LP1626139 Remove References to OSRFGatewayLegacyJSON With the deprecation of OSRFGatewayLegacyJSON in OpenSRF, update the Evergreen example Apache confugration to suit. Includes upgrade notes about removal. Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
LP2008252: Fix report output access when Shibboleth is enabled When mod_shib is enabled use the ShibCompatValidUser option to ensure report outputs load correctly. Additionally, since it's SSO related, mention the sso_loc variable in a comment for the apache config. Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org> Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
LP#1729620: (follow-up) move OpenILS::WWW::OAI Move the module to Open::WWW::SuperCat::OAI, matching other record export and feed modules. Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
LP#1729620 New optional feature: an OAI2 provider service. This module is an opensrf service that exposes bibliographic and authority records through the OAI2 protocol. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. Signed-off-by: Lucien van Wouw, IISG, Amsterdam. Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
lp1787968 jacket_upload: server-side Signed-off-by: Jason Etheridge <jason@EquinoxOLI.org> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
LP#1892435 Splash page catalog searches don't work with spaces On older versions of Apache's mod_rewrite, splash page catalog searches are escaped in JavaScript and escaped again during the redirect to the Angular locale path, so searches with special characters result in a search that's still encoded. Test on Ubuntu 16.04.7, Apache 2.4.18, EG 3.6+. A splash page catalog search for Harry Potter results in a search for Harry%20Potter. Add the NE (noescape) flag to the Angular locale path redirect in /etc/apache2/eg_vhost.conf as indicated in this example file. A splash page search for Harry Potter then works as expected. Signed-off-by: Dan Briem <dbriem@wlsmail.org> Signed-off-by: Jason Boyer <JBoyer@EquinoxInitiative.org>
lp1863252 toward geosort * fix swap of lat/lon that broke Math::Trig-based distance calculations TODO: might want to drop that entirely in favor of delegating to a DB call that uses earthdistance * first pass at implementing display of distance in the OPAC * include "Distance" label on mobile view of copy table * display warning if address input is not translated to coordinates * add distance column to TPAC copy table * add default item sort button to both TPAC and Bootstrap * changes to open-ils.geo registration - don't register with the public router - add to param redaction list * add temporary caching of address => coordinates results By default, coordinates are cached in memcached for 5 minutes. The cache key is derived from a SHA-2 hash of the input address. * implement query parameter log redaction as a PerLogHandler * Don't need perl-script for a PerlLogHandler Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org>
LP#1918511: make the Bootstrap skin the default for the public catalog To test ------- [1] Perform a fresh installation of Evergreen, or at least put in the updated eg_vhost.conf. [2] Verify that the public catalog is using the Bootstrap skin. Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Mike Rylander <mrylander@gmail.com>
LP#1871211: Shibboleth integration support This commit adds Shibboleth integration to Evergreen for use in the OPAC. Using Shibboleth, libraries can authenticate patrons against a wide variety of 3rd party services, using many different protocols and standards. Several settings control if, when and how to make use of the Shibboleth integration: * Enable Shibboleth SSO for the OPAC - The main on/off switch. * Allow both Shibboleth and native OPAC authentication - By default only one or the other will be allowed. This enables both native and Shibboleth login. * Log out of the Shibboleth IdP - If supported by the IdP configured for use on the other side of Shibboleth, this tells Evergreen to tell Shibboleth to log out of the IdP on Evergreen logout. * Shibboleth SSO Entity ID - If multiple IdPs are configured for Shibboleth, and available to a particular hostname, this setting defines the one to use for a given context org unit. * Evergreen SSO matchpoint - The Evergreen-side user field to use when looking up the patron after successful SSO login. * Shibboleth SSO matchpoint - The Shibboleth-side field, defined in the attribute map, that contains the IdP user identifier value used to look up the Evergreen patron. Two apache sesttings control how Evergreen interacts with Shibboeth: * SetEnv sso_loc XXX, which acts in a way analogous to the physical_loc environment variable to define the context OU for SSO settings. * ShibRequestSetting applicationId XXX, which helps Shibboleth identify the correct set of entity ID and attribute mapping configuration. Additional Shibboleth-focused documentation and examples will be provided for system administrators. Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Christine Burns <christine.burns@bc.libraries.coop> Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
LP#1887196: RemoteAuth PatronAPI authentication Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP#1778972: make it possible to translate the Bootstrap OPAC This patch adds src/templates-bootstrap/opac to the i18n system, checks in an initial POT file for the Bootstrap OPAC, and provides an example of how to enable locales in the Apache configuration. Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu>
LP#1778972: (follow-up) use OILSWebTemplatePath to enable/disable the bootstrap OPAC This commit also renames the directory that contains the bootstrap-based OPAC. With the OILSWebTemplatePath, several redundant files also can be safely removed. Adds a release notes entry describing how to enable this OPAC in eg_vhosts.conf. Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu> Signed-off-by: Ruth Frasur <rfrasur@library.in.gov> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP1850992: More documentation for the EZProxy remoteauth feature Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
RemoteAuth EZProxy CGI authentication This commit adds a RemoteAuth handler (and associated templates, configuration, and sample data) for EZProxy CGI user authentication: https://help.oclc.org/Library_Management/EZproxy/Authenticate_users/EZproxy_authentication_methods/CGI_authentication The user is presented with a login form. If their account is authorized, they will be redirected to EZProxy with a valid authentication ticket, allowing them to access online resources. If they are not authorized, an error message is displayed indicating why the auth attempt failed. The login form and error messages use Template Toolkit (TT2) templates and can be customized. Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP#1883267: Never cache Angular index.html If we cache index.html then clients will be delayed seeing updates in normal circumstances. Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Bill Erickson <berickxx@gmail.com>
LP#1844720: avoid hard-coded paths in Apache config Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP#1817645: RemoteAuth handler for basic HTTP authentication (RFC 7617) Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP1825851 Server managed/processed print templates Adds a new database table config.print_template (and IDL class) for storing configurable, org- and locale-specific print templates. Adds a web service which accepts POSTed print data and generates a print-ready document. Includes example Apache configs. Teaches the Angular app to use the new web service for generting print output. Adds and Angular print template administration interface. Adds HTML::Defang for scrubbing unwanted HTML elements and attributes from print documents for security. Add the new ADMIN_PRINT_TEMPLATE permission to the Circ Admin group at System level as a default. Adds 2 templates, a simple patron_address tepmlate (pending Angular port of patron UIs) and a 'Holds for Bib Record' template, accessible from the Angular staff catalog Holds interface. Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kyle Huckins <khuckins@catalyte.io> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
LP#1834208: Use X-Forwarded-For in example Apache configuration Change X-Real-IP to X-Fowarded-For in Open-ILS/examples/apache_24/ eg_vhost.conf.in to match changes in the OpenSRF example proxy configurations for nginx and haproxy. Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Ben Shum <ben@evergreener.net>
LP#1801759: add mod_remoteip configuration to example Apache config Text taken from an OpenSRF patch added by Bill Erickson per bug 1684970. This patch adds an Apache configuration stanza that uses mod_remoteip to pass the user agent's IP address to the HTTP translator. It is meant for when Apache is being run behind a proxy such as NGINX. To test ------- [1] Set up Evergreen with Apache and the WebSockets server running behind a proxy such as NGINX. [2] Enable mod_remoteip (e.g., sudo a2enmod remoteip). [3] Apply the Apache configuration change in this patch, uncommenting out the directives and (if necessary) updating the internal IP address of the proxy. [4] Reload Apache. [5] Perform an action that uses the HTTP translator, e.g., adding a vendor record using the Dojo interface. [6] Verify that the client IP logged is that of the user agent, not the proxy. Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Bill Erickson <berickxx@gmail.com>