From 15d9753e482228406cb6064cb62b1fa6ce2688c3 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Wed, 7 Jul 2010 13:46:37 +0000
Subject: [PATCH] added OPAC support for 1) selecting SSL manually and having
 it stick and 2) forcing SSL when the user is logged in to protect auth tokens
 and other private data.  The latter option is enabled via new apache env
 variable

git-svn-id: svn://svn.open-ils.org/ILS/trunk@16865 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/examples/apache/eg_vhost.conf                  | 5 +++++
 Open-ILS/web/opac/common/js/opac_utils.js               | 9 ++++++++-
 Open-ILS/web/opac/skin/default/xml/common/js_common.xml | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/Open-ILS/examples/apache/eg_vhost.conf b/Open-ILS/examples/apache/eg_vhost.conf
index 1f3c6b833d..0277671ea1 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf
+++ b/Open-ILS/examples/apache/eg_vhost.conf
@@ -105,6 +105,11 @@ RewriteRule - - [E=locale:%1] [L]
 
     # Specify the initial script URL for Novelist (containing account credentials, etc.)
     #SetEnv OILS_NOVELIST_URL
+    
+
+    # Uncomment to force SSL any time a patron is logged in.  This protects 
+    # authentication tokens.  Left commented out for backwards compat for now.
+    #SetEnv OILS_OPAC_FORCE_LOGIN_SSL 1
 
 </LocationMatch>
 
diff --git a/Open-ILS/web/opac/common/js/opac_utils.js b/Open-ILS/web/opac/common/js/opac_utils.js
index 2e09b66e3e..09163e68d6 100644
--- a/Open-ILS/web/opac/common/js/opac_utils.js
+++ b/Open-ILS/web/opac/common/js/opac_utils.js
@@ -329,11 +329,18 @@ function _debug(str) {
 	*/
 }
 
+var forceLoginSSL; // set via Apache env variable
 function  buildOPACLink(args, slim, ssl) {
 
 	if(!args) args = {};
 	var string = "";
 
+    if( ssl == undefined && (
+            location.protocol == 'https:' ||
+            (forceLoginSSL && G.user && G.user.session))) {
+        ssl = true;
+    }
+
 	if(!slim) {
 		string = findBaseURL(ssl);
 		if(args.page) string += config.page[args.page];
@@ -799,7 +806,7 @@ function doLogout() {
 	
 	var nored = false;
 	try{ if(isFrontPage) nored = true; } catch(e){nored = false;}
-	if(!nored) goTo(buildOPACLink(args));
+	if(!nored) goTo(buildOPACLink(args, false, false));
 }
 
 
diff --git a/Open-ILS/web/opac/skin/default/xml/common/js_common.xml b/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
index fa20116129..af0b79723a 100644
--- a/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
+++ b/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
@@ -41,6 +41,10 @@
 			getId("home_adv_search_link").setAttribute("href", buildOPACLink({page:ADVANCED})); 
 			getId("home_myopac_link").setAttribute("href", buildOPACLink({page:MYOPAC}, false, true));
 		}
+
+        <!--#if expr="$OILS_OPAC_FORCE_LOGIN_SSL"-->
+            forceLoginSSL = true;
+        <!--#endif -->
 	</script>
 
 	<!-- enable Dojo date picker -->
-- 
2.11.0