From ff015d1faf99e4f774f363a90cfce82e2180b529 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Tue, 15 Dec 2015 18:26:38 -0500 Subject: [PATCH] LP#1526558: WIP - teach SIP how to use auth_proxy Now works for both terminal users and verifying patron passwords, although the former use-case is probably unnecessary. It may be desirable to teach open-ils.auth_proxy how to *only* request authentication, and not also establish a session. Signed-off-by: Galen Charlton --- Open-ILS/examples/opensrf.xml.example | 1 + Open-ILS/src/perlmods/lib/OpenILS/SIP.pm | 51 +++++++++++++++++-------- Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm | 36 ++++++++++++++++- 3 files changed, 72 insertions(+), 16 deletions(-) diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example index 3b47481f86..f8b802aebc 100644 --- a/Open-ILS/examples/opensrf.xml.example +++ b/Open-ILS/examples/opensrf.xml.example @@ -475,6 +475,7 @@ vim:et:ts=4:sw=4: staff opac + sip persist diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm index bd11e1978e..33d5558cfa 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP.pm @@ -233,21 +233,42 @@ sub login { return $self->{authtoken} if ($self->fetch_session); # fetch the session } - my $nonce = rand($$); - my $seed = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.init', $username, $nonce ); - - my $response = $U->simplereq( - 'open-ils.auth', - 'open-ils.auth.authenticate.complete', - { - username => $username, - password => md5_hex($seed . md5_hex($password)), - type => 'opac', - nonce => $nonce - } - ); + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + my $response; + if ($auth_proxy_enabled) { + $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $username, + password => $password, + type => 'sip', + } + ); + } else { + my $nonce = rand($$); + my $seed = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.init', $username, $nonce ); + + $response = $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.authenticate.complete', + { + username => $username, + password => md5_hex($seed . md5_hex($password)), + type => 'opac', + nonce => $nonce + } + ); + } if( my $code = $U->event_code($response) ) { my $txt = $response->{textcode}; diff --git a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm index ac4f05c3b2..1824b50773 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/SIP/Patron.pm @@ -350,7 +350,41 @@ sub check_password { my ($self, $pwd) = @_; syslog('LOG_DEBUG', 'OILS: Patron->check_password()'); return 0 unless (defined $pwd and $self->{user}); - return md5_hex($pwd) eq $self->{user}->passwd; + + my $auth_proxy_enabled = 0; + eval { + $auth_proxy_enabled = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.enabled' + ); + }; + + if ($auth_proxy_enabled) { + my $response = $U->simplereq( + 'open-ils.auth_proxy', + 'open-ils.auth_proxy.login', + { + username => $self->{user}->usrname, + password => $pwd, + type => 'sip', + } + ); + if ($U->event_code($response)) { + return 0; + } else { + # don't leave an extra session hanging around + # for this user + my $ses = $response->{payload}->{authtoken}; + $U->simplereq( + 'open-ils.auth', + 'open-ils.auth.session.delete', + $ses + ); + return 1; + } + } else { + return md5_hex($pwd) eq $self->{user}->passwd; + } } sub currency { # not really implemented -- 2.11.0