1 use strict; use warnings;
2 package OpenILS::Application::Auth;
3 use OpenSRF::Application;
4 use base qw/OpenSRF::Application/;
5 use OpenSRF::Utils::Cache;
6 use Digest::MD5 qw(md5_hex);
7 use OpenSRF::Utils::Logger qw(:level);
8 use OpenILS::Utils::Fieldmapper;
9 use OpenSRF::EX qw(:try);
15 # -------------------------------------------------------------
17 # -------------------------------------------------------------
18 # -------------------------------------------------------------
20 __PACKAGE__->register_method(
21 method => "init_authenticate",
22 api_name => "open-ils.auth.authenticate.init",
23 argc => 1, #(username)
25 Generates a random seed and returns it. The client
26 must then perform md5_hex( \$seed . \$password ) and use that
27 as the passwordhash to open-ils.auth.authenticate.complete
31 __PACKAGE__->register_method(
32 method => "complete_authenticate",
33 api_name => "open-ils.auth.authenticate.complete",
34 argc => 2, #( barcode, passwdhash )
36 Client provides the username and passwordhash (see
37 open-ils.auth.authenticate.init). If their password hash is
38 correct for the given username, a session id is returned,
39 if not, "0" is returned
43 __PACKAGE__->register_method(
44 method => "retrieve_session",
45 api_name => "open-ils.auth.session.retrieve",
46 argc => 1, #( sessionid )
48 Pass in a sessionid and this returns the username associated with it
52 __PACKAGE__->register_method(
53 method => "delete_session",
54 api_name => "open-ils.auth.session.delete",
55 argc => 1, #( sessionid )
57 Pass in a sessionid and this delete it from the cache
62 # -------------------------------------------------------------
64 # -------------------------------------------------------------
65 # -------------------------------------------------------------
68 # -------------------------------------------------------------
69 # connect to the memcache server
70 # -------------------------------------------------------------
73 my $config_client = OpenSRF::Utils::SettingsClient->new();
74 my $memcache_servers =
75 $config_client->config_value( "apps","open-ils.auth", "app_settings","memcache" );
77 if( !$memcache_servers ) {
78 throw OpenSRF::EX::Config ("No Memcache servers specified for open-ils.auth!");
81 if(!ref($memcache_servers)) {
82 $memcache_servers = [$memcache_servers];
84 $cache_handle = OpenSRF::Utils::Cache->new( "open-ils.auth", 0, $memcache_servers );
89 # -------------------------------------------------------------
90 # We build a random hash and put the hash along with the
91 # username into memcache (so that any backend may fulfill the
93 # -------------------------------------------------------------
94 sub init_authenticate {
95 my( $self, $client, $username ) = @_;
96 my $seed = md5_hex( time() . $$ . rand() . $username );
97 $cache_handle->put_cache( "_open-ils_seed_$username", $seed, 300 );
101 # -------------------------------------------------------------
102 # The temporary hash is removed from memcache.
103 # We retrieve the password from storage and verify
104 # their password hash against our re-hashed version of the
105 # password. If all goes well, we return the session id.
106 # Otherwise, we return "0"
107 # -------------------------------------------------------------
108 sub complete_authenticate {
109 my( $self, $client, $username, $passwdhash ) = @_;
111 my $name = "open-ils.storage.actor.user.search.usrname";
114 warn "Completing Authentication\n";
115 my $session = OpenSRF::AppSession->create("open-ils.storage");
116 warn "session built\n";
117 my $request = $session->request( $name, $username );
118 warn "made request\n";
119 my $response = $request->recv();
121 warn "called receive\n";
122 warn Dumper $response;
124 if( $response and $response->isa("OpenSRF::EX") ) {
125 warn "Throwing " . $response->stringify . "\n";
126 throw $response ($response->stringify . "\n");
129 warn "getting user\n";
131 my $user_list = $response->content;
133 $session->disconnect();
136 unless(ref($user_list)) {
137 throw OpenSRF::EX::ERROR
138 ("No user info returned from storage for $username");
141 my $user = $user_list->[0];
146 if(!$user or !ref($user) ) {
147 throw OpenSRF::EX::ERROR ("No user for $username");
150 my $password = $user->passwd();
151 warn "Got password $password\n";
153 throw OpenSRF::EX::ERROR ("No password exists for $username", ERROR);
156 my $current_seed = $cache_handle->get_cache("_open-ils_seed_$username");
157 $cache_handle->delete_cache( "_open-ils_seed_$username" );
159 unless($current_seed) {
160 throw OpenSRF::EX::User
161 ("User must call open-ils.auth.init_authenticate first (or respond faster)");
164 my $hash = md5_hex($current_seed . $password);
166 if( $hash eq $passwdhash ) {
168 my $session_id = md5_hex( time() . $$ . rand() );
169 $cache_handle->put_cache( $session_id, $user, 28800 );
178 sub retrieve_session {
179 my( $self, $client, $sessionid ) = @_;
180 return $cache_handle->get_cache($sessionid);
184 my( $self, $client, $sessionid ) = @_;
185 return $cache_handle->delete_cache($sessionid);