Open-ILS/src/c-apps/oils_auth.c

   1 #include "opensrf/osrf_app_session.h"
   2 #include "opensrf/osrf_application.h"
   3 #include "objson/object.h"
   4 #include "opensrf/log.h"
   5 #include "oils_utils.h"
   6
   7 #define OILS_AUTH_CACHE_PRFX "oils_auth_"
   8
   9
  10 #define MODULENAME "open-ils.auth"
  11
  12 int osrfAppInitialize();
  13 int osrfAppChildInit();
  14 int osrfMathRun( osrfMethodContext* );
  15
  16
  17 int osrfAppInitialize() {
  18
  19         osrfAppRegisterMethod(
  20                 MODULENAME,
  21                 "open-ils.auth.authenticate.init",
  22                 "oilsAuthInit",
  23                 "Start the authentication process and returns the intermediate authentication seed"
  24                 " PARAMS( username )", 1, 0 );
  25
  26         osrfAppRegisterMethod(
  27                 MODULENAME,
  28                 "open-ils.auth.authenticate.complete",
  29                 "oilsAuthComplete",
  30                 "Completes the authentication process and returns the auth token "
  31                 "PARAMS(username, md5sum( seed + password ) )", 2, 0 );
  32
  33         osrfAppRegisterMethod(
  34                 MODULENAME,
  35                 "open-ils.auth.session.retrieve",
  36                 "oilsAuthSessionRetrieve",
  37                 "Returns the user object (password blanked) for the given login session "
  38                 "PARAMS( authToken )", 1, 0 );
  39
  40         osrfAppRegisterMethod(
  41                 MODULENAME,
  42                 "open-ils.auth.session.delete",
  43                 "oilsAuthSessionDelete",
  44                 "Destroys the given login session "
  45                 "PARAMS( authToken )",  1, 0 );
  46
  47         return 0;
  48 }
  49
  50 int osrfAppChildInit() {
  51         return 0;
  52 }
  53
  54 int oilsAuthInit( osrfMethodContext* ctx ) {
  55         OSRF_METHOD_VERIFY_CONTEXT(ctx);
  56
  57         jsonObject* resp;
  58         char* username = NULL;
  59         char* seed = NULL;
  60         char* md5seed = NULL;
  61         char* key = NULL;
  62
  63         if( (username = jsonObjectGetString(jsonObjectGetIndex(ctx->params, 0))) ) {
  64
  65                 seed = va_list_to_string( "%d.%d.%s", time(NULL), getpid(), username );
  66                 key = va_list_to_string( "%s%s", OILS_AUTH_CACHE_PRFX, username );
  67
  68                 md5seed = md5sum(seed);
  69                 osrfCachePutString( key, md5seed, 30 );
  70
  71                 osrfLogDebug( "oilsAuthInit(): has seed %s and key %s", md5seed, key );
  72
  73                 resp = jsonNewObject(md5seed);
  74                 osrfAppRespondComplete( ctx, resp );
  75
  76                 jsonObjectFree(resp);
  77                 free(seed);
  78                 free(md5seed);
  79                 free(key);
  80                 return 0;
  81         }
  82
  83         return -1;
  84 }
  85
  86
  87 int oilsAuthComplete( osrfMethodContext* ctx ) {
  88         OSRF_METHOD_VERIFY_CONTEXT(ctx);
  89
  90         char* uname = jsonObjectGetString(jsonObjectGetIndex(ctx->params, 0));
  91         char* password = jsonObjectGetString(jsonObjectGetIndex(ctx->params, 1));
  92         char* storageMethod = "open-ils.storage.direct.actor.user.search.usrname.atomic";
  93         osrfMessage* omsg = NULL;
  94
  95         if( uname && password ) {
  96
  97                 /* grab the user object from storage */
  98                 osrfLogDebug( "oilsAuth calling method %s with username %s", storageMethod, uname );
  99
 100                 osrfAppSession* session = osrfAppSessionClientInit( "open-ils.storage" ); /**/
 101                 //jsonObject* params = jsonNewObject(uname); /**/
 102                 jsonObject* params = jsonParseString("[\"%s\"]", uname);
 103                 int reqid = osrfAppSessionMakeRequest( session, params, storageMethod, 1, NULL );
 104                 jsonObjectFree(params);
 105                 osrfLogInternal("oilsAuth waiting from response from storage...");
 106                 omsg = osrfAppSessionRequestRecv( session, reqid, 60 ); /**/
 107                 osrfLogInternal("oilsAuth storage request returned");
 108
 109                 if(!omsg) {
 110                         osrfAppSessionFree(session);
 111                         return osrfAppRequestRespondException( ctx->session, ctx->request,
 112                                 "No response from storage server for method %s", storageMethod );
 113                 }
 114
 115                 jsonObject* userObj = osrfMessageGetResult(omsg);
 116
 117                 char* _j = jsonObjectToJSON(userObj);
 118                 osrfLogDebug( "Auth received user object from storage: %s", _j );
 119                 free(_j);
 120
 121                 /* the method is atomic, grab the first user we receive */
 122                 if( userObj ) userObj = jsonObjectGetIndex(userObj, 0);
 123
 124                 if(!userObj) { /* XXX needs to be a 'friendly' exception */
 125                         osrfMessageFree(omsg);
 126                         osrfAppSessionFree(session);
 127                         return osrfAppRequestRespondException( ctx->session,
 128                                         ctx->request, "User %s not found in the database", uname );
 129                 }
 130
 131                 char* realPassword = oilsFMGetString( userObj, "passwd" ); /**/
 132                 char* seed = osrfCacheGetString( "%s%s", OILS_AUTH_CACHE_PRFX, uname ); /**/
 133
 134                 if(!seed) {
 135                         osrfMessageFree(omsg);
 136                         osrfAppSessionFree(session);
 137                         return osrfAppRequestRespondException( ctx->session,
 138                                 ctx->request, "No authentication seed found. "
 139                                 "open-ils.auth.authenticate.init must be called first");
 140                 }
 141
 142                 osrfLogDebug( "oilsAuth retrieved seed from cache: %s", seed );
 143                 char* maskedPw = md5sum( "%s%s", seed, realPassword );
 144                 if(!maskedPw) return -1;
 145                 osrfLogDebug( "oilsAuth generated masked password %s. "
 146                                 "Testing against provided password %s", maskedPw, password );
 147
 148                 jsonObject* response;
 149
 150                 if( !strcmp( maskedPw, password ) ) {
 151
 152                         osrfLogInfo( "Login successful for %s", uname );
 153                         char* string = va_list_to_string( "%d.%d.%s", getpid(), time(NULL), uname ); /**/
 154                         char* authToken = md5sum(string); /**/
 155                         char* authKey = va_list_to_string( "%s%s", OILS_AUTH_CACHE_PRFX, authToken ); /**/
 156
 157                         osrfLogInternal("oilsAuthComplete(): Setting fieldmapper string on the user object");
 158                         oilsFMSetString( userObj, "passwd", "" );
 159                         osrfCachePutObject( authKey, userObj, 28800 ); /* XXX config value */
 160                         osrfLogInternal("oilsAuthComplete(): Placed user object into cache");
 161                         response = jsonNewObject( authToken );
 162                         free(string); free(authToken); free(authKey);
 163
 164                 } else {
 165
 166                         osrfLogInfo( "Login failed for for %s", uname );
 167                         response = jsonNewNumberObject(0);
 168                 }
 169
 170                 osrfLogInternal("oilsAuthComplete responding to client");
 171                 osrfAppRespondComplete( ctx, response );
 172                 jsonObjectFree(response);
 173                 osrfMessageFree(omsg);
 174                 osrfAppSessionFree(session);
 175
 176         } else {
 177                 return osrfAppRequestRespondException( ctx->session, ctx->request,
 178                         "username and password required for method: %s", ctx->method->name );
 179         }
 180
 181         return 0;
 182
 183 }
 184
 185 int oilsAuthSessionRetrieve( osrfMethodContext* ctx ) {
 186         OSRF_METHOD_VERIFY_CONTEXT(ctx);
 187
 188         char* authToken = jsonObjectGetString( jsonObjectGetIndex(ctx->params, 0));
 189         jsonObject* userObj = NULL;
 190
 191         if( authToken ){
 192                 char* key = va_list_to_string("%s%s", OILS_AUTH_CACHE_PRFX, authToken ); /**/
 193                 userObj = osrfCacheGetObject( key ); /**/
 194                 free(key);
 195         }
 196
 197         osrfAppRespondComplete( ctx, userObj );
 198         jsonObjectFree(userObj);
 199         return 0;
 200 }
 201
 202 int oilsAuthSessionDelete( osrfMethodContext* ctx ) {
 203         OSRF_METHOD_VERIFY_CONTEXT(ctx);
 204
 205         char* authToken = jsonObjectGetString( jsonObjectGetIndex(ctx->params, 0) );
 206         jsonObject* resp = NULL;
 207
 208         if( authToken ) {
 209                 char* key = va_list_to_string("%s%s", OILS_AUTH_CACHE_PRFX, authToken ); /**/
 210                 osrfCacheRemove(key);
 211                 resp = jsonNewObject(authToken); /**/
 212                 free(key);
 213         }
 214
 215         osrfAppRespondComplete( ctx, resp );
 216         jsonObjectFree(resp);
 217         return 0;
 218 }
 219
 220
 221