LP#1526558: WIP - teach SIP how to use auth_proxy

Now works for both terminal users and verifying
patron passwords, although the former use-case
is probably unnecessary.  It may be desirable to
teach open-ils.auth_proxy how to *only* request
authentication, and not also establish a session.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index eb875b1..b7620b1 100644 (file)
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -549,6 +549,7 @@ vim:et:ts=4:sw=4:
                             <login_types>
                                 <type>staff</type>
                                 <type>opac</type>
+                                <type>sip</type>
                                 <type>persist</type>
                             </login_types>
                             <org_units>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
index 500efa2..1121bb4 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
@@ -196,30 +196,51 @@ sub login {
         return $self->{authtoken} if ($self->fetch_session); # fetch the session
     }
 
-    my $nonce = rand($$);
+    my $auth_proxy_enabled = 0;
+    eval {
+        $auth_proxy_enabled = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.enabled'
+        );
+    };
+
+    my $response;
+    if ($auth_proxy_enabled) {
+        $response = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.login',
+            {
+                username => $username,
+                password => $password,
+                type     => 'sip',
+            }
+        );
+    } else {
+        my $nonce = rand($$);
+
+        my $seed = $U->simplereq(
+            'open-ils.auth',
+            'open-ils.auth.authenticate.init', $username, $nonce );
+
+        my $opts =
+            {
+                username => $username,
+                password => md5_hex($seed . md5_hex($password)),
+                type     => 'opac',
+                nonce    => $nonce
+            };
+
+        if ($self->{login}->{location}) {
+            $opts->{workstation} = $self->{login}->{location};
+        }
 
-    my $seed = $U->simplereq(
-        'open-ils.auth',
-        'open-ils.auth.authenticate.init', $username, $nonce );
-
-    my $opts =
-        {
-            username => $username,
-            password => md5_hex($seed . md5_hex($password)),
-            type     => 'opac',
-            nonce    => $nonce
-        };
-
-    if ($self->{login}->{location}) {
-        $opts->{workstation} = $self->{login}->{location};
+        $response = $U->simplereq(
+            'open-ils.auth',
+            'open-ils.auth.authenticate.complete',
+            $opts
+        );
     }
 
-    my $response = $U->simplereq(
-        'open-ils.auth',
-        'open-ils.auth.authenticate.complete',
-        $opts
-    );
-
     if( my $code = $U->event_code($response) ) {
         my $txt = $response->{textcode};
         syslog('LOG_WARNING', "OILS: Login failed for $username.  $txt:$code");

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
index 16cff51..a0df596 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
@@ -434,8 +434,42 @@ sub check_password {
     my ($self, $pwd) = @_;
     syslog('LOG_DEBUG', 'OILS: Patron->check_password()');
     return 0 unless (defined $pwd and $self->{user});
-    return $U->verify_migrated_user_password(
-        $self->{editor},$self->{user}->id, $pwd);
+
+    my $auth_proxy_enabled = 0;
+    eval {
+        $auth_proxy_enabled = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.enabled'
+        );
+    };
+
+    if ($auth_proxy_enabled) {
+        my $response = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.login',
+            {
+                username => $self->{user}->usrname,
+                password => $pwd,
+                type     => 'sip',
+            }
+        );
+        if ($U->event_code($response)) {
+            return 0;
+        } else {
+            # don't leave an extra session hanging around
+            # for this user
+            my $ses = $response->{payload}->{authtoken};
+            $U->simplereq(
+                'open-ils.auth',
+                'open-ils.auth.session.delete',
+                $ses
+            );
+            return 1;
+        }
+    } else {
+        return $U->verify_migrated_user_password(
+            $self->{editor},$self->{user}->id, $pwd);
+    }
 }
 
 sub currency {