From 5da5ed33b241e65dbd03f4b698ab81e8e26ffa71 Mon Sep 17 00:00:00 2001 From: miker Date: Fri, 17 Aug 2007 20:44:36 +0000 Subject: [PATCH] generic auth proxy; sets "ses" cookie and redirects git-svn-id: svn://svn.open-ils.org/ILS/trunk@7700 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm | 172 +++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm diff --git a/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm b/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm new file mode 100644 index 0000000000..78031c7c12 --- /dev/null +++ b/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm @@ -0,0 +1,172 @@ +package OpenILS::Reporter::Proxy; +use strict; use warnings; + +use Apache2 (); +use Apache2::Log; +use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log); +use APR::Const -compile => qw(:error SUCCESS); +use CGI; +use Data::Dumper; +use Digest::MD5 qw/md5_hex/; + +use OpenSRF::EX qw(:try); +use OpenSRF::System; + + +# set the bootstrap config and template include directory when +# this module is loaded +my $bootstrap; + +sub import { + my $self = shift; + $bootstrap = shift; +} + + +sub child_init { + OpenSRF::System->bootstrap_client( config_file => $bootstrap ); +} + +sub handler { + my $apache = shift; + my $title = $apache->dir_config('ProxyTitle'); + my $desc = $apache->dir_config('ProxyDescription'); + my $perms = [ split ' ', $apache->dir_config('ProxyPermissions') ]; + + return Apache2::Const::NOT_FOUND unless ($title); + return Apache2::Const::NOT_FOUND unless (@$perms); + + my $cgi = new CGI; + my $auth_ses = $cgi->cookie('ses'); + my $ws_ou = $cgi->cookie('ws_ou'); + + my $url = $cgi->url; + + # push everyone to the secure site + if ($url =~ /^http:/o) { + $url =~ s/^http:/https:/o; + print "Location: $url\n\n"; + return Apache2::Const::OK; + } + + if (!$auth_ses) { + my $u = $cgi->param('user'); + my $p = $cgi->param('passwd'); + + if (!$u) { + + print $cgi->header(-type=>'text/html', -expires=>'-1d'); + print <<" HTML"; + + + + $title + + +


+
+
+ + + + + + + + + + + + +
$desc
Username or barcode:
Password:
+ +
+
+ + + + HTML + return Apache2::Const::OK; + } + + $auth_ses = oils_login($u, $p); + if ($auth_ses) { + print $cgi->redirect( + -uri=>$url, + -cookie=>$cgi->cookie( + -name=>'ses', + -value=>$auth_ses, + -path=>'/',-expires=>'+1h' + ) + ); + return Apache2::Const::REDIRECT; + } + } + + my $user = verify_login($auth_ses); + return Apache2::Const::FORBIDDEN unless ($user); + + $ws_ou ||= $usr->home_ou; + + my $failures = OpenSRF::AppSession + ->create('open-ils.actor') + ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms) + ->gather(1); + + return Apache2::Const::FORBIDDEN if (@$failures > 0); + + # they're good, let 'em through + return Apache2::Const::DECLINED if (-e $apache->filename); + + # oops, file not found + return Apache2::Const::NOT_FOUND; +} + +# returns the user object if the session is valid, 0 otherwise +sub verify_login { + my $auth_token = shift; + return undef unless $auth_token; + + my $user = OpenSRF::AppSession + ->create("open-ils.auth") + ->request( "open-ils.auth.session.retrieve", $auth_token ) + ->gather(1); + + if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) { + return undef; + } + + return $user if ref($user); + return undef; +} + +sub oils_login { + my( $username, $password, $type ) = @_; + + $type |= "staff"; + my $nametype = 'username'; + $nametype = 'barcode' if ($username =~ /^\d+$/o); + + my $seed = OpenSRF::AppSession + ->create("open-ils.auth") + ->request( 'open-ils.auth.authenticate.init', $username ) + ->gather(1); + + return undef unless $seed; + + my $response = OpenSRF::AppSession + ->create("open-ils.auth") + ->request( 'open-ils.auth.authenticate.complete', + { $nametype => $username, + password => md5_hex($seed . md5_hex($password)), + type => $type }) + ->gather(1); + + return undef unless $response; + + return $response->{payload}->{authtoken}; +} + + + +1; -- 2.11.0