SIP login nonce

Since multiple SIP clients may use the same credentials, avoid the
same-username race condition to authentication by applying a login nonce
value.

Signed-off-by: Bill Erickson <berick@esilibrary.com>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
index 46e9290..8098d84 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
@@ -227,9 +227,10 @@ sub login {
     my( $self, $username, $password ) = @_;
     syslog('LOG_DEBUG', "OILS: Logging in with username $username");
 
+    my $nonce = rand($$);
     my $seed = $U->simplereq( 
         'open-ils.auth',
-        'open-ils.auth.authenticate.init', $username );
+        'open-ils.auth.authenticate.init', $username, $nonce );
 
     my $response = $U->simplereq(
         'open-ils.auth', 
@@ -238,6 +239,7 @@ sub login {
             username => $username, 
             password => md5_hex($seed . md5_hex($password)), 
             type     => 'opac',
+            nonce    => $nonce
         }
     );