From: Galen Charlton Date: Tue, 15 Dec 2015 23:26:38 +0000 (-0500) Subject: LP#1526558: WIP - teach SIP how to use auth_proxy X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=refs%2Fheads%2Fuser%2Fgmcharlt%2Flp1526558_sip_auth_proxy;p=working%2FEvergreen.git LP#1526558: WIP - teach SIP how to use auth_proxy Now works for both terminal users and verifying patron passwords, although the former use-case is probably unnecessary. It may be desirable to teach open-ils.auth_proxy how to *only* request authentication, and not also establish a session. Signed-off-by: Galen Charlton --- diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example index 3b47481f86..f8b802aebc 100644 --- a/Open-ILS/examples/opensrf.xml.example +++ b/Open-ILS/examples/opensrf.xml.example @@ -475,6 +475,7 @@ vim:et:ts=4:sw=4: staff opac + sip persist diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm index bd11e1978e..33d5558cfa 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm @@ -233,21 +233,42 @@ sub login { return $self->{authtoken} if ($self->fetch_session); # fetch the session } - my $nonce = rand($$); - my $seed = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.init', $username, $nonce ); - - my $response = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.complete', - { - username => $username, - password => md5_hex($seed . md5_hex($password)), - type => 'opac', - nonce => $nonce - } - ); + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + my $response; + if ($auth_proxy_enabled) { + $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $username, + password => $password, + type => 'sip', + } + ); + } else { + my $nonce = rand($$); + my $seed = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.init', $username, $nonce ); + + $response = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.complete', + { + username => $username, + password => md5_hex($seed . md5_hex($password)), + type => 'opac', + nonce => $nonce + } + ); + } if( my $code = $U->event_code($response) ) { my $txt = $response->{textcode}; diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm index ac4f05c3b2..1824b50773 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm @@ -350,7 +350,41 @@ sub check_password { my ($self, $pwd) = @_; syslog('LOG_DEBUG', 'OILS: Patron->check_password()'); return 0 unless (defined $pwd and $self->{user}); - return md5_hex($pwd) eq $self->{user}->passwd; + + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + if ($auth_proxy_enabled) { + my $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $self->{user}->usrname, + password => $pwd, + type => 'sip', + } + ); + if ($U->event_code($response)) { + return 0; + } else { + # don't leave an extra session hanging around + # for this user + my $ses = $response->{payload}->{authtoken}; + $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.session.delete', + $ses + ); + return 1; + } + } else { + return md5_hex($pwd) eq $self->{user}->passwd; + } } sub currency { # not really implemented