LP#1384740 MARC stream (etc) use auth nonce

Add an authentication nonce to the shared oils_header.pl file to avoid
too-many-logins by a single username causing login rejections.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/Open-ILS/src/support-scripts/oils_header.pl b/Open-ILS/src/support-scripts/oils_header.pl
index 6dc6be6..d0a1870 100755 (executable)
--- a/Open-ILS/src/support-scripts/oils_header.pl
+++ b/Open-ILS/src/support-scripts/oils_header.pl
@@ -155,15 +155,16 @@ sub oils_login {
 
        $type |= "staff";
 
+       my $nonce = rand($$);
        my $seed = $apputils->simplereq( $AUTH, 
-               'open-ils.auth.authenticate.init', $username );
+               'open-ils.auth.authenticate.init', $username, $nonce);
        err("No auth seed") unless $seed;
 
        my $response = $apputils->simplereq( $AUTH, 
                'open-ils.auth.authenticate.complete', 
                {       username => $username, 
                        password => md5_hex($seed . md5_hex($password)), 
-                       type => $type });
+                       type => $type, nonce => $nonce });
 
        err("No auth response returned on login") unless $response;