Revert "LP#1635737 Use new OpenSRF interval_to_seconds() context"
[working/Evergreen.git] / Open-ILS / src / perlmods / lib / OpenILS / Reporter / Proxy.pm
1 package OpenILS::Reporter::Proxy;
2 use strict; use warnings;
3
4 use Apache2::Log;
5 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
6 use APR::Const    -compile => qw(:error SUCCESS);
7 use CGI;
8 use Data::Dumper;
9 use Digest::MD5 qw/md5_hex/;
10
11 use OpenSRF::EX qw(:try);
12 use OpenSRF::System;
13
14
15 # set the bootstrap config and template include directory when 
16 # this module is loaded
17 my $bootstrap;
18
19 sub import {
20     my $self = shift;
21     $bootstrap = shift;
22 }
23
24
25 sub child_init {
26     OpenSRF::System->bootstrap_client( config_file => $bootstrap );
27 }
28
29 sub handler {
30     my $apache = shift;
31     my $cgi = new CGI;
32     my $auth_ses = $cgi->cookie('ses');
33     my $ws_ou = $cgi->cookie('ws_ou') || 1;
34
35     my $url = $cgi->url;
36
37     # push everyone to the secure site
38     if ($url =~ /^http:/o) {
39         $url =~ s/^http:/https:/o;
40         print "Location: $url\n\n";
41         return Apache2::Const::OK;
42     }
43
44     if (!$auth_ses) {
45         my $u = $cgi->param('user');
46         my $p = $cgi->param('passwd');
47
48         if (!$u) {
49
50             print $cgi->header(-type=>'text/html', -expires=>'-1d');
51             print <<"            HTML";
52
53 <html>
54     <head>
55         <title>Report Output Login</title>
56     </head>
57     <body>
58         <br/><br/><br/>
59         <center>
60         <form method='POST'>
61             <table style='border-collapse: collapse; border: 1px solid black;'>
62                 <tr>
63                     <th colspan='2' align='center'><u>Please log in to view reports</u></th>
64                 </tr>
65                 <tr>
66                     <th align="right">Username or barcode:</th>
67                     <td><input type="text" name="user"/></td>
68                 </tr>
69                 <tr>
70                     <th align="right">Password:</th>
71                     <td><input type="password" name="passwd"/></td>
72                 </tr>
73             </table>
74             <input type="submit" value="Log in"/>
75         </form>
76         </center>
77     </body>
78 </html>
79
80             HTML
81             return Apache2::Const::OK;
82         }
83
84         $auth_ses = oils_login($u, $p);
85         if ($auth_ses) {
86             print $cgi->redirect(
87                 -uri=>$url,
88                 -cookie=>$cgi->cookie(
89                     -name=>'ses',
90                     -value=>$auth_ses,
91                     -path=>'/',-expires=>'+1h'
92                 )
93             );
94             return Apache2::Const::REDIRECT;
95         }
96     }
97
98     my $user = verify_login($auth_ses);
99     return Apache2::Const::FORBIDDEN unless ($user);
100
101     my $failures = OpenSRF::AppSession
102         ->create('open-ils.actor')
103         ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, ['VIEW_REPORT_OUTPUT'])
104         ->gather(1);
105
106     return Apache2::Const::FORBIDDEN if (@$failures > 0);
107
108     # they're good, let 'em through
109     return Apache2::Const::DECLINED if (-e $apache->filename);
110
111     # oops, file not found
112     return Apache2::Const::NOT_FOUND;
113 }
114
115 # returns the user object if the session is valid, 0 otherwise
116 sub verify_login {
117     my $auth_token = shift;
118     return undef unless $auth_token;
119
120     my $user = OpenSRF::AppSession
121         ->create("open-ils.auth")
122         ->request( "open-ils.auth.session.retrieve", $auth_token )
123         ->gather(1);
124
125     if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
126         return undef;
127     }
128
129     return $user if ref($user);
130     return undef;
131 }
132
133 sub oils_login {
134         my( $username, $password, $type ) = @_;
135
136         $type |= "staff";
137     my $nametype = 'username';
138     $nametype = 'barcode' if ($username =~ /^\d+$/o);
139
140         my $seed = OpenSRF::AppSession
141         ->create("open-ils.auth")
142         ->request( 'open-ils.auth.authenticate.init', $username )
143         ->gather(1);
144
145         return undef unless $seed;
146
147         my $response = OpenSRF::AppSession
148         ->create("open-ils.auth")
149         ->request( 'open-ils.auth.authenticate.complete',
150             { $nametype => $username,
151               password => md5_hex($seed . md5_hex($password)),
152               type => $type })
153         ->gather(1);
154
155         return undef unless $response;
156
157         return $response->{payload}->{authtoken};
158 }
159
160
161
162 1;