1 use strict; use warnings;
2 package OpenILS::Application::Auth;
3 use OpenSRF::Application;
4 use base qw/OpenSRF::Application/;
5 use OpenSRF::Utils::Cache;
6 use Digest::MD5 qw(md5_hex);
13 # -------------------------------------------------------------
15 # -------------------------------------------------------------
16 # -------------------------------------------------------------
18 __PACKAGE__->register_method(
19 method => "init_authenticate",
20 api_name => "open-ils.auth.authenticate.init",
21 argc => 1, #(username)
23 Generates a random seed and returns it. The client
24 must then perform md5_hex( \$seed . \$password ) and use that
25 as the passwordhash to open-ils.auth.authenticate.complete
30 __PACKAGE__->register_method(
31 method => "complete_authenticate",
32 api_name => "open-ils.auth.authenticate.complete",
33 argc => 2, #( barcode, passwdhash )
35 Client provides the username and passwordhash (see
36 open-ils.auth.authenticate.init). If their password hash is
37 correct for the given username, a session id is returned,
38 if not, "0" is returned
43 # -------------------------------------------------------------
45 # -------------------------------------------------------------
46 # -------------------------------------------------------------
49 # -------------------------------------------------------------
50 # connect to the memcache server
51 # -------------------------------------------------------------
54 my $config_client = OpenSRF::Utils::SettingsClient->new();
55 my $memcache_servers =
56 $config_client->config_value( "apps","open-ils.auth", "app_settings","memcache" );
58 if( !$memcache_servers ) {
59 throw OpenSRF::EX::Config ("No Memcache servers specified for open-ils.auth!");
62 if(!ref($memcache_servers)) {
63 $memcache_servers = [$memcache_servers];
65 $cache_handle = OpenSRF::Utils::Cache->new( "open-ils.auth", $memcache_servers );
70 # -------------------------------------------------------------
71 # We build a random hash and put the hash along with the
72 # username into memcache (so that any backend may fulfill the
74 # -------------------------------------------------------------
75 sub init_authenticate {
76 my( $self, $client, $username ) = @_;
77 my $seed = md5_hex( time() . $$ . rand() . $username );
78 $cache_handle->set( "_open-ils_seed_$username", $seed, 30 );
82 # -------------------------------------------------------------
83 # The temporary hash is removed from memcache.
84 # If this user has already been authenticated (there is a
85 # session id in memcache), then their session id is returned.
86 # otherwise we retrieve the password from storage and verify
87 # their password hash against our re-hashed version of the
89 # -------------------------------------------------------------
90 sub complete_authenticate {
91 my( $self, $client, $username, $passwdhash ) = @_;
92 my $password = "12345"; #XXX retrieve password from db
93 my $ses = $cache_handle->get($username);
95 return $ses if (defined($ses) and $ses);
97 my $current_seed = $cache_handle->get("_open-ils_seed_$username");
99 unless($current_seed) {
100 throw OpenILS::EX::User
101 ("User must call open-ils.auth.init_authenticate first (or respond faster)");
104 my $hash = md5_hex($current_seed . $password);
105 $cache_handle->delete( "_open-ils_seed_$username" );
107 if( $hash eq $passwdhash ) {
108 my $session_id = md5_hex( time() . $$ . rand() );
109 $cache_handle->set( $username, $session_id, 28800 );
110 $cache_handle->set( $session_id, $username, 28800 );