#include "openils/oils_constants.h"
#include "openils/oils_event.h"
-#define OILS_AUTH_CACHE_PRFX "oils_auth_"
+#define OILS_AUTH_CACHE_PRFX "ss_auth_"
#define OILS_AUTH_COUNT_SFFX "_count"
-#define MODULENAME "open-ils.auth"
-
-#define OILS_AUTH_OPAC "opac"
-#define OILS_AUTH_STAFF "staff"
-#define OILS_AUTH_TEMP "temp"
-#define OILS_AUTH_PERSIST "persist"
+#define MODULENAME "sharestuff.auth"
// Default time for extending a persistent session: ten minutes
#define DEFAULT_RESET_INTERVAL 10 * 60
int osrfAppInitialize();
int osrfAppChildInit();
-static long _oilsAuthOPACTimeout = 0;
-static long _oilsAuthStaffTimeout = 0;
-static long _oilsAuthOverrideTimeout = 0;
-static long _oilsAuthPersistTimeout = 0;
+static long _oilsAuthTimeout = 0;
static long _oilsAuthSeedTimeout = 0;
static long _oilsAuthBlockTimeout = 0;
static long _oilsAuthBlockCount = 0;
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.authenticate.init",
+ "sharestuff.auth.authenticate.init",
"oilsAuthInit",
"Start the authentication process and returns the intermediate authentication seed"
" PARAMS( username )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.authenticate.complete",
+ "sharestuff.auth.authenticate.complete",
"oilsAuthComplete",
"Completes the authentication process. Returns an object like so: "
"{authtoken : <token>, authtime:<time>}, where authtoken is the login "
"token and authtime is the number of seconds the session will be active"
- "PARAMS(username, md5sum( seed + md5sum( password ) ), type, org_id ) "
- "type can be one of 'opac','staff', or 'temp' and it defaults to 'staff' "
- "org_id is the location at which the login should be considered "
- "active for login timeout purposes", 1, 0 );
+ "PARAMS(username, md5sum( seed + md5sum( password ) )) ", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.authenticate.verify",
+ "sharestuff.auth.authenticate.verify",
"oilsAuthComplete",
"Verifies the user provided a valid username and password."
- "Params and are the same as open-ils.auth.authenticate.complete."
+ "Params and are the same as sharestuff.auth.authenticate.complete."
"Returns SUCCESS event on success, failure event on failure", 1, 0);
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.session.retrieve",
+ "sharestuff.auth.session.retrieve",
"oilsAuthSessionRetrieve",
"Pass in the auth token and this retrieves the user object. The auth "
"timeout is reset when this call is made "
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.session.delete",
+ "sharestuff.auth.session.delete",
"oilsAuthSessionDelete",
"Destroys the given login session "
"PARAMS( authToken )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
- "open-ils.auth.session.reset_timeout",
+ "sharestuff.auth.session.reset_timeout",
"oilsAuthResetTimeout",
"Resets the login timeout for the given session "
"Returns an ILS Event with payload = session_timeout of session "
jsonObject* value_obj;
value_obj = osrf_settings_host_value_object(
- "/apps/open-ils.auth/app_settings/auth_limits/seed" );
+ "/apps/sharestuff.auth/app_settings/auth_limits/seed" );
_oilsAuthSeedTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthSeedTimeout ) {
}
value_obj = osrf_settings_host_value_object(
- "/apps/open-ils.auth/app_settings/auth_limits/block_time" );
+ "/apps/sharestuff.auth/app_settings/auth_limits/block_time" );
_oilsAuthBlockTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockTimeout ) {
}
value_obj = osrf_settings_host_value_object(
- "/apps/open-ils.auth/app_settings/auth_limits/block_count" );
+ "/apps/sharestuff.auth/app_settings/auth_limits/block_count" );
_oilsAuthBlockCount = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockCount ) {
if(!seed) {
return osrfAppRequestRespondException( ctx->session,
ctx->request, "No authentication seed found. "
- "open-ils.auth.authenticate.init must be called first "
+ "sharestuff.auth.authenticate.init must be called first "
" (check that memcached is running and can be connected to) "
);
}
if( passOK ) { // login successful
- if (0 == strcmp(ctx->method->name, "open-ils.auth.authenticate.verify")) {
+ if (0 == strcmp(ctx->method->name, "sharestuff.auth.authenticate.verify")) {
response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_SUCCESS );
} else {
response = oilsAuthHandleLoginOK( userObj, uname );
userObj = jsonObjectGetKey( cacheObj, "userobj" );
userId = oilsFMGetObjectId( userObj );
- session = osrfAppSessionClientInit( "open-ils.cstore" );
+ session = osrfAppSessionClientInit( "sharestuff.cstore" );
osrfAppSessionConnect(session);
- reqid = osrfAppSessionSendRequest(session, NULL, "open-ils.cstore.transaction.begin", 1);
+ reqid = osrfAppSessionSendRequest(session, NULL, "sharestuff.cstore.transaction.begin", 1);
omsg = osrfAppSessionRequestRecv(session, reqid, 60);
if(omsg) {
osrfMessageFree(omsg);
param = jsonNewNumberObject(userId);
- reqid = osrfAppSessionSendRequest(session, param, "open-ils.cstore.direct.actor.user.retrieve", 1);
+ reqid = osrfAppSessionSendRequest(session, param, "sharestuff.cstore.direct.actor.user.retrieve", 1);
omsg = osrfAppSessionRequestRecv(session, reqid, 60);
jsonObjectFree(param);
if(omsg) {
newUserObj = jsonObjectClone( osrfMessageGetResult(omsg) );
osrfMessageFree(omsg);
- reqid = osrfAppSessionSendRequest(session, NULL, "open-ils.cstore.transaction.rollback", 1);
+ reqid = osrfAppSessionSendRequest(session, NULL, "sharestuff.cstore.transaction.rollback", 1);
omsg = osrfAppSessionRequestRecv(session, reqid, 60);
osrfMessageFree(omsg);
}
--- /dev/null
+package ShareStuff::Proxy;
+use strict; use warnings;
+
+use Apache2::Log;
+use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
+use APR::Const -compile => qw(:error SUCCESS);
+use CGI;
+use Data::Dumper;
+use Digest::MD5 qw/md5_hex/;
+
+use OpenSRF::EX qw(:try);
+use OpenSRF::System;
+
+
+# set the bootstrap config and template include directory when
+# this module is loaded
+my $bootstrap;
+my $ssl_off;
+
+my $default_template = <<HTML;
+<html>
+ <head>
+ <title>TITLE</title>
+ </head>
+ <body>
+ <br/><br/><br/>
+ <center>
+ <form method='POST'>
+ <table style='border-collapse: collapse; border: 1px solid black;'>
+ <tr>
+ <th colspan='2' align='center'><u>DESCRIPTION</u></th>
+ </tr>
+ <tr>
+ <th align="right">Username:</th>
+ <td><input type="text" name="user"/></td>
+ </tr>
+ <tr>
+ <th align="right">Password:</th>
+ <td><input type="password" name="passwd"/></td>
+ </tr>
+ </table>
+ <input type="submit" value="Log in"/>
+ </form>
+ </center>
+ </body>
+</html>
+HTML
+
+sub import {
+ my $self = shift;
+ $bootstrap = shift;
+ $ssl_off = shift;
+}
+
+
+sub child_init {
+ OpenSRF::System->bootstrap_client( config_file => $bootstrap );
+ return Apache2::Const::OK;
+}
+
+sub handler {
+ my $apache = shift;
+
+ my $title = $apache->dir_config('ProxyTitle') || 'ShareStuff Login';
+ my $desc = $apache->dir_config('ProxyDescription') || $title;
+ my $perms = [ split ' ', $apache->dir_config('ProxyPermissions') ];
+
+ return Apache2::Const::NOT_FOUND unless (@$perms);
+
+ my $cgi = new CGI;
+ my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses');
+
+ my $url = $cgi->url;
+
+ # push everyone to the secure site
+ if (!$ssl_off && $url =~ /^http:/o) {
+ my $base = $cgi->url(-base=>1);
+ $base =~ s/^http:/https:/o;
+ print "Location: $base".$apache->unparsed_uri."\n\n";
+ return Apache2::Const::REDIRECT;
+ }
+
+ if (!$auth_ses) {
+ my $u = $cgi->param('user');
+ my $p = $cgi->param('passwd');
+
+ if (!$u) {
+
+ print $cgi->header(-type=>'text/html', -expires=>'-1d');
+ $proxyhtml = $default_template;
+ $proxyhtml =~ s/TITLE/$title/gso;
+ $proxyhtml =~ s/DESCRIPTION/$desc/gso;
+
+ print $proxyhtml;
+ return Apache2::Const::OK;
+ }
+
+ $auth_ses = oils_login($u, $p);
+ if ($auth_ses) {
+ print $cgi->redirect(
+ -uri=> $apache->unparsed_uri,
+ -cookie=>$cgi->cookie(
+ -name=>'ses',
+ -value=>$auth_ses,
+ -path=>'/',
+ -secure=>1
+ )
+ );
+ return Apache2::Const::REDIRECT;
+ } else {
+ return back_to_login($apache, $cgi);
+ }
+ }
+
+ my $user = verify_login($auth_ses);
+ return back_to_login($apache, $cgi) unless $user;
+
+ #warn "Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location ".$user->home_ou."\n";
+
+# my $failures = OpenSRF::AppSession
+# ->create('sharestuff.actor')
+# ->request('sharestuff.actor.user.perm.check', $auth_ses, $user->id, undef, $perms)
+# ->gather(1);
+#
+# return back_to_login($apache, $cgi) if (@$failures > 0);
+
+ # they're good, let 'em through
+ return Apache2::Const::DECLINED;
+}
+
+sub back_to_login {
+ my $apache = shift;
+ my $cgi = shift;
+ print $cgi->redirect(
+ -uri=>$apache->unparsed_uri,
+ -cookie=>$cgi->cookie(
+ -name=>'ses',
+ -value=>'',
+ -path=>'/',-expires=>'-1h'
+ )
+ );
+ return Apache2::Const::REDIRECT;
+}
+
+# returns the user object if the session is valid, 0 otherwise
+sub verify_login {
+ my $auth_token = shift;
+ return undef unless $auth_token;
+
+ my $user = OpenSRF::AppSession
+ ->create("sharestuff.auth")
+ ->request( "sharestuff.auth.session.retrieve", $auth_token )
+ ->gather(1);
+
+ if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
+ return undef;
+ }
+
+ return $user if ref($user);
+ return undef;
+}
+
+sub oils_login {
+ my( $username, $password ) = @_;
+
+ my $nametype = 'username';
+
+ my $seed = OpenSRF::AppSession
+ ->create("sharestuff.auth")
+ ->request( 'sharestuff.auth.authenticate.init', $username )
+ ->gather(1);
+
+ return undef unless $seed;
+
+ my $response = OpenSRF::AppSession
+ ->create("sharestuff.auth")
+ ->request( 'sharestuff.auth.authenticate.complete',
+ { $nametype => $username, password => md5_hex($seed . md5_hex($password)) })
+ ->gather(1);
+
+ return undef unless $response;
+
+ return $response->{payload}->{authtoken};
+}
+
+1;
+