Remove commented out code and todo list items

- the code and ancient todo list reference X.509 so came up in
  my grep-ing.

htdocs/web_portal/components/Get_User_Principle.php

@@ -243,77 +243,4 @@ function redirectUserToDiscoveryPage()
     die();
 }
 
-
-
-/*function Get_User_Principle_back()
-{
-    // Return hard wired user's principle string (DN) e.g. for testing
-    // =======================================================
-    //return '/C=UK/O=eScience/OU=CLRC/L=DL/CN=david meredith';
-
-    // Check if an authentication token has been set in the SecurityContext class
-    // by higher level code, eg Symfony Security which provides a Firewall component
-    // may have been used to intercept the HTTP request and authenticate the
-    // user (using whatever auth scheme was configured in the Firewall). A
-    // Symfony controller can then subsequently set the token in the SecurityContext
-    // before invoking the GOCDB code.
-    // =======================================================
-    require_once __DIR__.'/../../../lib/Gocdb_Services/SecurityContextSource.php';
-    if(\SecurityContextSource::getContext() != null){
-       $token = \SecurityContextSource::getContext()->getToken();
-       return str_replace("emailAddress=", "Email=", $token->getUser()->getUserName());
-    }
-
-    // ================Use x509 Authentication=======================
-    //if(!isset($_SERVER['SSL_CLIENT_CERT']))
-    //	return "";
-    //$Raw_Client_Certificate = $_SERVER['SSL_CLIENT_CERT'];
-    //$Plain_Client_Cerfificate = openssl_x509_parse($Raw_Client_Certificate);
-    //$User_DN = $Plain_Client_Cerfificate['name'];
-    // harmonise display of the "email" field that can be different depending on
-    // used version of SSL
-    //$User_DN = str_replace("emailAddress=", "Email=", $User_DN);
-    //return $User_DN;
-    if (isset($_SERVER['SSL_CLIENT_CERT'])) {
-        $Raw_Client_Certificate = $_SERVER['SSL_CLIENT_CERT'];
-        if (isset($Raw_Client_Certificate)) {
-            $Plain_Client_Cerfificate = openssl_x509_parse($Raw_Client_Certificate);
-            $User_DN = $Plain_Client_Cerfificate['name'];
-            if (isset($User_DN)) {
-                // harmonise "email" field that can be different depending on version of SSL
-                $dn = str_replace("emailAddress=", "Email=", $User_DN);
-                if ($dn != null && $dn != '') {
-                    return $dn;
-                }
-            }
-        }
-    }
-
-
-    // Fall back to try saml authentication (simplesaml)
-    // =======================================================
-    if(false){ // disable by default - to use saml requires install of simplesamlphp and config below
-        require_once('/var/simplesamlphp/lib/_autoload.php');
-        $as = new SimpleSAML_Auth_Simple('default-sp');
-        $as->requireAuth();
-        \Factory::$properties['LOGOUTURL'] = $as->getLogoutURL('https://gocdb-test.esc.rl.ac.uk');
-        $attributes = $as->getAttributes();
-        if(!empty($attributes)){
-            //return $attributes['eduPersonPrincipalName'][0];
-            $dnAttribute = $attributes['urn:oid:1.3.6.1.4.1.11433.2.2.1.9'][0];
-            if(!empty($dnAttribute)){
-                return str_replace("emailAddress=", "Email=", $dnAttribute);
-            } else {
-                die('Did not retrieve a valid certificate DN from identify provider - your SSO '
-                        . 'account needs to be associated with a certificate to login via this route');
-            }
-        }
-    }
-
-    // Couldn't authetnicate the user, so finally return null
-    return null;
-}*/
-
-
-
 ?>

lib/Authentication/AuthTokens/X509AuthenticationToken.php

@@ -21,10 +21,6 @@ class X509AuthenticationToken implements IAuthentication {
     //private $logger;
 
     public function __construct() {
-        // create logger
-        //$this->logger = new Logger('X509AuthenticationTokenLogger');
-        //$this->logger->pushHandler(new StreamHandler(__DIR__.'/../../../gocdb.log', Logger::DEBUG));
-
         $this->initialDN = $this->getDN();
         $this->userDetails = array('AuthenticationRealm' => array('X.509'));
     }

todo.md

@@ -62,23 +62,6 @@
 
 ## Maybe Todo 
 * Add LoA attribute to AuthToken details  
-* Support account linking where a user would need to authenticate multiple times using the different 
-  AAI supported methods in order to link those identities to a single (possibly existing) account:
-  * Update DB schema so that a user account has one-to-many identities rather than a single ID 
-  * Record additional information about which login-route/security-realm is associated with each ID 
-  * Modify the authentication lib so that the authentication-context can handle 
-a collection of AuthTokens rather than a single AuthToken during the same HTTP session 
-  * Enable linking a new/unregistered ID to an existing account: On registering, 
-provide an option to allow the new ID to be associated with an existing account 
-rather than creating a new/separate account. 
-  * Link two existing accounts together: Provide interface to allow joining/merging 
-two existing accounts (will need to merge existing roles, remove duplicate roles etc) 
-  * To perform either of these account linking scenarios, user will be required to 
-authenticate for all the authentication-mechanisms during the same HTTP session 
-(e.g. authenticate with x509, then re-authenticate via IdP). Only after successfully 
-authenticating with the multiple login mechanisms, should they be able to link those accounts together. 
-  * Or use Unity / Perun to do the account linking for us? 
-
 * Add filtering of resources by 'project' ?  
 * Add 'project' URL param to PI get_project, get_site, get_service, get_downtime ? 
 * Introduce READ action for roles? - currently, once a user is authenticated, all info can