LP#1526558: WIP - teach SIP how to use auth_proxy

Now works for both terminal users and verifying
patron passwords, although the former use-case
is probably unnecessary.  It may be desirable to
teach open-ils.auth_proxy how to *only* request
authentication, and not also establish a session.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index 3b47481..f8b802a 100644 (file)
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -475,6 +475,7 @@ vim:et:ts=4:sw=4:
                             <login_types>
                                 <type>staff</type>
                                 <type>opac</type>
+                                <type>sip</type>
                                 <type>persist</type>
                             </login_types>
                             <org_units>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
index bd11e19..33d5558 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm
@@ -233,21 +233,42 @@ sub login {
         return $self->{authtoken} if ($self->fetch_session); # fetch the session
     }
 
-    my $nonce = rand($$);
-    my $seed = $U->simplereq( 
-        'open-ils.auth',
-        'open-ils.auth.authenticate.init', $username, $nonce );
-
-    my $response = $U->simplereq(
-        'open-ils.auth', 
-        'open-ils.auth.authenticate.complete', 
-        {    
-            username => $username, 
-            password => md5_hex($seed . md5_hex($password)), 
-            type     => 'opac',
-            nonce    => $nonce
-        }
-    );
+    my $auth_proxy_enabled = 0;
+    eval {
+        $auth_proxy_enabled = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.enabled'
+        );
+    };
+
+    my $response;
+    if ($auth_proxy_enabled) {
+        $response = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.login',
+            {
+                username => $username,
+                password => $password,
+                type     => 'sip',
+            }
+        );
+    } else {
+        my $nonce = rand($$);
+        my $seed = $U->simplereq( 
+            'open-ils.auth',
+            'open-ils.auth.authenticate.init', $username, $nonce );
+    
+        $response = $U->simplereq(
+            'open-ils.auth', 
+            'open-ils.auth.authenticate.complete', 
+            {    
+                username => $username, 
+                password => md5_hex($seed . md5_hex($password)), 
+                type     => 'opac',
+                nonce    => $nonce
+            }
+        );
+    }
 
     if( my $code = $U->event_code($response) ) {
         my $txt = $response->{textcode};

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
index ac4f05c..1824b50 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm
@@ -350,7 +350,41 @@ sub check_password {
     my ($self, $pwd) = @_;
     syslog('LOG_DEBUG', 'OILS: Patron->check_password()');
     return 0 unless (defined $pwd and $self->{user});
-    return md5_hex($pwd) eq $self->{user}->passwd;
+
+    my $auth_proxy_enabled = 0;
+    eval {
+        $auth_proxy_enabled = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.enabled'
+        );
+    };
+
+    if ($auth_proxy_enabled) {
+        my $response = $U->simplereq(
+            'open-ils.auth_proxy',
+            'open-ils.auth_proxy.login',
+            {
+                username => $self->{user}->usrname,
+                password => $pwd,
+                type     => 'sip',
+            }
+        );
+        if ($U->event_code($response)) {
+            return 0;
+        } else {
+            # don't leave an extra session hanging around
+            # for this user
+            my $ses = $response->{payload}->{authtoken};
+            $U->simplereq(
+                'open-ils.auth',
+                'open-ils.auth.session.delete',
+                $ses
+            );
+            return 1;
+        }
+    } else {
+        return md5_hex($pwd) eq $self->{user}->passwd;
+    }
 }
 
 sub currency {              # not really implemented