From 5cb6e6bccbf2b93ebb7bbe26ed5bb410cb3bd6c6 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Wed, 24 Jun 2015 11:00:25 -0400 Subject: [PATCH] LP#1384740 MARC stream (etc) use auth nonce Add an authentication nonce to the shared oils_header.pl file to avoid too-many-logins by a single username causing login rejections. Signed-off-by: Bill Erickson Signed-off-by: Galen Charlton --- Open-ILS/src/support-scripts/oils_header.pl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Open-ILS/src/support-scripts/oils_header.pl b/Open-ILS/src/support-scripts/oils_header.pl index 6dc6be6f65..d0a1870950 100755 --- a/Open-ILS/src/support-scripts/oils_header.pl +++ b/Open-ILS/src/support-scripts/oils_header.pl @@ -155,15 +155,16 @@ sub oils_login { $type |= "staff"; + my $nonce = rand($$); my $seed = $apputils->simplereq( $AUTH, - 'open-ils.auth.authenticate.init', $username ); + 'open-ils.auth.authenticate.init', $username, $nonce); err("No auth seed") unless $seed; my $response = $apputils->simplereq( $AUTH, 'open-ils.auth.authenticate.complete', { username => $username, password => md5_hex($seed . md5_hex($password)), - type => $type }); + type => $type, nonce => $nonce }); err("No auth response returned on login") unless $response; -- 2.11.0