OIDC migration

* moved from OPENID 2.0 to OIDC
* removed all user management references from site
** Registration
** Password recovery
** email verification

Author: smarcet

README.md

@@ -65,3 +65,27 @@ CloudAssets:
       AuthURL: keystone base url 
       LocalCopy: false     
 ````
+
+## OIDC
+
+settings for oidc configuration on _ss_environment.php file
+
+````PHP
+// OIDC
+define('OIDC_CLIENT', '');
+
+define('OIDC_CLIENT_SECRET', '');
+
+
+//set true on production mode, otherwise false
+define('OIDC_VERIFY_HOST',false);
+````
+
+on idp under allowed URIs you need to register following one
+
+* https://hostname/openstackidauthenticator
+
+under security settings you need to set Id Token Signed Response Algorithm 
+
+
+

composer.json

@@ -37,6 +37,10 @@
     {
       "type": "vcs",
       "url": "https://github.com/OpenStackweb/silverstripe-framework"
+    },
+    {
+      "type": "vcs",
+      "url": "https://github.com/OpenStackweb/OpenID-Connect-PHP"
     }
   ],
   "require": {
@@ -85,7 +89,8 @@
     "smarcet/caldavclient": "1.1.7",
     "smarcet/silverstripe-cloudassets-swift": "dev-master",
     "markguinn/silverstripe-cloudassets": "dev-master",
-    "php-opencloud/openstack": "dev-master"
+    "php-opencloud/openstack": "dev-master",
+    "jumbojett/openid-connect-php": "dev-master"
   },
   "require-dev": {
     "behat/behat": "@stable",

composer.lock

@@ -113,10 +113,6 @@ jobs:
     cron_expression: "59 11 * * *"
     enabled: 1
 
-  - name: "OpenStackIdCleanInvalidNoncesAssocsTask"
-    cron_expression: "00 03 * * *" # run at 0300 AM every day
-    enabled: 1
-
   - name: "MemberSpammerProcessorTask"
     cron_expression: "00 03 * * *" # run at 0300 AM every day
     enabled: 1

cron_jobs_scheduler/_config/schedule.yml

@@ -41,6 +41,7 @@ public function convert2SiteUser()
     {
         $this->resign();
         $this->owner->addToGroupByCode(IFoundationMember::CommunityMemberGroupSlug);
+        $this->owner->write();
     }
 
     /**
@@ -63,8 +64,8 @@ public function resign()
                 $document->delete();
             }
         }
-
-        $this->owner->ResignDate = CustomMySQLDatabase::nowRfc2822();
+        $this->owner->MembershipType = IOpenStackMember::MembershipTypeCommunity;
+        $this->owner->ResignDate     = CustomMySQLDatabase::nowRfc2822();
     }
 
     public function onBeforeDelete()
@@ -94,6 +95,9 @@ public function upgradeToFoundationMember()
             $legalAgreement->MemberID = $this->owner->ID;
             $legalAgreement->LegalDocumentPageID = 422;
             $legalAgreement->write();
+            $this->owner->MembershipType = IOpenStackMember::MembershipTypeFoundation;
+            $this->owner->ResignDate  = null;
+            $this->owner->write();
             return true;
         }
         return false;
@@ -102,7 +106,7 @@ public function upgradeToFoundationMember()
     public function isFoundationMember()
     {
         $res = $this->owner->inGroup(IFoundationMember::FoundationMemberGroupSlug);
-        $legal_agreements = DataObject::get("LegalAgreement", " LegalDocumentPageID=422 AND MemberID =" . $this->owner->ID);
+        $legal_agreements = DataObject::get("LegalAgreement", " LegalDocumentPageID = 422 AND MemberID =" . $this->owner->ID);
         $res = $res && $legal_agreements->count() > 0;
         return $res;
     }

elections/code/infrastructure/active_records/FoundationMember.php

@@ -124,3 +124,5 @@ migrations:
   - ShanghaiPresentationSlugMigration
   - Election2018Migration
   - JobCompanyMigrationTask
+  - DeleteNullEmailMigration
+  - UpdateMemberShipTypeMigration

migrations/migrations.yml

@@ -6,22 +6,9 @@ Member:
   extensions:
     - OpenStackIdMember
 Injector:
-  OpenStackIdMySQLStore:
-    constructor:
-      0: %$OpenStackIdDatabaseConnection
-  Auth_OpenID_Consumer:
-    constructor:
-      0: '%$OpenStackIdMySQLStore'
-      1: '%$SilverStripeSessionWrapper'
   Security:
     class: OpenStackIdSecurityController
-    constructor:
-      0: '%$Auth_OpenID_Consumer'
   OpenStackIdAuthenticator:
     constructor:
       0: '%$MemberRepository'
-      1: '%$OpenStackIdMySQLStore'
-      2: '%$Auth_OpenID_Consumer'
-  OpenStackIdCleanInvalidNoncesAssocsTask:
-    constructor:
-      0: '%$OpenStackIdMySQLStore'
+      1: '%$MemberManager'