From aa5f3afee533508746f21f17e0c5a4bae2fd285f Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Thu, 17 Nov 2022 10:09:39 -0500 Subject: [PATCH] LP#1996908: allow OpenILS::WWW::Proxy::Authen to check eg.auth.token This patch allows the authentication handler to accept the 'eg.auth.token' cookie coming from the staff client if a 'ses' parameter or 'ses' cookie has not been set. This allows resources gated by this handler to be accessed by a staff member who has logged into the staff client without requiring an additional login. To test ------- [1] Create a report and note the URL of one of its outputs. [2] In a completely fresh browser session, log into the staff client, then directly load the reporter output. You will be prompted to log in again because the 'ses' cookie was not set. [3] Apply the patch and repeat step 2. This time, the reporter output should be directly retrieved. Signed-off-by: Galen Charlton Signed-off-by: Jason Boyer --- Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm index 0cc9ec447d..caf2a61154 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy/Authen.pm @@ -40,7 +40,17 @@ sub handler { return Apache2::Const::NOT_FOUND unless (@$perms); my $cgi = new CGI; - my $auth_ses = $cgi->param('ses') || $cgi->cookie('ses'); + my $auth_ses = $cgi->param('ses') || $cgi->cookie('ses') || $cgi->cookie('eg.auth.token'); + if ($auth_ses =~ /^"(.+)"$/) { # came from eg2 login, is json encoded + $auth_ses = $1; + } + + # Note that the handler accepts an eg.auth.token from the web staff + # client but will not set it if it has to ask the user for + # credentials (it will only set 'ses'). As of 2022-11, it works this + # way to avoid this authen handler from becoming a way to create + # a staff login session that does not have a workstation set. + my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->param('ws_ou') || $cgi->cookie('ws_ou'); my $url = $cgi->url; -- 2.11.0