From c2eed3c1c69e324284b9f05984c575492c7ca22e Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 15 Dec 2015 18:26:38 -0500 Subject: [PATCH] LP#1526558: WIP - teach SIP how to use auth_proxy Now works for both terminal users and verifying patron passwords, although the former use-case is probably unnecessary. It may be desirable to teach open-ils.auth_proxy how to *only* request authentication, and not also establish a session. Signed-off-by: Galen Charlton --- Open-ILS/examples/opensrf.xml.example | 1 + Open-ILS/src/perlmods/lib/OpenILS/SIP.pm | 63 ++++++++++++++++--------- Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm | 38 ++++++++++++++- 3 files changed, 79 insertions(+), 23 deletions(-) diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example index eb875b1116..b7620b1967 100644 --- a/Open-ILS/examples/opensrf.xml.example +++ b/Open-ILS/examples/opensrf.xml.example @@ -549,6 +549,7 @@ vim:et:ts=4:sw=4: staff opac + sip persist diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm index 500efa22bc..1121bb454a 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm @@ -196,30 +196,51 @@ sub login { return $self->{authtoken} if ($self->fetch_session); # fetch the session } - my $nonce = rand($$); + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + my $response; + if ($auth_proxy_enabled) { + $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $username, + password => $password, + type => 'sip', + } + ); + } else { + my $nonce = rand($$); + + my $seed = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.init', $username, $nonce ); + + my $opts = + { + username => $username, + password => md5_hex($seed . md5_hex($password)), + type => 'opac', + nonce => $nonce + }; + + if ($self->{login}->{location}) { + $opts->{workstation} = $self->{login}->{location}; + } - my $seed = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.init', $username, $nonce ); - - my $opts = - { - username => $username, - password => md5_hex($seed . md5_hex($password)), - type => 'opac', - nonce => $nonce - }; - - if ($self->{login}->{location}) { - $opts->{workstation} = $self->{login}->{location}; + $response = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.complete', + $opts + ); } - my $response = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.complete', - $opts - ); - if( my $code = $U->event_code($response) ) { my $txt = $response->{textcode}; syslog('LOG_WARNING', "OILS: Login failed for $username. $txt:$code"); diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm index 16cff51aee..a0df596f65 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm @@ -434,8 +434,42 @@ sub check_password { my ($self, $pwd) = @_; syslog('LOG_DEBUG', 'OILS: Patron->check_password()'); return 0 unless (defined $pwd and $self->{user}); - return $U->verify_migrated_user_password( - $self->{editor},$self->{user}->id, $pwd); + + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + if ($auth_proxy_enabled) { + my $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $self->{user}->usrname, + password => $pwd, + type => 'sip', + } + ); + if ($U->event_code($response)) { + return 0; + } else { + # don't leave an extra session hanging around + # for this user + my $ses = $response->{payload}->{authtoken}; + $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.session.delete', + $ses + ); + return 1; + } + } else { + return $U->verify_migrated_user_password( + $self->{editor},$self->{user}->id, $pwd); + } } sub currency { -- 2.11.0