1 use strict; use warnings;
2 package OpenILS::Application::Auth;
3 use OpenSRF::Application;
4 use base qw/OpenSRF::Application/;
5 use OpenSRF::Utils::Cache;
6 use Digest::MD5 qw(md5_hex);
13 # -------------------------------------------------------------
15 # -------------------------------------------------------------
16 # -------------------------------------------------------------
18 __PACKAGE__->register_method(
19 method => "init_authenticate",
20 api_name => "open-ils.auth.authenticate.init",
21 argc => 1, #(username)
23 Generates a random seed and returns it. The client
24 must then perform md5_hex( \$seed . \$password ) and use that
25 as the passwordhash to open-ils.auth.authenticate.complete
29 __PACKAGE__->register_method(
30 method => "complete_authenticate",
31 api_name => "open-ils.auth.authenticate.complete",
32 argc => 2, #( barcode, passwdhash )
34 Client provides the username and passwordhash (see
35 open-ils.auth.authenticate.init). If their password hash is
36 correct for the given username, a session id is returned,
37 if not, "0" is returned
41 # -------------------------------------------------------------
43 # -------------------------------------------------------------
44 # -------------------------------------------------------------
47 # -------------------------------------------------------------
48 # connect to the memcache server
49 # -------------------------------------------------------------
52 my $config_client = OpenSRF::Utils::SettingsClient->new();
53 my $memcache_servers =
54 $config_client->config_value( "apps","open-ils.auth", "app_settings","memcache" );
56 if( !$memcache_servers ) {
57 throw OpenSRF::EX::Config ("No Memcache servers specified for open-ils.auth!");
60 if(!ref($memcache_servers)) {
61 $memcache_servers = [$memcache_servers];
63 $cache_handle = OpenSRF::Utils::Cache->new( "open-ils.auth", $memcache_servers );
68 # -------------------------------------------------------------
69 # We build a random hash and put the hash along with the
70 # username into memcache (so that any backend may fulfill the
72 # -------------------------------------------------------------
73 sub init_authenticate {
74 my( $self, $client, $username ) = @_;
75 my $seed = md5_hex( time() . $$ . rand() . $username );
76 $cache_handle->set( "_open-ils_seed_$username", $seed, 30 );
80 # -------------------------------------------------------------
81 # The temporary hash is removed from memcache.
82 # If this user has already been authenticated (there is a
83 # session id in memcache), then their session id is returned.
84 # otherwise we retrieve the password from storage and verify
85 # their password hash against our re-hashed version of the
87 # -------------------------------------------------------------
88 sub complete_authenticate {
89 my( $self, $client, $username, $passwdhash ) = @_;
90 my $password = "12345"; #XXX retrieve password from db
91 my $ses = $cache_handle->get($username);
93 return $ses if (defined($ses) and $ses);
95 my $current_seed = $cache_handle->get("_open-ils_seed_$username");
97 unless($current_seed) {
98 throw OpenILS::EX::User
99 ("User must call open-ils.auth.init_authenticate first (or respond faster)");
102 my $hash = md5_hex($current_seed . $password);
103 $cache_handle->delete( "_open-ils_seed_$username" );
105 if( $hash eq $passwdhash ) {
106 my $session_id = md5_hex( time() . $$ . rand() );
107 $cache_handle->set( $username, $session_id, 28800 );
108 $cache_handle->set( $session_id, $username, 28800 );