Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm

   1 package OpenILS::WWW::Proxy;
   2 use strict; use warnings;
   3
   4 use Apache2::Log;
   5 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
   6 use APR::Const    -compile => qw(:error SUCCESS);
   7 use CGI;
   8 use Data::Dumper;
   9 use Digest::MD5 qw/md5_hex/;
  10
  11 use OpenSRF::EX qw(:try);
  12 use OpenSRF::System;
  13
  14
  15 # set the bootstrap config and template include directory when
  16 # this module is loaded
  17 my $bootstrap;
  18
  19 sub import {
  20         my $self = shift;
  21         $bootstrap = shift;
  22 }
  23
  24
  25 sub child_init {
  26         OpenSRF::System->bootstrap_client( config_file => $bootstrap );
  27 }
  28
  29 sub handler {
  30         my $apache = shift;
  31
  32         my $proxyhtml = $apache->dir_config('OILSProxyHTML');
  33         my $title = $apache->dir_config('OILSProxyTitle');
  34         my $desc = $apache->dir_config('OILSProxyDescription');
  35         my $ltype = $apache->dir_config('OILSProxyLoginType');
  36         my $perms = [ split ' ', $apache->dir_config('OILSProxyPermissions') ];
  37
  38         return Apache2::Const::NOT_FOUND unless ($title || $proxyhtml);
  39         return Apache2::Const::NOT_FOUND unless (@$perms);
  40
  41         my $cgi = new CGI;
  42         my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses');
  43         my $ws_ou = $cgi->cookie('ws_ou') || $cgi->param('ws_ou');
  44
  45         my $url = $cgi->url;
  46
  47         # push everyone to the secure site
  48         if ($url =~ /^http:/o) {
  49                 $url =~ s/^http:/https:/o;
  50                 print "Location: $url\n\n";
  51                 return Apache2::Const::OK;
  52         }
  53
  54         if (!$auth_ses) {
  55                 my $u = $cgi->param('user');
  56                 my $p = $cgi->param('passwd');
  57
  58                 if (!$u) {
  59
  60                         print $cgi->header(-type=>'text/html', -expires=>'-1d');
  61                         if (!$proxyhtml) {
  62                                 $proxyhtml = join '', <DATA>;
  63                                 $proxyhtml =~ s/TITLE/$title/gso;
  64                                 $proxyhtml =~ s/DESCRIPTION/$desc/gso;
  65                         } else {
  66                                 # XXX template toolkit??
  67                         }
  68
  69                         print $proxyhtml;
  70                         return Apache2::Const::OK;
  71                 }
  72
  73                 $auth_ses = oils_login($u, $p, $ltype);
  74                 if ($auth_ses) {
  75                         print $cgi->redirect(
  76                                 -uri=>$url,
  77                                 -cookie=>$cgi->cookie(
  78                                         -name=>'ses',
  79                                         -value=>$auth_ses,
  80                                         -path=>'/',-expires=>'+1h'
  81                                 )
  82                         );
  83                         return Apache2::Const::REDIRECT;
  84                 }
  85         }
  86
  87         my $user = verify_login($auth_ses);
  88         return Apache2::Const::FORBIDDEN unless ($user);
  89
  90         $ws_ou ||= $user->home_ou;
  91
  92         warn "Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location $ws_ou\n";
  93
  94         my $failures = OpenSRF::AppSession
  95                 ->create('open-ils.actor')
  96                 ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
  97                 ->gather(1);
  98
  99         return Apache2::Const::FORBIDDEN if (@$failures > 0);
 100
 101         # they're good, let 'em through
 102         return Apache2::Const::DECLINED;
 103 }
 104
 105 # returns the user object if the session is valid, 0 otherwise
 106 sub verify_login {
 107         my $auth_token = shift;
 108         return undef unless $auth_token;
 109
 110         my $user = OpenSRF::AppSession
 111                 ->create("open-ils.auth")
 112                 ->request( "open-ils.auth.session.retrieve", $auth_token )
 113                 ->gather(1);
 114
 115         if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
 116                 return undef;
 117         }
 118
 119         return $user if ref($user);
 120         return undef;
 121 }
 122
 123 sub oils_login {
 124         my( $username, $password, $type ) = @_;
 125
 126         $type |= "staff";
 127         my $nametype = 'username';
 128         $nametype = 'barcode' if ($username =~ /^\d+$/o);
 129
 130         my $seed = OpenSRF::AppSession
 131                 ->create("open-ils.auth")
 132                 ->request( 'open-ils.auth.authenticate.init', $username )
 133                 ->gather(1);
 134
 135         return undef unless $seed;
 136
 137         my $response = OpenSRF::AppSession
 138                 ->create("open-ils.auth")
 139                 ->request( 'open-ils.auth.authenticate.complete',
 140                         { $nametype => $username,
 141                           password => md5_hex($seed . md5_hex($password)),
 142                           type => $type })
 143                 ->gather(1);
 144
 145         return undef unless $response;
 146
 147         return $response->{payload}->{authtoken};
 148 }
 149
 150
 151
 152 1;
 153
 154 __DATA__
 155 <html>
 156         <head>
 157                 <title>TITLE</title>
 158         </head>
 159         <body>
 160                 <br/><br/><br/>
 161                 <center>
 162                 <form method='POST'>
 163                         <table style='border-collapse: collapse; border: 1px solid black;'>
 164                                 <tr>
 165                                         <th colspan='2' align='center'><u>DESCRIPTION</u></th>
 166                                 </tr>
 167                                 <tr>
 168                                         <th align="right">Username or barcode:</th>
 169                                         <td><input type="text" name="user"/></td>
 170                                 </tr>
 171                                 <tr>
 172                                         <th align="right">Password:</th>
 173                                         <td><input type="password" name="passwd"/></td>
 174                                 </tr>
 175                         </table>
 176                         <input type="submit" value="Log in"/>
 177                 </form>
 178                 </center>
 179         </body>
 180 </html>
 181