From b31e9e8ffb63bd22bfe013cd032c2e5ad6179d02 Mon Sep 17 00:00:00 2001
From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 7 Aug 2008 13:49:30 +0000
Subject: [PATCH] return to login page if auth fails, existing auth session has
 timed out, or existing auth session does not have required perms

git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_1_2@10296 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm b/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm
index 84c8f4d1eb..476f288a49 100644
--- a/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm
+++ b/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm
@@ -112,11 +112,13 @@ sub handler {
 				)
 			);
 			return Apache2::Const::REDIRECT;
-		}
+		} else {
+            return back_to_login($cgi);
+        }
 	}
 
 	my $user = verify_login($auth_ses);
-	return Apache2::Const::FORBIDDEN unless ($user);
+    return back_to_login($cgi) unless $user;
 
 	$ws_ou ||= $user->home_ou;
 
@@ -127,12 +129,25 @@ sub handler {
 		->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
 		->gather(1);
 
-	return Apache2::Const::FORBIDDEN if (@$failures > 0);
+	return back_to_login($cgi) if (@$failures > 0);
 
 	# they're good, let 'em through
 	return Apache2::Const::DECLINED;
 }
 
+sub back_to_login {
+    my $cgi = shift;
+    print $cgi->redirect(
+        -uri=>$cgi->url,
+        -cookie=>$cgi->cookie(
+            -name=>'ses',
+            -value=>'',
+            -path=>'/',-expires=>'-1h'
+        )
+    );
+    return Apache2::Const::REDIRECT;
+}
+
 # returns the user object if the session is valid, 0 otherwise
 sub verify_login {
 	my $auth_token = shift;
-- 
2.11.0