LP#
1710949 open-ils.auth.login API
Adds a new open-ils.auth API call 'open-ils.auth.login' which performs
the combined steps of open-ils.auth.authenticate.init and
open-ils.auth.authenticate.complete so the caller only need call one API
to login.
API params are consistent with open-ils.auth.authenticate.complete with
2 notable excpetions. The API uses the bare password instead of the
hashed password, so the caller also need not perform the extra hashing
steps. Also, no 'nonce' parameter is used as it's no longer needed,
because there is no intermediate authentication cache object as with
.init.
Response data is consistent with open-ils.auth.authenticate.complete.
Example:
srfsh# request open-ils.auth open-ils.auth.login {"username":"admin","password":"fakepassword"}
Other changes in the new code:
1. Using the generic "identifier" parameter in combination with the
"org" parameter allows the API to reliably determine if a value
is a username or barcode.
2. Once a caller has reached the configured maximum number of login
failures, no further attempts to track failures occurs, based on the
idea that no additional cpu/network cycles should be used on a lost
cause.
3. A failure count object is only added to memcache when failures
occur, unlike open-ils.auth.authenticate.init which creates a
failure tracking object for every login.
4. The code avoids use of the jsonParseFmt() and va_list_to_string()
functions as these functions require extra data cleansing.
Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
projects / evergreen / pines.git / commit