Merge branch 'release-2.0'

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v2.0.5] - 2021-04-08
+
+### Added
+
+- Support for redirecting user to community signup flow without affiliation information
+
 ## [v2.0.4] - 2021-01-25
 
 ### Fixed

README.md

@@ -144,7 +144,7 @@ This table matches the module version with the supported SimpleSAMLphp version.
 | Module   |  SimpleSAMLphp |
 |:--------:|:--------------:|
 | v1.x     | v1.14          |
-| v2.x     | v1.17          |
+| v2.x     | v1.17+         |
 
 
 ## License

lib/Auth/Process/COmanageDbClient.php

@@ -38,10 +38,11 @@
  *            'certificate' => false,
  *            'retrieveSshKeys' => true,
  *            'registryUrls' => [
- *               'self_sign_up'      => 'https://example.com/registry/co_petitions/start/coef:1',
- *               'sign_up'           => 'https://example.com/registry/co_petitions/start/coef:2',
- *               'community_sign_up' => 'https://example.com/registry/co_petitions/start/coef:3',
- *               'registry_login'    => 'https://example.com/registry/co_petitions/auth/login',
+ *               'self_sign_up'             => 'https://example.com/registry/co_petitions/start/coef:1',
+ *               'sign_up'                  => 'https://example.com/registry/co_petitions/start/coef:2',
+ *               'community_sign_up'        => 'https://example.com/registry/co_petitions/start/coef:3',
+ *               'community_sign_up_no_aff' => 'https://example.com/registry/co_petitions/start/coef:4',
+ *               'registry_login'           => 'https://example.com/registry/co_petitions/auth/login',
  *            ],
  *            // Currently only Indentifier attributes are supported, like
  *            'attrMap' => [
@@ -328,20 +329,40 @@ public function process(&$state)
                 $state['basicInfo'] = $basicInfo;
             }
             if (empty($basicInfo['id']) || empty($basicInfo['status']) || ($basicInfo['status'] !== 'A' && $basicInfo['status'] !== 'GP')) {
-                  if ($basicInfo['status'] === 'S') {
-                      $this->showError('attrauthcomanage:attrauthcomanage:exception_SUSPENDED_USER');
-                  }
-                  $state['UserID'] = $orgId;
-                  $state['ReturnProc'] = [get_class($this), 'retrieveCOPersonData'];
-                  $params = [];
-                  $id = State::saveState($state, 'attrauthcomanage:register');
-                  $callback = Module::getModuleURL('attrauthcomanage/idp_callback.php', ['stateId' => $id]);
-                  Logger::debug("[attrauthcomanage] process: callback url => " . $callback);
-                  $params = ["targetnew" => $callback];
-                  if (!empty($state['saml:AuthenticatingAuthority']) && in_array(end($state['saml:AuthenticatingAuthority']), $this->communityIdps, true)) {
-                    HTTP::redirectTrustedURL($this->registryUrls['community_sign_up'], $params);
-                  }
-                  $this->_redirect($basicInfo, $state, $params);
+                if ($basicInfo['status'] === 'S') {
+                    $this->showError('attrauthcomanage:attrauthcomanage:exception_SUSPENDED_USER');
+                }
+                $state['UserID'] = $orgId;
+                $state['ReturnProc'] = [get_class($this), 'retrieveCOPersonData'];
+                $params = [];
+                $id = State::saveState($state, 'attrauthcomanage:register');
+                $callback = Module::getModuleURL('attrauthcomanage/idp_callback.php', ['stateId' => $id]);
+                Logger::debug("[attrauthcomanage] process: callback url => " . $callback);
+                $params = ["targetnew" => $callback];
+                // Check if community signup is required
+                if (
+                    !empty($state['saml:AuthenticatingAuthority'])
+                    && in_array(end($state['saml:AuthenticatingAuthority']), $this->communityIdps, true)
+                ) {
+                    // Redirect to community signup flow with all
+                    // attributes available including affiliation
+                    if (
+                        empty($this->registryUrls['community_sign_up_no_aff'])
+                        || (!empty($state['Attributes']['voPersonExternalAffiliation'])
+                        && !empty($state['Attributes']['mail'])
+                        && !empty($state['Attributes']['givenName'])
+                        && !empty($state['Attributes']['sn']))
+                    ) {
+                        // Redirect to default community signup flow if
+                        // 1. there is no other specific community signup defined
+                        // or
+                        // 2. all signup attributes are available, including affiliation
+                        HTTP::redirectTrustedURL($this->registryUrls['community_sign_up'], $params);
+                    } else {
+                        HTTP::redirectTrustedURL($this->registryUrls['community_sign_up_no_aff'], $params);
+                    }
+                }
+                $this->_redirect($basicInfo, $state, $params);
             }
             // Get all the data from the COPerson and import them in the state
             $this->retrieveCOPersonData($state);