Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm

   1 package OpenILS::WWW::Proxy;
   2 use strict; use warnings;
   3
   4 use Apache2 ();
   5 use Apache2::Log;
   6 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
   7 use APR::Const    -compile => qw(:error SUCCESS);
   8 use CGI;
   9 use Data::Dumper;
  10 use Digest::MD5 qw/md5_hex/;
  11
  12 use OpenSRF::EX qw(:try);
  13 use OpenSRF::System;
  14
  15
  16 # set the bootstrap config and template include directory when
  17 # this module is loaded
  18 my $bootstrap;
  19
  20 sub import {
  21         my $self = shift;
  22         $bootstrap = shift;
  23 }
  24
  25
  26 sub child_init {
  27         OpenSRF::System->bootstrap_client( config_file => $bootstrap );
  28 }
  29
  30 sub handler {
  31         my $apache = shift;
  32         my $title = $apache->dir_config('ProxyTitle');
  33         my $desc = $apache->dir_config('ProxyDescription');
  34         my $perms = [ split ' ', $apache->dir_config('ProxyPermissions') ];
  35
  36         return Apache2::Const::NOT_FOUND unless ($title);
  37         return Apache2::Const::NOT_FOUND unless (@$perms);
  38
  39         my $cgi = new CGI;
  40         my $auth_ses = $cgi->cookie('ses');
  41         my $ws_ou = $cgi->cookie('ws_ou');
  42
  43         my $url = $cgi->url;
  44
  45         # push everyone to the secure site
  46         if ($url =~ /^http:/o) {
  47                 $url =~ s/^http:/https:/o;
  48                 print "Location: $url\n\n";
  49                 return Apache2::Const::OK;
  50         }
  51
  52         if (!$auth_ses) {
  53                 my $u = $cgi->param('user');
  54                 my $p = $cgi->param('passwd');
  55
  56                 if (!$u) {
  57
  58                         print $cgi->header(-type=>'text/html', -expires=>'-1d');
  59                         print <<"                       HTML";
  60
  61 <html>
  62         <head>
  63                 <title>$title</title>
  64         </head>
  65         <body>
  66                 <br/><br/><br/>
  67                 <center>
  68                 <form method='POST'>
  69                         <table style='border-collapse: collapse; border: 1px solid black;'>
  70                                 <tr>
  71                                         <th colspan='2' align='center'><u>$desc</u></th>
  72                                 </tr>
  73                                 <tr>
  74                                         <th align="right">Username or barcode:</th>
  75                                         <td><input type="text" name="user"/></td>
  76                                 </tr>
  77                                 <tr>
  78                                         <th align="right">Password:</th>
  79                                         <td><input type="password" name="passwd"/></td>
  80                                 </tr>
  81                         </table>
  82                         <input type="submit" value="Log in"/>
  83                 </form>
  84                 </center>
  85         </body>
  86 </html>
  87
  88                         HTML
  89                         return Apache2::Const::OK;
  90                 }
  91
  92                 $auth_ses = oils_login($u, $p);
  93                 if ($auth_ses) {
  94                         print $cgi->redirect(
  95                                 -uri=>$url,
  96                                 -cookie=>$cgi->cookie(
  97                                         -name=>'ses',
  98                                         -value=>$auth_ses,
  99                                         -path=>'/',-expires=>'+1h'
 100                                 )
 101                         );
 102                         return Apache2::Const::REDIRECT;
 103                 }
 104         }
 105
 106         my $user = verify_login($auth_ses);
 107         return Apache2::Const::FORBIDDEN unless ($user);
 108
 109         $ws_ou ||= $user->home_ou;
 110
 111         warn "Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location $ws_ou\n";
 112
 113         my $failures = OpenSRF::AppSession
 114                 ->create('open-ils.actor')
 115                 ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
 116                 ->gather(1);
 117
 118         return Apache2::Const::FORBIDDEN if (@$failures > 0);
 119
 120         # they're good, let 'em through
 121         return Apache2::Const::DECLINED if (-e $apache->filename);
 122
 123         # oops, file not found
 124         return Apache2::Const::NOT_FOUND;
 125 }
 126
 127 # returns the user object if the session is valid, 0 otherwise
 128 sub verify_login {
 129         my $auth_token = shift;
 130         return undef unless $auth_token;
 131
 132         my $user = OpenSRF::AppSession
 133                 ->create("open-ils.auth")
 134                 ->request( "open-ils.auth.session.retrieve", $auth_token )
 135                 ->gather(1);
 136
 137         if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
 138                 return undef;
 139         }
 140
 141         return $user if ref($user);
 142         return undef;
 143 }
 144
 145 sub oils_login {
 146         my( $username, $password, $type ) = @_;
 147
 148         $type |= "staff";
 149         my $nametype = 'username';
 150         $nametype = 'barcode' if ($username =~ /^\d+$/o);
 151
 152         my $seed = OpenSRF::AppSession
 153                 ->create("open-ils.auth")
 154                 ->request( 'open-ils.auth.authenticate.init', $username )
 155                 ->gather(1);
 156
 157         return undef unless $seed;
 158
 159         my $response = OpenSRF::AppSession
 160                 ->create("open-ils.auth")
 161                 ->request( 'open-ils.auth.authenticate.complete',
 162                         { $nametype => $username,
 163                           password => md5_hex($seed . md5_hex($password)),
 164                           type => $type })
 165                 ->gather(1);
 166
 167         return undef unless $response;
 168
 169         return $response->{payload}->{authtoken};
 170 }
 171
 172
 173
 174 1;