From 1790d4ba7b71b4443f0f0122b2c43b041d642c91 Mon Sep 17 00:00:00 2001
From: Jane Sandberg <sandbej@linnbenton.edu>
Date: Mon, 1 Mar 2021 09:34:36 -0800
Subject: [PATCH] LP1786524: Don't require user to pass in db connection info

Passing a production database password on the command line is a bad
security practice.  Let's pull the database connection information
from opensrf.xml instead, while still allowing users to override
the default db connection information.

Also, let's install this into /openils/bin by default.

Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
Signed-off-by: Rogan Hamby <rogan.hamby@gmail.com>
---
 .gitignore                                         |  1 +
 Open-ILS/src/Makefile.am                           |  7 +++++-
 .../{patron_loader.pl => patron_loader.pl.in}      | 28 +++++++++++++++-------
 3 files changed, 26 insertions(+), 10 deletions(-)
 rename Open-ILS/src/support-scripts/{patron_loader.pl => patron_loader.pl.in} (97%)

diff --git a/.gitignore b/.gitignore
index 23d7d99b32..4ac5596471 100644
--- a/.gitignore
+++ b/.gitignore
@@ -69,6 +69,7 @@ Open-ILS/src/support-scripts/authority_control_fields.pl
 Open-ILS/src/support-scripts/marc_export
 Open-ILS/src/support-scripts/marc_stream_importer.pl
 Open-ILS/src/support-scripts/offline-blocked-list.pl
+Open-ILS/src/support-scripts/patron_loader.pl
 Open-ILS/updates/Makefile
 Open-ILS/updates/Makefile.in
 Open-ILS/xul/staff_client/client/
diff --git a/Open-ILS/src/Makefile.am b/Open-ILS/src/Makefile.am
index 1391e8135d..e5b5b4473e 100644
--- a/Open-ILS/src/Makefile.am
+++ b/Open-ILS/src/Makefile.am
@@ -125,7 +125,8 @@ gen_scripts = \
 	$(supportscr)/eg_db_config \
 	$(supportscr)/marc_export \
 	$(supportscr)/marc_stream_importer.pl \
-	$(supportscr)/offline-blocked-list.pl
+	$(supportscr)/offline-blocked-list.pl \
+	$(supportscr)/patron_loader.pl
 
 # config files that are generated from *.in files and can
 # be deleted by a make clean
@@ -234,6 +235,10 @@ $(supportscr)/offline-blocked-list.pl: Makefile $(supportscr)/offline-blocked-li
 	$(do_subst) $(supportscr)/offline-blocked-list.pl.in > "$@"
 	chmod 755 "$@"
 
+$(supportscr)/patron_loader.pl: Makefile $(supportscr)/patron_loader.pl.in
+	$(do_subst) $(supportscr)/patron_loader.pl.in > "$@"
+	chmod 755 "$@"
+
 $(examples)/apache_24/eg_startup: Makefile $(examples)/apache_24/eg_startup.in
 	$(do_subst) $(examples)/apache_24/eg_startup.in > "$@"
 
diff --git a/Open-ILS/src/support-scripts/patron_loader.pl b/Open-ILS/src/support-scripts/patron_loader.pl.in
similarity index 97%
rename from Open-ILS/src/support-scripts/patron_loader.pl
rename to Open-ILS/src/support-scripts/patron_loader.pl.in
index e14f1c3b6a..1717544a6a 100755
--- a/Open-ILS/src/support-scripts/patron_loader.pl
+++ b/Open-ILS/src/support-scripts/patron_loader.pl.in
@@ -23,6 +23,7 @@ use Getopt::Long;
 use Text::CSV;
 use Data::Dumper;
 use List::MoreUtils qw(first_index);
+use OpenSRF::Utils::SettingsClient;
 
 my $db;
 my $dbuser;
@@ -31,7 +32,7 @@ my $dbpw;
 my $dbport = '5432';
 my $file;
 my $delimiter = ',';
-my $debug; 
+my $debug;
 my $matchpoint = 'usrname';
 my $org_unit;
 my $org_id;
@@ -64,18 +65,26 @@ my $ret = GetOptions(
     'profile:s'         => \$profile,
     'default_password:s' => \$default_password,
     'fill_with_matchpoint' => \$fill_with_matchpoint,
-    'alert_message:s'   => \$alert_message, 
+    'alert_message:s'   => \$alert_message,
     'alert_title:s'     => \$alert_title,
     'home_ou:s'         => \$home_ou,
     'org_unit:s'        => \$org_unit,
     'h'                 => \$h,
-    'help'              => \$help    
+    'help'              => \$help
 );
 
-if ($h or $help) { print_help(); }  
+if ($h or $help) { print_help(); }
 
+my $bootstrap = '@sysconfdir@/opensrf_core.xml';
+OpenSRF::System->bootstrap_client(config_file => $bootstrap);
+my $sc = OpenSRF::Utils::SettingsClient->new;
 
-my $dbh = connect_db($db, $dbuser, $dbpw, $dbhost, $dbport);
+my $dbh = connect_db(
+    $db || $sc->config_value( reporter => setup => database => 'db' ),
+    $dbuser || $sc->config_value( reporter => setup => database => 'user' ),
+    $dbpw || $sc->config_value( reporter => setup => database => 'pw' ),
+    $dbhost || $sc->config_value( reporter => setup => database => 'host' ),
+    $dbport || $sc->config_value( reporter => setup => database => 'port' ));
 my @results;
 my $query;
 
@@ -88,7 +97,7 @@ if (!defined $org_unit) { abort('no org_unit defined'); }
 my $prepped_org_unit = sql_wrap_text($org_unit);
 if ($debug) { print "beginning load for $org_unit\n"; }
 @results = sql_return($dbh,"SELECT id FROM actor.org_unit WHERE shortname = $prepped_org_unit;");
-if ($results[0]) { $org_id = $results[0]; } else { abort('invalid command line org unit'); } 
+if ($results[0]) { $org_id = $results[0]; } else { abort('invalid command line org unit'); }
 
 if ($debug) 
     {
@@ -525,9 +534,6 @@ sub print_help {
 
 print qq(
 Required parameters:
-    --db the Evergreen database
-    --dbuser the user of the Evergreen database
-    --dbhost the ip or domain name of the Evergreen database
     --file path to the CSV file used as the data source
     --org_unit the org unit name of the org unit patrons are being loaded for
         used to match mapped variables
@@ -535,6 +541,10 @@ Required parameters:
 Optional parameters:
 
     --h or --help 
+    --db the Evergreen database (defaults to the one established in opensrf.xml)
+    --dbuser the user of the Evergreen database
+    --dbhost the ip or domain name of the Evergreen database
+    --dbpw the password for the dbuser
     --dbport
     --delimter
     --debug
-- 
2.11.0