User activity tracking / last activity date

I don't see any changes to SIP2 to actually trigger SIP logins outside of the SIP2 connections themselves.

From what I know, SIP2 currently doesn't require password verification and when it does verify passwords for patrons it does so with direct MD5 checking, without consulting the auth service at all. It thus likely needs special case code for this tracking. It may also be nice if an institution level variable existed to determine what patron level requests to SIP2 use for the tracking agent.

Whoa, thanks tsbere. That slipped through the cracks. My plan was to replace the current SIP::Patron::check_password() implementation with one that calls open-ils.auth.authenticate.verify.

I'm not sure I follow "to determine what patron level requests to SIP2 use for the tracking agent".

I wouldn't trust that check_password is being called, as I said passwords aren't required by all services that use SIP2 to authenticate cards.

As for the tracking agent or whatever: I am recommending an institution variable to override the ingress value for patron validation. You may want to differentiate different vendors that trigger via SIP2, after all.

A second thought on ingress and differentiation between vendors on SIP2:

I wouldn't complain if a custom field could be passed in over SIP2 to set the ingress value, perhaps if allowed by the institution. Would help with sites that use SIP2 for authentication of a number of databases and you want to track which ones are being used.

In that case, I believe we want to override/set the "who" value, not the ingress, which will always be sip2.

How does this sound:

In SIP::Patron->new, when a user is successfully found, do a direct insert (via cstore) to usr_activity with parameters ehow=sip2, ewhat=verify, ewho=$proposed_institution_variable. This should cover all patron-related SIP activity.

A SIP extension for passing the "ewho" value does not sound crazy.

So, based on your "how does this sound", the ewho would default to the institution variable, but could be overridden by the custom SIP Extension field.

Perhaps with the institution variable having a "force" flag to say "I don't care if they do pass something else in, use what I say anyway"?

That would work for me.

Yep, exactly. Force flag makes sense, too.

Thought and suggestion on the ewho value, how about adding a new attribute to //acsconfig/accounts/login, maybe ils_activity, which holds the ewho for that login.

That could work instead of (or as an override to) the institution level one. Perhaps better in many cases, so you don't need a full institution block for each vendor.

Still would like the option of specifying via SIP2 field, though, as we have a portal page that authenticates a dozen different things through the same user. Being able to say "this is this database" through that would be nice ;)

Pushed the following to the working branch:

commit 5f38884f0e9213c8830cfd9306775580c0a7c473
Author: Bill Erickson <email address hidden>
Date: Tue Feb 28 14:28:14 2012 -0500

    User Activity : SIP activity tracking

    1. Log user activity for all patron-related SIP actions, regardless of
    whether the SIP server verifies the user password.

    2. Determine the "ewho" (i.e. 3rd-party) value from configuration. Each
    SIP login <account> can now specify its own "activity_who" value.
    Additionally, a fall-through <activity_who> element can be added to the
    institution config.

----------

I also left a slot in the code where the activity_who value from the proposed SIP extension would be checked.

Force-pushed some minor cleanup (test logs)

Rebased and force-pushed to resolve conflicts with master.

Pushed bug fix:

    User activity : only delete transient activity for user/type

    Repairs a bug spotted by Thomas Berezansky where the addition of a new
    activity for a transient type would delete all existing activity
    entries.

Yay, it works and doesn't empty tables for no good reason anymore! Pushed!