Gave the base login code the ability to find username/password from a

cookie.  for security reasons, we don't put login data into cookies, but if the
login info is available to us in that format already (say, via external means), we'll
use it.  This can be useful for persistent logins (e.g. self-check) or
automatic logins (pushing cookie data out to workstations)

Minor cleanup of the login code to make it more re-use friendly.

Added self-check support for verifying the staff login before each patron
login.

git-svn-id: svn://svn.open-ils.org/ILS/trunk@17176 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/web/js/ui/base.js b/Open-ILS/web/js/ui/base.js
index ba4652b..b49b1e3 100644 (file)
--- a/Open-ILS/web/js/ui/base.js
+++ b/Open-ILS/web/js/ui/base.js
@@ -8,38 +8,87 @@ dojo.require('openils.Event');
 dojo.require('openils.Util');
 dojo.require('openils.XUL');
 
+var cgi = new openils.CGI();
+
 function oilsSetupUser() {
-    var cgi = new openils.CGI();
     var authtoken = cgi.param('ses') || dojo.cookie('ses');
     var workstation = cgi.param('ws') || dojo.cookie('ws');
     var user;
-    if(authtoken) user = new openils.User({authtoken:authtoken});
+
+    openils.User.user = null;
+    openils.User.authtoken = null;
+    openils.User.workstation = null;
+
+    if(authtoken) {
+        user = new openils.User();
+        delete user.sessionCache[authtoken];
+        user.authtoken = authtoken;
+        user.user = user.getBySession();
+    }
+
     if(!authtoken || openils.Event.parse(user.user)) {
-        dojo.cookie('ses', openils.User.authtoken, {expires:-1, path:'/'}); // remove the cookie
-        openils.User.authtoken = null;
-        dojo.addOnLoad(function(){
-            if(openils.XUL.isXUL()) {
-                // let XUL handle the login dialog
-                openils.XUL.getNewSession( function() { location.href = location.href } );
-            } else {
-                // in web-only mode, use the dojo login dialog
-                oilsLoginDialog.show(); 
-                var func = function(){ oilsDoLogin(); };
-                openils.Util.registerEnterHandler(dojo.byId('oils-login-username'), func);
-                openils.Util.registerEnterHandler(dojo.byId('oils-login-password'), func);
-                dojo.byId('oils-login-workstation').innerHTML = workstation || '';
-            }
-        });
-        return;
+
+        authtoken = oilsLoginFromCookies();
+
+        if(!authtoken) {
+
+            dojo.cookie('ses', openils.User.authtoken, {expires:-1, path:'/'}); // remove the cookie
+            dojo.cookie('ses', openils.User.authtoken, {expires:-1, path:oilsBasePath}); // remove the cookie
+
+            dojo.addOnLoad(function(){
+                if(openils.XUL.isXUL()) {
+                    // let XUL handle the login dialog
+                    openils.XUL.getNewSession( function() { location.href = location.href } );
+                } else {
+                    // in web-only mode, use the dojo login dialog
+                    oilsLoginDialog.show(); 
+                    var func = function(){ oilsDoLogin(); };
+                    openils.Util.registerEnterHandler(dojo.byId('oils-login-username'), func);
+                    openils.Util.registerEnterHandler(dojo.byId('oils-login-password'), func);
+                    dojo.byId('oils-login-workstation').innerHTML = workstation || '';
+                }
+            });
+            return null;
+        }
     }
-    dojo.cookie('ses', authtoken, {path:'/'});
+
+    dojo.cookie('ses', authtoken, {path:oilsBasePath});
     openils.User.authtoken = authtoken;
     openils.User.workstation = workstation;
+    return authtoken;
+}
+
+// pulls username / password and optional workstation from cgi params or cookies
+function oilsLoginFromCookies() {
+
+    var username = cgi.param('username') || dojo.cookie('username');
+    var password = cgi.param('password') || dojo.cookie('password');
+    var workstation = cgi.param('ws') || dojo.cookie('ws');
+
+    if(username && password) {
+
+        var user = new openils.User();
+        var args = {
+            username : username,
+            passwd : password,
+            type : 'staff'
+        };
+
+        if(workstation) 
+            args.workstation = workstation;
+
+        if(user.login(args)) {
+            // fetches the login session and sets the global vars
+            user = new openils.User({authtoken : user.authtoken});
+            return (user && !openils.Event.parse(user.user)) ? user.authtoken : null;
+        } 
+    }
+
+    return null;
 }
 
 function oilsDoLogin() {
     openils.Util.hide('oils-login-failed');
-    var cgi = new openils.CGI();
     var workstation = cgi.param('ws') || dojo.cookie('ws');
     var user = new openils.User();
     var args = {

diff --git a/Open-ILS/web/js/ui/default/circ/selfcheck/selfcheck.js b/Open-ILS/web/js/ui/default/circ/selfcheck/selfcheck.js
index 8ae7186..ec4ee8c 100644 (file)
--- a/Open-ILS/web/js/ui/default/circ/selfcheck/selfcheck.js
+++ b/Open-ILS/web/js/ui/default/circ/selfcheck/selfcheck.js
@@ -1,4 +1,5 @@
 dojo.require('dojo.date.locale');
+dojo.require('dojo.cookie');
 dojo.require('dojo.date.stamp');
 dojo.require('dijit.form.CheckBox');
 dojo.require('dijit.form.NumberSpinner');
@@ -9,6 +10,7 @@ dojo.require('openils.Event');
 dojo.require('openils.widget.ProgressDialog');
 dojo.require('openils.widget.OrgUnitFilteringSelect');
 
+
 dojo.requireLocalization('openils.circ', 'selfcheck');
 var localeStrings = dojo.i18n.getLocalization('openils.circ', 'selfcheck');
 
@@ -74,6 +76,14 @@ function SelfCheckManager() {
     this.initPrinter();
 }
 
+SelfCheckManager.prototype.setupStaffLogin = function(verify) {
+
+    if(verify) oilsSetupUser(); 
+    this.staff = openils.User.user;
+    this.workstation = openils.User.workstation;
+    this.authtoken = openils.User.authtoken;
+}
+
 
 
 /**
@@ -81,9 +91,7 @@ function SelfCheckManager() {
  */
 SelfCheckManager.prototype.init = function() {
 
-    this.staff = openils.User.user;
-    this.workstation = openils.User.workstation;
-    this.authtoken = openils.User.authtoken;
+    this.setupStaffLogin();
     this.loadOrgSettings();
 
     this.circTbody = dojo.byId('oils-selfck-circ-tbody');
@@ -298,6 +306,8 @@ SelfCheckManager.prototype.drawLoginPage = function() {
  */
 SelfCheckManager.prototype.loginPatron = function(barcode, passwd) {
 
+    this.setupStaffLogin(true); // verify still valid
+
     if(this.orgSettings[SET_PATRON_PASSWORD_REQUIRED]) {
         
         if(!passwd) {