From: Dan Wells <dbw2@calvin.edu>
Date: Tue, 5 Jan 2016 19:24:21 +0000 (-0500)
Subject: LP#1468422 Make AuthProxy.pm work with new auth
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=807dd95dffab3e8a25f167973a8d1c05ebf84b11;p=evergreen%2Ftadl.git

LP#1468422 Make AuthProxy.pm work with new auth

Previously, AuthProxy.pm would simply lookup and use the hashed password
when the external authentication had passed.  This simple method no
longer works, since even cstore doesn't have access to the hashed
password.

Instead, take advantage of the new 'auth_internal' service to create the
user session after the user has been externally authenticated.

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Bill Erickson <berickxx@gmail.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
index 9ca5ea52d1..94bb2d1438 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
@@ -234,8 +234,8 @@ sub login {
         } elsif (defined $code) { # code is '0', i.e. SUCCESS
             if (exists $event->{'payload'}) { # we have a complete native login
                 return $event;
-            } else { # do a 'forced' login
-                return &_do_login($args, 1);
+            } else { # create an EG session for the successful external login
+                return &_create_session($args);
             }
         }
     }
@@ -249,6 +249,35 @@ sub login {
     return OpenILS::Event->new( 'LOGIN_FAILED' );
 }
 
+sub _create_session {
+    my $args = shift;
+
+    my $user = $U->cstorereq(
+        "open-ils.cstore.direct.actor.user.search.atomic",
+        { usrname => $args->{'username'} }
+    );
+    if (!$user->[0]) {
+        $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting");
+        return OpenILS::Event->new( 'LOGIN_FAILED' );
+    } else {
+        $args->{user_id} = $user->[0]->id;
+    }
+
+    my $response = OpenSRF::AppSession->create("open-ils.auth_internal")->request(
+        'open-ils.auth_internal.session.create',
+        {
+            user_id => $args->{user_id},
+            login_type => $args->{type},
+            org_unit => $args->{org}
+        }
+    )->gather(1);
+
+    return OpenILS::Event->new( 'LOGIN_FAILED' )
+      unless $response;
+
+    return $response;
+}
+
 sub _do_login {
     my $args = shift;
     my $authenticated = shift;
@@ -262,22 +291,7 @@ sub _do_login {
       unless $seed;
 
     my $real_password = $args->{'password'};
-    # if we have already authenticated, look up the password needed to finish
-    if ($authenticated) {
-        # username is required
-        return OpenILS::Event->new( 'LOGIN_FAILED' ) if !$args->{'username'};
-        my $user = $U->cstorereq(
-            "open-ils.cstore.direct.actor.user.search.atomic",
-            { usrname => $args->{'username'} }
-        );
-        if (!$user->[0]) {
-            $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting");
-            return OpenILS::Event->new( 'LOGIN_FAILED' );
-        }
-        $args->{'password'} = md5_hex( $seed . $user->[0]->passwd );
-    } else {
-        $args->{'password'} = md5_hex( $seed . md5_hex($real_password) );
-    }
+    $args->{'password'} = md5_hex( $seed . md5_hex($real_password) );
     my $response = OpenSRF::AppSession->create("open-ils.auth")->request(
         'open-ils.auth.authenticate.complete',
         $args