From e956804719b1f4380293b5dc2ed1f420f075b478 Mon Sep 17 00:00:00 2001
From: Bill Erickson <berick@esilibrary.com>
Date: Mon, 22 Jul 2013 15:21:15 -0400
Subject: [PATCH] LP1203753 AuthProxy barcode login support

When users attempt a barcode-based login with AuthProxy, the system will
determine the username of the user (based on the barcode) and use the
username instead of the barcode for all proxied login attempts.  This
allows users to use their barcodes (or barcode-looking usernames) to
log in via remote authenticators.

Signed-off-by: Bill Erickson <berick@esilibrary.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
---
 .../lib/OpenILS/Application/AuthProxy.pm      | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
index a555be7797..023dbb960f 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
@@ -35,6 +35,7 @@ use OpenSRF::Utils::Logger qw(:logger);
 use OpenSRF::Utils::SettingsClient;
 use OpenILS::Application::AppUtils;
 use OpenILS::Utils::Fieldmapper;
+use OpenILS::Utils::CStoreEditor qw/:funcs/;
 use OpenILS::Event;
 use UNIVERSAL::require;
 use Digest::MD5 qw/md5_hex/;
@@ -155,7 +156,7 @@ __PACKAGE__->register_method(
         params => [
             {name=> "args", desc => q/A hash of arguments.  Valid keys and their meanings:
     username := Username to authenticate.
-    barcode  := Barcode of user to authenticate (currently supported by 'native' only!)
+    barcode  := Barcode of user to authenticate 
     password := Password for verifying the user.
     type     := Type of login being attempted (Staff Client, OPAC, etc.).
     org      := Org unit id
@@ -170,14 +171,25 @@ __PACKAGE__->register_method(
 );
 sub login {
     my ( $self, $conn, $args ) = @_;
+    $args ||= {};
 
     return OpenILS::Event->new( 'LOGIN_FAILED' )
       unless (&enabled() and ($args->{'username'} or $args->{'barcode'}));
 
+    if ($args->{barcode} and !$args->{username}) {
+        # translate barcode logins into username logins by locating
+        # the matching card/user and collecting the username.
+
+        my $card = new_editor()->search_actor_card([
+            {barcode => $args->{barcode}, active => 't'},
+            {flesh => 1, flesh_fields => {ac => ['usr']}}
+        ])->[0];
+
+        $args->{username} = $card->usr->usrname if $card;
+    }
+
     # check for possibility of brute-force attack
     my $fail_count;
-    # since barcode logins are for 'native' only, we will rely on the blocking
-    # code built-in to 'native' for those logins
     if ($args->{'username'}) {
         $fail_count = $cache->get_cache('oils_auth_' . $args->{'username'} . '_count') || 0;
         if ($fail_count >= $block_count) {
@@ -251,7 +263,7 @@ sub _do_login {
     my $real_password = $args->{'password'};
     # if we have already authenticated, look up the password needed to finish
     if ($authenticated) {
-        # barcode-based login is supported only for 'native' logins
+        # username is required
         return OpenILS::Event->new( 'LOGIN_FAILED' ) if !$args->{'username'};
         my $user = $U->cstorereq(
             "open-ils.cstore.direct.actor.user.search.atomic",
-- 
2.43.2