1 package OpenILS::WWW::Proxy;
2 use strict; use warnings;
5 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
6 use APR::Const -compile => qw(:error SUCCESS);
9 use Digest::MD5 qw/md5_hex/;
11 use OpenSRF::EX qw(:try);
13 use OpenSRF::Utils::Logger qw/$logger/;
16 # set the bootstrap config and template include directory when
17 # this module is loaded
21 my $default_template = <<HTML;
30 <table style='border-collapse: collapse; border: 1px solid black;'>
32 <th colspan='2' align='center'><u>DESCRIPTION</u></th>
35 <th align="right">Username or barcode:</th>
36 <td><input type="text" name="user"/></td>
39 <th align="right">Password:</th>
40 <td><input type="password" name="passwd"/></td>
43 <input type="submit" value="Log in"/>
58 OpenSRF::System->bootstrap_client( config_file => $bootstrap );
59 return Apache2::Const::OK;
65 my $proxyhtml = $apache->dir_config('OILSProxyHTML');
66 my $title = $apache->dir_config('OILSProxyTitle');
67 my $desc = $apache->dir_config('OILSProxyDescription');
68 my $ltype = $apache->dir_config('OILSProxyLoginType');
69 my $perms = [ split ' ', $apache->dir_config('OILSProxyPermissions') ];
71 return Apache2::Const::NOT_FOUND unless ($title || $proxyhtml);
72 return Apache2::Const::NOT_FOUND unless (@$perms);
75 my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses') || $cgi->cookie('eg.auth.token');
76 if ($auth_ses =~ /^"(.+)"$/) {
79 my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->cookie('ws_ou') || $cgi->param('ws_ou');
83 # push everyone to the secure site
84 if (!$ssl_off && $url =~ /^http:/o) {
85 my $base = $cgi->url(-base=>1);
86 $base =~ s/^http:/https:/o;
87 print "Location: $base".$apache->unparsed_uri."\n\n";
88 return Apache2::Const::REDIRECT;
92 my $u = $cgi->param('user');
93 my $p = $cgi->param('passwd');
97 print $cgi->header(-type=>'text/html', -expires=>'-1d');
99 $proxyhtml = $default_template;
100 $proxyhtml =~ s/TITLE/$title/gso;
101 $proxyhtml =~ s/DESCRIPTION/$desc/gso;
103 # XXX template toolkit??
107 return Apache2::Const::OK;
110 $auth_ses = oils_login($u, $p, $ltype);
112 print $cgi->redirect(
113 -uri=> $apache->unparsed_uri,
114 -cookie=>$cgi->cookie(
121 return Apache2::Const::REDIRECT;
123 return back_to_login($apache, $cgi);
127 my $user = verify_login($auth_ses);
128 return back_to_login($apache, $cgi) unless $user;
130 $ws_ou ||= $user->home_ou;
132 $logger->debug("Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location $ws_ou\n");
134 my $failures = OpenSRF::AppSession
135 ->create('open-ils.actor')
136 ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
139 return back_to_login($apache, $cgi) if (@$failures > 0);
141 # they're good, let 'em through
142 return Apache2::Const::DECLINED;
148 print $cgi->redirect(
149 -uri=>$apache->unparsed_uri,
150 -cookie=>$cgi->cookie(
153 -path=>'/',-expires=>'-1h'
156 return Apache2::Const::REDIRECT;
159 # returns the user object if the session is valid, 0 otherwise
161 my $auth_token = shift;
162 return undef unless $auth_token;
164 my $user = OpenSRF::AppSession
165 ->create("open-ils.auth")
166 ->request( "open-ils.auth.session.retrieve", $auth_token )
169 if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
173 return $user if ref($user);
178 my( $username, $password, $type ) = @_;
181 my $nametype = 'username';
182 $nametype = 'barcode' if ($username =~ /^\d+$/o);
184 my $seed = OpenSRF::AppSession
185 ->create("open-ils.auth")
186 ->request( 'open-ils.auth.authenticate.init', $username )
189 return undef unless $seed;
191 my $response = OpenSRF::AppSession
192 ->create("open-ils.auth")
193 ->request( 'open-ils.auth.authenticate.complete',
194 { $nametype => $username, agent => 'authproxy',
195 password => md5_hex($seed . md5_hex($password)),
199 return undef unless $response;
201 return $response->{payload}->{authtoken};