth identity was not paired with the existing password only account (as the emails differed). Now if one of these people logs in the update might violate the uniqueness constraint on email (we choose the first value from the multivalued attribute, but that might already exist in the database)
There was a time when users could update their details, but this was getting overwritten by sometimes nonsensical values from shibboleth...
From our old private issue tracker:
commit a17488d8b18f76e31a59d42848b5457832d031c5
Author: xxx <[email protected]>
Date: Thu Jul 17 11:32:51 2014 +0200
Bug #777 - email, first name and lastname now updated upon login only if the
existing values are not filled.
Bug #777
Updating user profile
Added by Anonymous about 2 years ago. Updated about 1 year ago.
Status: Closed Start date: 07/16/2014
Priority: Normal Due date:
Assignee: xxx % Done:
100%
Category: Utilities
Target version: v2014.30
Resolution: Created for sprint:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Description
Logging in via CLARIN (where my profile info is probably blank) updating the user profile doesn't work:
when I change my name and surname to what it should be, the next time I log in,
the name is blank again and my surname resets to "NA".
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#4 Updated by yyy over 1 year ago
* Assignee changed from zzz to xxx
There are two possibilities:
1) check whether the strings sent by IdPs are not empty, if they are empty do not overwrite them
2) do not overwrite anything that is non empty
I would go with 2)
The issue is then continued in (now obsolete) https://github.com/ufal/lindat-repository-obsolete/issues/4 and ends with the following:
Should we add custom flag to eperson that will mean that the user himself is managing his personal data?
not at the moment
