From 5038526569ec074acb0fd33d748971963b9cd1de Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Fri, 24 Feb 2017 17:08:32 +0200
Subject: [PATCH] Added support for fetching VuFind account in ILS login by
 patron ID (#905)

- Added support for fetching VuFind account in ILS login primarily by the patron ID that the ILS driver returns. This allows long-term consistency if other user details like barcodes change.
- Note that this new field is currently ONLY populated when ILS authentication is used; it is ignored under other circumstances.
---
 .../pgsql/4.0/002-modify-user-columns.sql          |  8 ++++++++
 module/VuFind/sql/mysql.sql                        |  4 +++-
 module/VuFind/sql/pgsql.sql                        |  4 +++-
 module/VuFind/src/VuFind/Auth/ILS.php              | 11 ++++++++++-
 module/VuFind/src/VuFind/Db/Row/User.php           | 14 ++++++++++++++
 module/VuFind/src/VuFind/Db/Table/User.php         | 14 +++++++++++++-
 6 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 module/VuFind/sql/migrations/pgsql/4.0/002-modify-user-columns.sql

diff --git a/module/VuFind/sql/migrations/pgsql/4.0/002-modify-user-columns.sql b/module/VuFind/sql/migrations/pgsql/4.0/002-modify-user-columns.sql
new file mode 100644
index 00000000000..72621b0eeb9
--- /dev/null
+++ b/module/VuFind/sql/migrations/pgsql/4.0/002-modify-user-columns.sql
@@ -0,0 +1,8 @@
+--
+-- Modifications to table `user`
+--
+
+ALTER TABLE "user"
+  ADD COLUMN cat_id varchar(255);
+
+CREATE UNIQUE INDEX cat_id ON "user" (cat_id);
diff --git a/module/VuFind/sql/mysql.sql b/module/VuFind/sql/mysql.sql
index 79fc0fa231e..d00b13cd4fc 100644
--- a/module/VuFind/sql/mysql.sql
+++ b/module/VuFind/sql/mysql.sql
@@ -189,6 +189,7 @@ CREATE TABLE `user` (
   `firstname` varchar(50) NOT NULL DEFAULT '',
   `lastname` varchar(50) NOT NULL DEFAULT '',
   `email` varchar(255) NOT NULL DEFAULT '',
+  `cat_id` varchar(255) DEFAULT NULL,
   `cat_username` varchar(50) DEFAULT NULL,
   `cat_password` varchar(70) DEFAULT NULL,
   `cat_pass_enc` varchar(170) DEFAULT NULL,
@@ -198,7 +199,8 @@ CREATE TABLE `user` (
   `created` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
   `verify_hash` varchar(42) NOT NULL DEFAULT '',
   PRIMARY KEY (`id`),
-  UNIQUE KEY `username` (`username`)
+  UNIQUE KEY `username` (`username`),
+  UNIQUE KEY `cat_id` (`cat_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
diff --git a/module/VuFind/sql/pgsql.sql b/module/VuFind/sql/pgsql.sql
index cc6bf8c392a..15a7a251e45 100644
--- a/module/VuFind/sql/pgsql.sql
+++ b/module/VuFind/sql/pgsql.sql
@@ -114,6 +114,7 @@ pass_hash varchar(60) DEFAULT NULL,
 firstname varchar(50) NOT NULL DEFAULT '',
 lastname varchar(50) NOT NULL DEFAULT '',
 email varchar(255) NOT NULL DEFAULT '',
+cat_id varchar(255) DEFAULT NULL,
 cat_username varchar(50) DEFAULT NULL,
 cat_password varchar(70) DEFAULT NULL,
 cat_pass_enc varchar(170) DEFAULT NULL,
@@ -123,7 +124,8 @@ home_library varchar(100) NOT NULL DEFAULT '',
 created timestamp NOT NULL DEFAULT '1970-01-01 00:00:00',
 verify_hash varchar(42) NOT NULL DEFAULT '',
 PRIMARY KEY (id),
-UNIQUE (username)
+UNIQUE (username),
+UNIQUE (cat_id)
 );
 
 
diff --git a/module/VuFind/src/VuFind/Auth/ILS.php b/module/VuFind/src/VuFind/Auth/ILS.php
index 5a0a05ebed6..a36db29c27d 100644
--- a/module/VuFind/src/VuFind/Auth/ILS.php
+++ b/module/VuFind/src/VuFind/Auth/ILS.php
@@ -227,7 +227,16 @@ class ILS extends AbstractBase
         }
 
         // Check to see if we already have an account for this user:
-        $user = $this->getUserTable()->getByUsername($info[$usernameField]);
+        $userTable = $this->getUserTable();
+        if (!empty($info['id'])) {
+            $user = $userTable->getByCatalogId($info['id']);
+            if (empty($user)) {
+                $user = $userTable->getByUsername($info[$usernameField]);
+                $user->saveCatalogId($info['id']);
+            }
+        } else {
+            $user = $userTable->getByUsername($info[$usernameField]);
+        }
 
         // No need to store the ILS password in VuFind's main password field:
         $user->password = '';
diff --git a/module/VuFind/src/VuFind/Db/Row/User.php b/module/VuFind/src/VuFind/Db/Row/User.php
index d72c030e31a..8b4646d6c2c 100644
--- a/module/VuFind/src/VuFind/Db/Row/User.php
+++ b/module/VuFind/src/VuFind/Db/Row/User.php
@@ -102,6 +102,20 @@ class User extends RowGateway implements \VuFind\Db\Table\DbTableAwareInterface,
         $this->cat_pass_enc = null;
     }
 
+    /**
+     * Save ILS ID.
+     *
+     * @param string $catId Catalog ID to save.
+     *
+     * @return mixed        The output of the save method.
+     * @throws \VuFind\Exception\PasswordSecurity
+     */
+    public function saveCatalogId($catId)
+    {
+        $this->cat_id = $catId;
+        return $this->save();
+    }
+
     /**
      * Save ILS login credentials.
      *
diff --git a/module/VuFind/src/VuFind/Db/Table/User.php b/module/VuFind/src/VuFind/Db/Table/User.php
index 9906211f537..1be5b5f0fc2 100644
--- a/module/VuFind/src/VuFind/Db/Table/User.php
+++ b/module/VuFind/src/VuFind/Db/Table/User.php
@@ -78,7 +78,7 @@ class User extends Gateway
     /**
      * Create a row for the specified username.
      *
-     * @param string $username Username to use for retrieval.
+     * @param string $username Username
      *
      * @return UserRow
      */
@@ -90,6 +90,18 @@ class User extends Gateway
         return $row;
     }
 
+    /**
+     * Retrieve a user object from the database based on catalog ID.
+     *
+     * @param string $catId Catalog ID.
+     *
+     * @return UserRow
+     */
+    public function getByCatalogId($catId)
+    {
+        return $this->select(['cat_id' => $catId])->current();
+    }
+
     /**
      * Retrieve a user object from the database based on username; when requested,
      * create a new row if no existing match is found.
-- 
GitLab