From: Jason Boyer Date: Fri, 30 Sep 2022 20:28:51 +0000 (-0400) Subject: LP 1917083: Add SSO support to BPAC X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=1e5051f93ea042d329c04e811c75a5a8aadb1a83;p=working%2FEvergreen.git LP 1917083: Add SSO support to BPAC Support SSO login on the login modal and main login page and simplify sso_org handling a little in EGCatLoader. Signed-off-by: Jason Boyer Signed-off-by: Jeff Davis --- diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm index fab9dd6a6e..8e0ff4e472 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm @@ -305,7 +305,7 @@ sub redirect_ssl { sub redirect_auth { my $self = shift; - my $sso_org = $ENV{sso_loc} || $self->get_physical_loc || $self->_get_search_lib(); + my $sso_org = $self->ctx->{sso_org}; my $sso_enabled = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.enable'); my $sso_native = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.allow_native'); @@ -322,6 +322,7 @@ sub redirect_auth { # ----------------------------------------------------------------------------- sub load_simple { my ($self, $page) = @_; + $self->ctx->{page} = $page; $self->ctx->{search_ou} = $self->_get_search_lib(); @@ -476,6 +477,8 @@ sub load_common { $ctx->{course_ou} = int($self->cgi->param('locg')) || $self->ctx->{physical_loc} || $self->ctx->{aou_tree}->()->id; $ctx->{use_courses} = $ctx->{get_org_setting}->($ctx->{course_ou}, 'circ.course_materials_opt_in') ? 1 : 0; + $ctx->{sso_org} = $ENV{sso_loc} || $ctx->{physical_loc} || $ctx->{search_ou}; + return Apache2::Const::OK; } @@ -553,8 +556,8 @@ sub load_login { $self->timelog("Load login begins"); - my $sso_org = $ENV{sso_loc} || $self->get_physical_loc || $self->_get_search_lib(); - $ctx->{sso_org} = $sso_org; + my $sso_org = $ctx->{sso_org}; + my $sso_enabled = $ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.enable'); my $sso_native = $ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.allow_native'); my $sso_eg_match = $ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.evergreen_matchpoint') || 'usrname'; @@ -569,12 +572,12 @@ sub load_login { my $persist = $cgi->param('persist'); my $client_tz = $cgi->param('client_tz'); - my $sso_user_match_value; + my $sso_user_match_value = $ENV{$sso_shib_match}; my $response; my $sso_logged_in; $self->timelog("SSO is enabled") if ($sso_enabled); if ($sso_enabled - and $sso_user_match_value = $ENV{$sso_shib_match} + and $sso_user_match_value and (!$self->cgi->cookie(COOKIE_SHIB_LOGGEDOUT) or $self->{_ignore_shib_logged_out_cookie}) ) { # we have a shib session, and have not cleared a previous shib-login cookie $self->{_ignore_shib_logged_out_cookie} = 0; # only set by an intermediate call that internally redirected here @@ -727,10 +730,11 @@ sub load_manual_shib_login { my $self = shift; my $redirect_to = shift || $self->cgi->param('redirect_to'); - my $sso_org = $ENV{sso_loc} || $self->get_physical_loc || $self->_get_search_lib(); + my $sso_org = $ctx->{sso_org}; my $sso_entity_id = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.entityId'); my $sso_shib_match = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.shib_matchpoint') || 'uid'; + if ($ENV{$sso_shib_match}) { $self->{_ignore_shib_logged_out_cookie} = 1; return $self->load_login; @@ -762,8 +766,8 @@ sub load_logout { || $self->ctx->{home_page}; my $active_logout = $self->cgi->param('active_logout'); - my $sso_org = $ENV{sso_loc} || $self->get_physical_loc || $self->_get_search_lib(); - $self->ctx->{sso_org} = $sso_org; + my $sso_org = $self->ctx->{sso_org}; + my $sso_enabled = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.enable'); my $sso_entity_id = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.entityId'); my $sso_logout = $self->ctx->{get_org_setting}->($sso_org, 'opac.login.shib_sso.logout'); diff --git a/Open-ILS/src/templates-bootstrap/opac/parts/login/form.tt2 b/Open-ILS/src/templates-bootstrap/opac/parts/login/form.tt2 index fcd8d87640..259f00abbe 100755 --- a/Open-ILS/src/templates-bootstrap/opac/parts/login/form.tt2 +++ b/Open-ILS/src/templates-bootstrap/opac/parts/login/form.tt2 @@ -1,9 +1,35 @@ +[% + + redirect = CGI.param('redirect_to'); + # Don't use referer unless we got here from elsewhere within the TPAC + IF !redirect AND ctx.referer.match('^https?://' _ ctx.hostname _ ctx.opac_root); + redirect = ctx.referer; + END; + # If no redirect is offered or it's leading us back to the + # login form, redirect the user to My Account + IF !redirect OR redirect.match(ctx.path_info _ '$'); + redirect = CGI.url('-full' => 1) _ '/opac/myopac/main'; + END; + redirect = redirect | replace('^http:', 'https:'); + sso_enabled = ctx.get_org_setting(ctx.sso_org, 'opac.login.shib_sso.enable'); + sso_native = ctx.get_org_setting(ctx.sso_org, 'opac.login.shib_sso.allow_native'); +%]
-

[% l('Log in to Your Account') %]

-
+

[% l('Login to Your Account') %]

+
+ + [% IF sso_enabled %] + [% final_redirect = redirect | html %] +
+ + [%- IF sso_native; l(' or use the form below.'); END -%] +
+
+ [% END %] +
[%# INCLUDE "opac/parts/login/help.tt2" %]
[% IF ctx.login_failed_event %]
@@ -19,73 +45,25 @@ %]
[% END %] + -
-
-
- -
-
- -
-
-
-
- -
-
- -
+[% INCLUDE "opac/parts/login/login_fields.tt2" %] +
+
+ +
-
-
- [% IF ctx.get_org_setting ( - ctx.physical_org || ctx.aou_tree.id, 'opac.allow_pending_user') %] - [% l('Request A Card') %] - [% END %] -
-
- [% IF reset_password == 'true' %] - [% l('Forgot Your Password?') %] - [% END %] -
-
-
-
- - -
-
- -
+
+
- [% - redirect = CGI.param('redirect_to'); - # Don't use referer unless we got here from elsewhere within the TPAC - IF !redirect AND ctx.referer.match('^https?://' _ ctx.hostname _ ctx.opac_root); - redirect = ctx.referer; - END; - # If no redirect is offered or it's leading us back to the - # login form, redirect the user to My Account - IF !redirect OR redirect.match(ctx.path_info _ '$'); - redirect = CGI.url('-full' => 1) _ '/opac/myopac/main'; - END; - redirect = redirect | replace('^http:', 'https:'); - %] -
- diff --git a/Open-ILS/src/templates-bootstrap/opac/parts/login/login_fields.tt2 b/Open-ILS/src/templates-bootstrap/opac/parts/login/login_fields.tt2 new file mode 100644 index 0000000000..7153a93852 --- /dev/null +++ b/Open-ILS/src/templates-bootstrap/opac/parts/login/login_fields.tt2 @@ -0,0 +1,36 @@ + [% IF !sso_enabled || sso_native %] +
+
+ +
+
+ +
+
+
+
+ +
+
+ +
+
+
+
+ [% IF ctx.get_org_setting ( + ctx.physical_org || ctx.aou_tree.id, 'opac.allow_pending_user') %] + [% l('Request A Card') %] + [% END %] +
+
+ [% IF reset_password == 'true' %] + [% l('Forgot Your Password?') %] + [% END %] +
+
+ [% END; # native block %] +
diff --git a/Open-ILS/src/templates-bootstrap/opac/parts/login/login_modal.tt2 b/Open-ILS/src/templates-bootstrap/opac/parts/login/login_modal.tt2 index a778b7ccd7..015e24addb 100755 --- a/Open-ILS/src/templates-bootstrap/opac/parts/login/login_modal.tt2 +++ b/Open-ILS/src/templates-bootstrap/opac/parts/login/login_modal.tt2 @@ -1,7 +1,26 @@ +[% + + redirect = CGI.param('redirect_to'); + # Don't use referer unless we got here from elsewhere within the TPAC + IF !redirect AND ctx.referer.match('^https?://' _ ctx.hostname _ ctx.opac_root); + redirect = ctx.referer; + END; + + # If no redirect is offered or it's leading us back to the + # login form, redirect the user to My Account + IF !redirect OR redirect.match(ctx.path_info _ '$'); + redirect = CGI.url('-full' => 1) _ '/opac/myopac/main'; + END; + redirect = redirect | replace('^http:', 'https:'); + sso_enabled = ctx.get_org_setting(ctx.sso_org, 'opac.login.shib_sso.enable'); + sso_native = ctx.get_org_setting(ctx.sso_org, 'opac.login.shib_sso.allow_native'); + + +%] +