Open-ILS/examples/remoteauth.cgi

   1 #!/usr/bin/perl
   2
   3 #    This CGI script might be useful for providing an easy way for EZproxy to authenticate
   4 #    users against an Evergreen instance.
   5 #
   6 #    For example, if you modify your eg.conf by adding this:
   7 #    Alias "/cgi-bin/ezproxy/" "/openils/var/cgi-bin/ezproxy/"
   8 #    <Directory "/openils/var/cgi-bin/ezproxy">
   9 #        AddHandler cgi-script .pl
  10 #        AllowOverride None
  11 #        Options +ExecCGI
  12 #        allow from all
  13 #    </Directory>
  14 #
  15 #    and make that directory and copy remoteauth.cgi to it:
  16 #    mkdir /openils/var/cgi-bin/ezproxy/
  17 #    cp remoteauth.cgi /openils/var/cgi-bin/ezproxy/
  18 #
  19 #    Then you could add a line like this to the users.txt of your EZproxy instance:
  20 #
  21 #    ::external=https://hostname/cgi-bin/ezproxy/remoteauth.cgi,post=user=^u&passwd=^p
  22 #
  23
  24 #use strict;
  25 use warnings;
  26
  27 use CGI;
  28 use Digest::MD5 qw(md5_hex);
  29
  30 use OpenSRF::EX qw(:try);
  31 use OpenSRF::System;
  32
  33 my $bootstrap = '/openils/conf/opensrf_core.xml';
  34 my $cgi = new CGI;
  35 my $u = $cgi->param('user');
  36 my $usrname = $cgi->param('usrname');
  37 my $barcode = $cgi->param('barcode');
  38 my $p = $cgi->param('passwd');
  39
  40 print $cgi->header(-type=>'text/html', -expires=>'-1d');
  41
  42 OpenSRF::System->bootstrap_client( config_file => $bootstrap );
  43
  44 if (!($u || $usrname || $barcode) || !$p) {
  45         print '+INCOMPLETE';
  46 } else {
  47         my $nametype;
  48     if ($usrname) {
  49         $u = $usrname;
  50             $nametype = 'username';
  51     } elsif ($barcode) {
  52         $u = $barcode;
  53         $nametype = 'barcode';
  54     } else {
  55             $nametype = 'username';
  56         my $regex_response = OpenSRF::AppSession
  57             ->create('open-ils.actor')
  58             ->request('open-ils.actor.ou_setting.ancestor_default', 1, 'opac.barcode_regex')
  59             ->gather(1);
  60         if ($regex_response) {
  61             my $regexp = $regex_response->{'value'};
  62             $nametype = 'barcode' if ($u =~ qr/$regexp/);
  63         }
  64     }
  65         my $seed = OpenSRF::AppSession
  66                 ->create('open-ils.auth')
  67                 ->request( 'open-ils.auth.authenticate.init', $u )
  68                 ->gather(1);
  69         if ($seed) {
  70                 my $response = OpenSRF::AppSession
  71                         ->create('open-ils.auth')
  72                         ->request( 'open-ils.auth.authenticate.complete', { $nametype => $u, password => md5_hex($seed . md5_hex($p)), type => 'opac' })
  73                         ->gather(1);
  74                 if ($response->{payload}->{authtoken}) {
  75                         my $user = OpenSRF::AppSession
  76                                 ->create('open-ils.auth')
  77                                 ->request( 'open-ils.auth.session.retrieve', $response->{payload}->{authtoken} )
  78                                 ->gather(1);
  79                         if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
  80                                 print '+NO';
  81                         } else {
  82                                 print '+VALID';
  83                         }
  84                 } else {
  85                         print '+NO';
  86                 }
  87         } else {
  88                 print '+BACKEND_ERROR';
  89         }
  90 }
  91
  92 1;