pkp/plagiarism#52 iThenticate API update and plugin update

[touhidurabir]

for #52 . The PR has following updates :

1. update of iThenticate API to latest version
2. EUAL confirmation process
3. New credentials added
4. Removal of previous API library and introduced new custom service class for API communication
5. Removal of composer dependency
6. Presenting the possible proper EULA as submission checklist
7. stamping of EULA to submission and submitter
8. verification of user provided ithenticate service access(API URL/KEY) before storing.
9. context wise EULA caching to avoid continuous data polling form API service .
10. allow iThenticate retry, polling, similarity score presentation for each file, refreshing similarity scores and launch similarity viewer .
11. Config to manage auto upload which allow iThenticate auto upload at submission time or later upload manually
12. Compatible with OPS

Following Issues get resolved by this PR

1. Send submissions to iThenticate at later stage #4
2. Add iThenticate plugin support for OPS #55
3. PNG in supplemental files causes entire submission process to hang when plugin activated #48
4. New Submissions Confirmation is Failed #46
5. Cleanup error handling #23
6. Enabling the plugin impossible if settings are present in config file when plugin is first installed #49

[asmecher]

Some early comments -- I'll have a look at the schema extension issue next week.

[asmecher]

A few more changes -- I'll review these with you shortly!

[asmecher]

(spaces in with tabs)

[asmecher]

We probably shouldn't leave this in the distribution version of the plugin, as it's debugging/dev code. But if we did, it should be prefixed with something to indicate more about what this is, e.g. "PKP Plagiarism plugin".

[touhidurabir]

we will eventually implement some functionality through webhook but probably not for stable-3.3.0 .

[touhidurabir]

we initially planed not to use the webhook for 3.3.0-x but we have to as without webhook, we can not initiate the similarity report generation process .

[asmecher]

A bunch more minor comments; I've mentioned a few of these before (mixed spacing/tabs and variants of EULA), so please double-check to make sure it's all cleaned up for the next round. Thanks!

[asmecher]

*scheme

[asmecher]

*confirm

[asmecher]

the the

[asmecher]

Should we be using our internal IDs for owner and submitter? We use email addresses as unique account identifiers in OJS; maybe those would be more appropriate for users; we can't always count on having those for authors, though.

If this is something we can use for our own arbitrary purposes, it might be worth adding some kind of namespacing to avoid confusion -- e.g. author/54 and user/54 rather than just the numeric 54. It'll be easy to forget where we're using Users and where we're using Authors and the IDs aren't comparable. If iThenticate ever does a comparison between them for e.g. permission purposes, it'll mistakenly conclude that they're the same.

[touhidurabir]

email addresses as unique account identifiers in OJS; maybe those would be more appropriate for users; we can't always count on having those for authors, though

That was my initial approach also but because an author may not have an email address and author/owner details is required, we could not use email

If this is something we can use for our own arbitrary purposes

Not actually . According to TAC developer doc, submission author/owner unique system identifier is required . The submitter information is optional but in that case owner/author must accept/confirm EULA . As in our case, the author/owner and submitter can be different and it's the submitter who confirms the EULA, we also need to pass it .

it might be worth adding some kind of namespacing to avoid confusion -- e.g. author/54 and user/54

I think that a good idea and will do it .

[asmecher]

Where we're building parameters into URL strings, we should probably be using rawurlencode (here and elsewhere).

[touhidurabir]

Not a bad idea but then rather than using the rawurlencode directly we should let the Guzzel handle it by returning an instance of \GuzzleHttp\Psr7\Uri .

[asmecher]

Should be eulaDetails (here and below)

[asmecher]

Should be Eula, not Eual.

[asmecher]

Checks should be added in the form constructor, not the call to validate.

[touhidurabir]

As we need to init the ithenticate service to test the given creds, using the getData in constructor does not work and pass null . well fixed it using $request->getUserVar and moved it to constructor .

[asmecher]

Should be iThenticate EULA, not Plagiarism EULA, I think

[asmecher]

Should be iThenticate, not IThenticate

[touhidurabir]

@asmecher ready for next review round . forced to have the vital implementation in webhook handler as no other way . Also as we get submission id from ithenticate for each submission file , moved some the association to submission file setting .

[asmecher]

Another issue to resolve: Try editing config.inc.php and setting Installed to Off. This will cause the installation to give an error:

PHP Fatal error:  Uncaught Error: Undefined constant "SCHEMA_SUBMISSION" in /home/asmecher/git/ojs-stable-3_3_0/plugins/generic/plagiarism/PlagiarismPlugin.inc.php:95

...rather than sending the user to the installation form.

[touhidurabir]

Another issue to resolve: Try editing config.inc.php and setting Installed to Off. This will cause the installation to give an error:

PHP Fatal error:  Uncaught Error: Undefined constant "SCHEMA_SUBMISSION" in /home/asmecher/git/ojs-stable-3_3_0/plugins/generic/plagiarism/PlagiarismPlugin.inc.php:95

...rather than sending the user to the installation form.

@asmecher please the commit touhidurabir@6042142 . This resolve the above issue along with #49 but updated the behaviour a bit as follow

1. Admin must set the ithenticate to On in config.inc.php file to enable the service/plugin globally .
2. Admin/Journal Manager enable the plugin from plugin gallery for the given context and once it's done, the enable/disable checkbox will grey out . This also resolve issue Enabling the plugin impossible if settings are present in config file when plugin is first installed #49 .

However I still think there is room for more improvement . With our current implementation, it is impossible to disable the plugin once enabled without globally disable it by setting ithenticate to Off in config.inc.php file . This is ok for a single context based installation but does not seems flexible for a multi context based installation .

For example , in a multi context based installation, may be the JM/Admin want to disable it for one specific context for some reason but no way to do it . My proposal is to remove the plugin based implementation of getCanEnable and getCanDisable so that JM/Admin can anytime disable/enable the plugin for a given context . And if needed to disable it globally , they still has the option to do it from config.inc.php file by setting the ithenticate to Off . what you say ?