1 use strict; use warnings;
2 package OpenILS::Application::Auth;
3 use OpenSRF::Application;
4 use base qw/OpenSRF::Application/;
5 use OpenSRF::Utils::Cache;
6 use Digest::MD5 qw(md5_hex);
7 use OpenSRF::Utils::Logger qw(:level);
14 # -------------------------------------------------------------
16 # -------------------------------------------------------------
17 # -------------------------------------------------------------
19 __PACKAGE__->register_method(
20 method => "init_authenticate",
21 api_name => "open-ils.auth.authenticate.init",
22 argc => 1, #(username)
24 Generates a random seed and returns it. The client
25 must then perform md5_hex( \$seed . \$password ) and use that
26 as the passwordhash to open-ils.auth.authenticate.complete
30 __PACKAGE__->register_method(
31 method => "complete_authenticate",
32 api_name => "open-ils.auth.authenticate.complete",
33 argc => 2, #( barcode, passwdhash )
35 Client provides the username and passwordhash (see
36 open-ils.auth.authenticate.init). If their password hash is
37 correct for the given username, a session id is returned,
38 if not, "0" is returned
42 __PACKAGE__->register_method(
43 method => "retrieve_session",
44 api_name => "open-ils.auth.session.retrieve",
45 argc => 1, #( sessionid )
47 Pass in a sessionid and this returns the username associated with it
51 __PACKAGE__->register_method(
52 method => "delete_session",
53 api_name => "open-ils.auth.session.delete",
54 argc => 1, #( sessionid )
56 Pass in a sessionid and this delete it from the cache
61 # -------------------------------------------------------------
63 # -------------------------------------------------------------
64 # -------------------------------------------------------------
67 # -------------------------------------------------------------
68 # connect to the memcache server
69 # -------------------------------------------------------------
72 my $config_client = OpenSRF::Utils::SettingsClient->new();
73 my $memcache_servers =
74 $config_client->config_value( "apps","open-ils.auth", "app_settings","memcache" );
76 if( !$memcache_servers ) {
77 throw OpenSRF::EX::Config ("No Memcache servers specified for open-ils.auth!");
80 if(!ref($memcache_servers)) {
81 $memcache_servers = [$memcache_servers];
83 $cache_handle = OpenSRF::Utils::Cache->new( "open-ils.auth", $memcache_servers );
88 # -------------------------------------------------------------
89 # We build a random hash and put the hash along with the
90 # username into memcache (so that any backend may fulfill the
92 # -------------------------------------------------------------
93 sub init_authenticate {
94 my( $self, $client, $username ) = @_;
95 my $seed = md5_hex( time() . $$ . rand() . $username );
96 $cache_handle->set( "_open-ils_seed_$username", $seed, 300 );
100 # -------------------------------------------------------------
101 # The temporary hash is removed from memcache.
102 # We retrieve the password from storage and verify
103 # their password hash against our re-hashed version of the
104 # password. If all goes well, we return the session id.
105 # Otherwise, we return "0"
106 # -------------------------------------------------------------
107 sub complete_authenticate {
108 my( $self, $client, $username, $passwdhash ) = @_;
110 my $name = "open-ils.storage.actor.user.retrieve.username";
111 my $method = $self->method_lookup( $name );
113 my $password = undef;
115 throw OpenSRF::EX::PANIC ("Could not lookup method $name");
118 my ($user) = $method->run($username);
120 throw OpenSRF::EX::ERROR ("No user for $username");
123 $password = $user->{passwd};
125 throw OpenSRF::EX::ERROR ("No password exists for $username", ERROR);
128 my $current_seed = $cache_handle->get("_open-ils_seed_$username");
130 unless($current_seed) {
131 throw OpenILS::EX::User
132 ("User must call open-ils.auth.init_authenticate first (or respond faster)");
135 my $hash = md5_hex($current_seed . $password);
136 $cache_handle->delete( "_open-ils_seed_$username" );
138 if( $hash eq $passwdhash ) {
140 my $session_id = md5_hex( time() . $$ . rand() );
141 $cache_handle->set( $session_id, $username, 28800 );
150 sub retrieve_session {
151 my( $self, $client, $sessionid ) = @_;
152 return $cache_handle->get($sessionid);
156 my( $self, $client, $sessionid ) = @_;
157 return $cache_handle->delete($sessionid);