Open-ILS/src/perlmods/lib/OpenILS/WWW/Proxy.pm

   1 package OpenILS::WWW::Proxy;
   2 use strict; use warnings;
   3
   4 use Apache2::Log;
   5 use Apache2::Const -compile => qw(REDIRECT FORBIDDEN OK NOT_FOUND DECLINED :log);
   6 use APR::Const    -compile => qw(:error SUCCESS);
   7 use CGI;
   8 use Data::Dumper;
   9 use Digest::MD5 qw/md5_hex/;
  10
  11 use OpenSRF::EX qw(:try);
  12 use OpenSRF::System;
  13
  14
  15 # set the bootstrap config and template include directory when
  16 # this module is loaded
  17 my $bootstrap;
  18 my $ssl_off;
  19
  20 my $default_template = <<HTML;
  21 <html>
  22         <head>
  23                 <title>TITLE</title>
  24         </head>
  25         <body>
  26                 <br/><br/><br/>
  27                 <center>
  28                 <form method='POST'>
  29                         <table style='border-collapse: collapse; border: 1px solid black;'>
  30                                 <tr>
  31                                         <th colspan='2' align='center'><u>DESCRIPTION</u></th>
  32                                 </tr>
  33                                 <tr>
  34                                         <th align="right">Username or barcode:</th>
  35                                         <td><input type="text" name="user"/></td>
  36                                 </tr>
  37                                 <tr>
  38                                         <th align="right">Password:</th>
  39                                         <td><input type="password" name="passwd"/></td>
  40                                 </tr>
  41                         </table>
  42                         <input type="submit" value="Log in"/>
  43                 </form>
  44                 </center>
  45         </body>
  46 </html>
  47 HTML
  48
  49 sub import {
  50         my $self = shift;
  51         $bootstrap = shift;
  52         $ssl_off = shift;
  53 }
  54
  55
  56 sub child_init {
  57         OpenSRF::System->bootstrap_client( config_file => $bootstrap );
  58 }
  59
  60 sub handler {
  61         my $apache = shift;
  62
  63         my $proxyhtml = $apache->dir_config('OILSProxyHTML');
  64         my $title = $apache->dir_config('OILSProxyTitle');
  65         my $desc = $apache->dir_config('OILSProxyDescription');
  66         my $ltype = $apache->dir_config('OILSProxyLoginType');
  67         my $perms = [ split ' ', $apache->dir_config('OILSProxyPermissions') ];
  68
  69         return Apache2::Const::NOT_FOUND unless ($title || $proxyhtml);
  70         return Apache2::Const::NOT_FOUND unless (@$perms);
  71
  72         my $cgi = new CGI;
  73         my $auth_ses = $cgi->cookie('ses') || $cgi->param('ses');
  74         my $ws_ou = $apache->dir_config('OILSProxyLoginOU') || $cgi->cookie('ws_ou') || $cgi->param('ws_ou');
  75
  76         my $url = $cgi->url;
  77
  78         # push everyone to the secure site
  79         if (!$ssl_off && $url =~ /^http:/o) {
  80         my $base = $cgi->url(-base=>1);
  81                 $base =~ s/^http:/https:/o;
  82                 print "Location: $base".$apache->unparsed_uri."\n\n";
  83                 return Apache2::Const::REDIRECT;
  84         }
  85
  86         if (!$auth_ses) {
  87                 my $u = $cgi->param('user');
  88                 my $p = $cgi->param('passwd');
  89
  90                 if (!$u) {
  91
  92                         print $cgi->header(-type=>'text/html', -expires=>'-1d');
  93                         if (!$proxyhtml) {
  94                                 $proxyhtml = $default_template;
  95                                 $proxyhtml =~ s/TITLE/$title/gso;
  96                                 $proxyhtml =~ s/DESCRIPTION/$desc/gso;
  97                         } else {
  98                                 # XXX template toolkit??
  99                         }
 100
 101                         print $proxyhtml;
 102                         return Apache2::Const::OK;
 103                 }
 104
 105                 $auth_ses = oils_login($u, $p, $ltype);
 106                 if ($auth_ses) {
 107                         print $cgi->redirect(
 108                                 -uri=> $apache->unparsed_uri,
 109                                 -cookie=>$cgi->cookie(
 110                                         -name=>'ses',
 111                                         -value=>$auth_ses,
 112                                         -path=>'/',
 113                                         -secure=>1
 114                                 )
 115                         );
 116                         return Apache2::Const::REDIRECT;
 117                 } else {
 118             return back_to_login($apache, $cgi);
 119         }
 120         }
 121
 122         my $user = verify_login($auth_ses);
 123     return back_to_login($apache, $cgi) unless $user;
 124
 125         $ws_ou ||= $user->home_ou;
 126
 127         warn "Checking perms " . join(',', @$perms) . " for user " . $user->id . " at location $ws_ou\n";
 128
 129         my $failures = OpenSRF::AppSession
 130                 ->create('open-ils.actor')
 131                 ->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
 132                 ->gather(1);
 133
 134         return back_to_login($apache, $cgi) if (@$failures > 0);
 135
 136         # they're good, let 'em through
 137         return Apache2::Const::DECLINED;
 138 }
 139
 140 sub back_to_login {
 141     my $apache = shift;
 142     my $cgi = shift;
 143     print $cgi->redirect(
 144         -uri=>$apache->unparsed_uri,
 145         -cookie=>$cgi->cookie(
 146             -name=>'ses',
 147             -value=>'',
 148             -path=>'/',-expires=>'-1h'
 149         )
 150     );
 151     return Apache2::Const::REDIRECT;
 152 }
 153
 154 # returns the user object if the session is valid, 0 otherwise
 155 sub verify_login {
 156         my $auth_token = shift;
 157         return undef unless $auth_token;
 158
 159         my $user = OpenSRF::AppSession
 160                 ->create("open-ils.auth")
 161                 ->request( "open-ils.auth.session.retrieve", $auth_token )
 162                 ->gather(1);
 163
 164         if (ref($user) eq 'HASH' && $user->{ilsevent} == 1001) {
 165                 return undef;
 166         }
 167
 168         return $user if ref($user);
 169         return undef;
 170 }
 171
 172 sub oils_login {
 173         my( $username, $password, $type ) = @_;
 174
 175         $type |= "staff";
 176         my $nametype = 'username';
 177         $nametype = 'barcode' if ($username =~ /^\d+$/o);
 178
 179         my $seed = OpenSRF::AppSession
 180                 ->create("open-ils.auth")
 181                 ->request( 'open-ils.auth.authenticate.init', $username )
 182                 ->gather(1);
 183
 184         return undef unless $seed;
 185
 186         my $response = OpenSRF::AppSession
 187                 ->create("open-ils.auth")
 188                 ->request( 'open-ils.auth.authenticate.complete',
 189                         { $nametype => $username, agent => 'authproxy',
 190                           password => md5_hex($seed . md5_hex($password)),
 191                           type => $type })
 192                 ->gather(1);
 193
 194         return undef unless $response;
 195
 196         return $response->{payload}->{authtoken};
 197 }
 198
 199 1;
 200