This module allows a user with the "masterkey" password to login as
any other user in the system, similar to root-level "su" in Unix.
USE THIS CODE AND MODULE AT YOUR OWN RISK.
To set up:
- In opensrf.xml, set auth_proxy <enabled> to 'true' (if not already)
- In same file, uncomment the configuration section for MasterKey
within the auth_proxy configuration area
- Set the <masterkey> to some super-secret value
This has been tested with OPAC logins, but should work with any logins
supported by AuthProxy.pm (e.g. staff logins should work, but may have
developed some bugs since last tested).
Signed-off-by: Dan Wells <dbw2@calvin.edu>
</org_units>
</authenticator>
-->
+ <!-- the following is a sample configuration for the MasterKey module; FOR TESTING ONLY, USE AT YOUR OWN RISK; please do not use the default password (in <masterkey> tag below) on a private server with outside access! -->
+ <!--
+ <authenticator>
+ <name>masterkey</name>
+ <module>OpenILS::Application::AuthProxy::MasterKey</module>
+ <masterkey>whenILeftYouIWasButTheLearner</masterkey>
+ <login_types>
+ <type>staff</type>
+ <type>opac</type>
+ <type>persist</type>
+ </login_types>
+ </authenticator>
+ -->
<!-- 'native' is a proxied version of Evergreen's standard authentication -->
<authenticator>
<name>native</name>
--- /dev/null
+package OpenILS::Application::AuthProxy::MasterKey;
+use strict;
+use warnings;
+use base 'OpenILS::Application::AuthProxy::AuthBase';
+use OpenILS::Event;
+
+my $logger = $OpenILS::Application::AuthProxy::AuthBase::logger;
+
+sub authenticate {
+ my ( $self, $args ) = @_;
+ my $password = $args->{'password'};
+
+ if (!$password) {
+ $logger->debug("User login failed: No password provided");
+ return OpenILS::Event->new( 'LOGIN_FAILED' );
+ }
+
+ if ($password eq $self->{'masterkey'}) {
+ return OpenILS::Event->new('SUCCESS');
+ } else {
+ $logger->debug("User login failed: User does not possess the master key");
+ return OpenILS::Event->new( 'LOGIN_FAILED' );
+ }
+}
+
+1;
projects / working / Evergreen.git / commitdiff