From d1377f9070c86e5887933c25ef960f2aa920942d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 9 Nov 2016 14:36:30 -0500
Subject: [PATCH] don't suggest "your institution" for remote auth #3338

---
 src/main/java/Bundle.properties               |  2 +-
 .../iq/dataverse/authorization/AuthUtil.java  | 31 +++++++++++++
 .../AuthenticationServiceBean.java            |  6 ++-
 .../providers/builtin/DataverseUserPage.java  |  6 +++
 src/main/webapp/dataverseuser.xhtml           |  4 +-
 .../dataverse/authorization/AuthUtilTest.java | 45 +++++++++++++++++++
 6 files changed, 90 insertions(+), 4 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/authorization/AuthUtil.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/authorization/AuthUtilTest.java

diff --git a/src/main/java/Bundle.properties b/src/main/java/Bundle.properties
index ea1764dcbc1..c0c17d47ebb 100755
--- a/src/main/java/Bundle.properties
+++ b/src/main/java/Bundle.properties
@@ -166,7 +166,7 @@ notification.access.revoked.datafile=You have been removed from a role in {0}.
 removeNotification=Remove Notification
 groupAndRoles.manageTips=Here is where you can access and manage all the groups you belong to, and the roles you have been assigned.
 user.signup.tip=Why have a Dataverse account? To create your own dataverse and customize it, add datasets, or request access to restricted files.
-user.institutionLogIn.tip=Want to create your account through your institution? <a href="/loginpage.xhtml" title="Dataverse Log In">Log In</a> here.
+user.suggestNonLocalLogin.tip=Too many passwords? <a href="/loginpage.xhtml" title="Dataverse Log In">Log In</a> with existing credentials.
 user.username.illegal.tip=Between 2-60 characters, and can use "a-z", "0-9", "_" for your username.
 user.username=Username
 user.username.taken=This username is already taken.
diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthUtil.java b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthUtil.java
new file mode 100644
index 00000000000..22b8c480eee
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthUtil.java
@@ -0,0 +1,31 @@
+package edu.harvard.iq.dataverse.authorization;
+
+import edu.harvard.iq.dataverse.authorization.providers.builtin.DataverseUserPage;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider;
+import java.util.Collection;
+import java.util.logging.Logger;
+
+public class AuthUtil {
+
+    private static final Logger logger = Logger.getLogger(DataverseUserPage.class.getCanonicalName());
+
+    public static boolean isNonLocalLoginEnabled(boolean shibEnabled, Collection<AuthenticationProvider> providers) {
+        if (shibEnabled) {
+            return true;
+        } else {
+            logger.fine("Shib is not enabled.");
+        }
+        if (providers != null) {
+            for (AuthenticationProvider provider : providers) {
+                if (provider instanceof AbstractOAuth2AuthenticationProvider) {
+                    logger.fine("found an oauth provider (returning true): " + provider.getId());
+                    return true;
+                } else {
+                    logger.fine("not an oauth provider: " + provider.getId());
+                }
+            }
+        }
+        return false;
+    }
+
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
index 4f6e481052a..779c756b5c7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
@@ -1,6 +1,5 @@
 package edu.harvard.iq.dataverse.authorization;
 
-import edu.harvard.iq.dataverse.UserNotification;
 import edu.harvard.iq.dataverse.UserNotificationServiceBean;
 import edu.harvard.iq.dataverse.search.IndexServiceBean;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
@@ -26,6 +25,7 @@
 import edu.harvard.iq.dataverse.passwordreset.PasswordResetServiceBean;
 import java.sql.Timestamp;
 import java.util.Calendar;
+import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -197,6 +197,10 @@ public void deregisterProvider( String id ) {
     public Set<String> getAuthenticationProviderIds() {
         return authenticationProviders.keySet();
     }
+
+    public Collection<AuthenticationProvider> getAuthenticationProviders() {
+        return authenticationProviders.values();
+    }
     
     public <T extends AuthenticationProvider> Set<String> getAuthenticationProviderIdsOfType( Class<T> aClass ) {
         Set<String> retVal = new TreeSet<>();
diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/DataverseUserPage.java b/src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/DataverseUserPage.java
index 56777864fc5..adb250a3488 100644
--- a/src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/DataverseUserPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/authorization/providers/builtin/DataverseUserPage.java
@@ -16,6 +16,7 @@
 import edu.harvard.iq.dataverse.UserNotification;
 import static edu.harvard.iq.dataverse.UserNotification.Type.CREATEDV;
 import edu.harvard.iq.dataverse.UserNotificationServiceBean;
+import edu.harvard.iq.dataverse.authorization.AuthUtil;
 import edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -119,6 +120,7 @@ public enum EditMode {
     private String selectTab = "somedata";
     UIInput usernameField;
     private String username;
+    boolean nonLocalLoginEnabled;
     
     public String init() {
 
@@ -610,4 +612,8 @@ public void setUsername(String username) {
         this.username = username;
     }
 
+    public boolean isNonLocalLoginEnabled() {
+        return AuthUtil.isNonLocalLoginEnabled(systemConfig.isShibEnabled(), authenticationService.getAuthenticationProviders());
+    }
+
 }
\ No newline at end of file
diff --git a/src/main/webapp/dataverseuser.xhtml b/src/main/webapp/dataverseuser.xhtml
index cc099225c49..9677548d0e9 100644
--- a/src/main/webapp/dataverseuser.xhtml
+++ b/src/main/webapp/dataverseuser.xhtml
@@ -383,8 +383,8 @@
 
                     <p:tabView id="accountInfoView" rendered="#{!empty DataverseUserPage.editMode}">
                         <p:tab id="accountInfoEdit" title="#{bundle['account.info']}">
-                            <ui:fragment rendered="#{DataverseUserPage.editMode == 'CREATE' and systemConfig.shibEnabled == true}">
-                                <p class="help-block"><span class="glyphicon glyphicon-info-sign"/> <h:outputText value=" #{bundle['user.institutionLogIn.tip']}" escape="false"/></p>
+                            <ui:fragment rendered="#{DataverseUserPage.editMode == 'CREATE' and DataverseUserPage.nonLocalLoginEnabled}">
+                                <p class="help-block"><span class="glyphicon glyphicon-info-sign"/> <h:outputText value=" #{bundle['user.suggestNonLocalLogin.tip']}" escape="false"/></p>
                             </ui:fragment>
                             <div class="form-horizontal">
                                 <div class="form-group" jsf:rendered="#{DataverseUserPage.editMode == 'CREATE' or DataverseUserPage.editMode == 'EDIT'}">
diff --git a/src/test/java/edu/harvard/iq/dataverse/authorization/AuthUtilTest.java b/src/test/java/edu/harvard/iq/dataverse/authorization/AuthUtilTest.java
new file mode 100644
index 00000000000..3baec6ff431
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/authorization/AuthUtilTest.java
@@ -0,0 +1,45 @@
+package edu.harvard.iq.dataverse.authorization;
+
+import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GoogleOAuth2AP;
+import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP;
+import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
+import java.util.Collection;
+import java.util.HashSet;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class AuthUtilTest {
+
+    /**
+     * Test of isNonLocalLoginEnabled method, of class AuthUtil.
+     */
+    @Test
+    public void testIsNonLocalLoginEnabled() {
+        System.out.println("isNonLocalLoginEnabled");
+
+        // no shib, no providers!
+        assertEquals(false, AuthUtil.isNonLocalLoginEnabled(false, null));
+
+        // yes shib, no providers
+        assertEquals(true, AuthUtil.isNonLocalLoginEnabled(true, null));
+
+        Collection<AuthenticationProvider> manyNonLocal = new HashSet<>();
+        manyNonLocal.add(new ShibAuthenticationProvider());
+        manyNonLocal.add(new GitHubOAuth2AP(null, null));
+        manyNonLocal.add(new GoogleOAuth2AP(null, null));
+        manyNonLocal.add(new OrcidOAuth2AP(null, null, null));
+        // yes shib, yes non local providers
+        assertEquals(true, AuthUtil.isNonLocalLoginEnabled(true, manyNonLocal));
+        // no shib, yes non local providers
+        assertEquals(true, AuthUtil.isNonLocalLoginEnabled(false, manyNonLocal));
+
+        Collection<AuthenticationProvider> onlyBuiltin = new HashSet<>();
+        onlyBuiltin.add(new BuiltinAuthenticationProvider(null));
+        // no shib, only builtin provider
+        assertEquals(false, AuthUtil.isNonLocalLoginEnabled(false, onlyBuiltin));
+
+    }
+
+}