1 use strict; use warnings;
2 package OpenILS::Application::Auth;
3 use OpenSRF::Application;
4 use base qw/OpenSRF::Application/;
5 use OpenSRF::Utils::Cache;
6 use Digest::MD5 qw(md5_hex);
7 use OpenSRF::Utils::Logger qw(:level);
8 use OpenILS::Utils::Fieldmapper;
9 use OpenSRF::EX qw(:try);
10 use OpenILS::Application::AppUtils;
16 # -------------------------------------------------------------
18 # -------------------------------------------------------------
19 # -------------------------------------------------------------
21 __PACKAGE__->register_method(
22 method => "init_authenticate",
23 api_name => "open-ils.auth.authenticate.init",
24 argc => 1, #(username)
26 Generates a random seed and returns it. The client
27 must then perform md5_hex( \$seed . \$password ) and use that
28 as the passwordhash to open-ils.auth.authenticate.complete
32 __PACKAGE__->register_method(
33 method => "complete_authenticate",
34 api_name => "open-ils.auth.authenticate.complete",
35 argc => 2, #( barcode, passwdhash )
37 Client provides the username and passwordhash (see
38 open-ils.auth.authenticate.init). If their password hash is
39 correct for the given username, a session id is returned,
40 if not, "0" is returned
44 __PACKAGE__->register_method(
45 method => "retrieve_session",
46 api_name => "open-ils.auth.session.retrieve",
47 argc => 1, #( sessionid )
49 Pass in a sessionid and this returns the username associated with it
53 __PACKAGE__->register_method(
54 method => "delete_session",
55 api_name => "open-ils.auth.session.delete",
56 argc => 1, #( sessionid )
58 Pass in a sessionid and this delete it from the cache
63 # -------------------------------------------------------------
65 # -------------------------------------------------------------
66 # -------------------------------------------------------------
69 # -------------------------------------------------------------
70 # connect to the memcache server
71 # -------------------------------------------------------------
73 $cache_handle = OpenSRF::Utils::Cache->new('global');
77 # -------------------------------------------------------------
78 # We build a random hash and put the hash along with the
79 # username into memcache (so that any backend may fulfill the
81 # -------------------------------------------------------------
82 sub init_authenticate {
83 my( $self, $client, $username ) = @_;
84 my $seed = md5_hex( time() . $$ . rand() . $username );
85 $cache_handle->put_cache( "_open-ils_seed_$username", $seed, 30 );
86 warn "init happened with seed $seed\n";
90 # -------------------------------------------------------------
91 # The temporary hash is removed from memcache.
92 # We retrieve the password from storage and verify
93 # their password hash against our re-hashed version of the
94 # password. If all goes well, we return the session id.
95 # Otherwise, we return "0"
96 # -------------------------------------------------------------
97 sub complete_authenticate {
98 my( $self, $client, $username, $passwdhash ) = @_;
100 my $name = "open-ils.storage.direct.actor.user.search.usrname";
102 my $user_list = OpenILS::Application::AppUtils->simple_scalar_request(
103 "open-ils.storage", $name, $username );
105 unless(ref($user_list)) {
106 throw OpenSRF::EX::ERROR
107 ("No user info returned from storage for $username");
110 my $user = $user_list->[0];
113 if(!$user or !ref($user) ) {
114 throw OpenSRF::EX::ERROR ("No user for $username");
117 my $password = $user->passwd();
120 throw OpenSRF::EX::ERROR ("No password exists for $username", ERROR);
123 my $current_seed = $cache_handle->get_cache("_open-ils_seed_$username");
124 $cache_handle->delete_cache( "_open-ils_seed_$username" );
126 unless($current_seed) {
127 throw OpenSRF::EX::User
128 ("User must call open-ils.auth.init_authenticate first (or respond faster)");
131 my $hash = md5_hex($current_seed . $password);
133 if( $hash eq $passwdhash ) {
135 my $session_id = md5_hex( time() . $$ . rand() );
136 $cache_handle->put_cache( $session_id, $user, 3600 );
145 sub retrieve_session {
146 my( $self, $client, $sessionid ) = @_;
147 my $user = $cache_handle->get_cache($sessionid);
149 warn "No User returned from retrieve_session $sessionid\n";
151 if($user) {$user->clear_password();}
158 my( $self, $client, $sessionid ) = @_;
159 return $cache_handle->delete_cache($sessionid);