LP#1815229: add auth_proxy bail_on_fail option

If bail_on_fail is enabled in authenticator config, auth_proxy will bail
out if auth fails for that authenticator, instead of falling through to
the next one.

Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop>

diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example
index 156562b..5f0f95f 100644 (file)
--- a/Open-ILS/examples/opensrf.xml.example
+++ b/Open-ILS/examples/opensrf.xml.example
@@ -554,6 +554,7 @@ vim:et:ts=4:sw=4:
                                 <unit>103</unit>
                                 <unit>104</unit>
                             </org_units>
+                            <bail_on_fail>false</bail_on_fail>
                         </authenticator>
                         -->
                         <!-- 'native' is a proxied version of Evergreen's standard authentication -->

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
index 1f7832c..fe6560e 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
@@ -221,6 +221,9 @@ sub login {
             next unless grep(/^(all|$args->{'org'})$/, @{$authenticator->{'org_units'}});
         }
 
+        # Do we keep trying other authenticators if this one fails?
+        my $bail_on_fail = $authenticator->{bail_on_fail};
+
         my $event;
         # treat native specially
         if ($authenticator->name eq 'native') {
@@ -231,6 +234,7 @@ sub login {
         my $code = $U->event_code($event);
         if ($code) {
             push @error_events, $event;
+            last if ($bail_on_fail and $bail_on_fail =~ /^t/i);
         } elsif (defined $code) { # code is '0', i.e. SUCCESS
             if (exists $event->{'payload'}) { # we have a complete native login
                 return $event;