31d7740fb394528665762e25fd48ca631ef6a823
[Evergreen.git] / Open-ILS / src / perlmods / OpenILS / WWW / Proxy.pm
1 package OpenILS::WWW::Proxy;
2 use strict; use warnings;
3
4 use Apache2 ();
5 use Apache2::Log;
6 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
7 use APR::Const    -compile => qw(:error SUCCESS);
8 use CGI;
9 use Data::Dumper;
10 use Digest::MD5 qw/md5_hex/;
11
12 use OpenSRF::EX qw(:try);
13 use OpenSRF::System;
14
15
16 # set the bootstrap config and template include directory when 
17 # this module is loaded
18 my $bootstrap;
19
20 sub import {
21         my $self = shift;
22         $bootstrap = shift;
23 }
24
25
26 sub child_init {
27         OpenSRF::System->bootstrap_client( config_file => $bootstrap );
28 }
29
30 sub handler {
31         my $apache = shift;
32         my $title = $apache->dir_config('ProxyTitle');
33         my $desc = $apache->dir_config('ProxyDescription');
34         my $perms = [ split ' ', $apache->dir_config('ProxyPermissions') ];
35
36         return Apache2::Const::NOT_FOUND unless ($title);
37         return Apache2::Const::NOT_FOUND unless (@$perms);
38
39         my $cgi = new CGI;
40         my $auth_ses = $cgi->cookie('ses');
41         my $ws_ou = $cgi->cookie('ws_ou');
42
43         my $url = $cgi->url;
44
45         # push everyone to the secure site
46         if ($url =~ /^http:/o) {
47                 $url =~ s/^http:/https:/o;
48                 print "Location: $url\n\n";
49                 return Apache2::Const::OK;
50         }
51
52         if (!$auth_ses) {
53                 my $u = $cgi->param('user');
54                 my $p = $cgi->param('passwd');
55
56                 if (!$u) {
57
58                         print $cgi->header(-type=>'text/html', -expires=>'-1d');
59                         print <<"                       HTML";
60
61 <html>
62         <head>
63                 <title>$title</title>
64         </head>
65         <body>
66                 <br/><br/><br/>
67                 <center>
68                 <form method='POST'>
69                         <table style='border-collapse: collapse; border: 1px solid black;'>
70                                 <tr>
71                                         <th colspan='2' align='center'><u>$desc</u></th>
72                                 </tr>
73                                 <tr>
74                                         <th align="right">Username or barcode:</th>
75                                         <td><input type="text" name="user"/></td>
76                                 </tr>
77                                 <tr>
78                                         <th align="right">Password:</th>
79                                         <td><input type="password" name="passwd"/></td>
80                                 </tr>
81                         </table>
82                         <input type="submit" value="Log in"/>
83                 </form>
84                 </center>
85         </body>
86 </html>
87
88                         HTML
89                         return Apache2::Const::OK;
90                 }
91
92                 $auth_ses = oils_login($u, $p);
93                 if ($auth_ses) {
94                         print $cgi->redirect(
95                                 -uri=>$url,
96                                 -cookie=>$cgi->cookie(
97                                         -name=>'ses',
98                                         -value=>$auth_ses,
99                                         -path=>'/',-expires=>'+1h'
100                                 )
101                         );
102                         return Apache2::Const::REDIRECT;
103                 }
104         }
105
106         my $user = verify_login($auth_ses);
107         return Apache2::Const::FORBIDDEN unless ($user);
108
109         $ws_ou ||= $user->home_ou;
110
111         warn "Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location $ws_ou\n";
112
113         my $failures = OpenSRF::AppSession
114                 ->create('open-ils.actor')
115                 ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
116                 ->gather(1);
117
118         return Apache2::Const::FORBIDDEN if (@$failures > 0);
119
120         # they're good, let 'em through
121         return Apache2::Const::DECLINED if (-e $apache->filename);
122
123         # oops, file not found
124         return Apache2::Const::NOT_FOUND;
125 }
126
127 # returns the user object if the session is valid, 0 otherwise
128 sub verify_login {
129         my $auth_token = shift;
130         return undef unless $auth_token;
131
132         my $user = OpenSRF::AppSession
133                 ->create("open-ils.auth")
134                 ->request( "open-ils.auth.session.retrieve", $auth_token )
135                 ->gather(1);
136
137         if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
138                 return undef;
139         }
140
141         return $user if ref($user);
142         return undef;
143 }
144
145 sub oils_login {
146         my( $username, $password, $type ) = @_;
147
148         $type |= "staff";
149         my $nametype = 'username';
150         $nametype = 'barcode' if ($username =~ /^\d+$/o);
151
152         my $seed = OpenSRF::AppSession
153                 ->create("open-ils.auth")
154                 ->request( 'open-ils.auth.authenticate.init', $username )
155                 ->gather(1);
156
157         return undef unless $seed;
158
159         my $response = OpenSRF::AppSession
160                 ->create("open-ils.auth")
161                 ->request( 'open-ils.auth.authenticate.complete',
162                         { $nametype => $username,
163                           password => md5_hex($seed . md5_hex($password)),
164                           type => $type })
165                 ->gather(1);
166
167         return undef unless $response;
168
169         return $response->{payload}->{authtoken};
170 }
171
172
173
174 1;