From 807dd95dffab3e8a25f167973a8d1c05ebf84b11 Mon Sep 17 00:00:00 2001 From: Dan Wells Date: Tue, 5 Jan 2016 14:24:21 -0500 Subject: [PATCH] LP#1468422 Make AuthProxy.pm work with new auth Previously, AuthProxy.pm would simply lookup and use the hashed password when the external authentication had passed. This simple method no longer works, since even cstore doesn't have access to the hashed password. Instead, take advantage of the new 'auth_internal' service to create the user session after the user has been externally authenticated. Signed-off-by: Dan Wells Signed-off-by: Bill Erickson --- .../lib/OpenILS/Application/AuthProxy.pm | 50 ++++++++++++------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm index 9ca5ea52d1..94bb2d1438 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm @@ -234,8 +234,8 @@ sub login { } elsif (defined $code) { # code is '0', i.e. SUCCESS if (exists $event->{'payload'}) { # we have a complete native login return $event; - } else { # do a 'forced' login - return &_do_login($args, 1); + } else { # create an EG session for the successful external login + return &_create_session($args); } } } @@ -249,6 +249,35 @@ sub login { return OpenILS::Event->new( 'LOGIN_FAILED' ); } +sub _create_session { + my $args = shift; + + my $user = $U->cstorereq( + "open-ils.cstore.direct.actor.user.search.atomic", + { usrname => $args->{'username'} } + ); + if (!$user->[0]) { + $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting"); + return OpenILS::Event->new( 'LOGIN_FAILED' ); + } else { + $args->{user_id} = $user->[0]->id; + } + + my $response = OpenSRF::AppSession->create("open-ils.auth_internal")->request( + 'open-ils.auth_internal.session.create', + { + user_id => $args->{user_id}, + login_type => $args->{type}, + org_unit => $args->{org} + } + )->gather(1); + + return OpenILS::Event->new( 'LOGIN_FAILED' ) + unless $response; + + return $response; +} + sub _do_login { my $args = shift; my $authenticated = shift; @@ -262,22 +291,7 @@ sub _do_login { unless $seed; my $real_password = $args->{'password'}; - # if we have already authenticated, look up the password needed to finish - if ($authenticated) { - # username is required - return OpenILS::Event->new( 'LOGIN_FAILED' ) if !$args->{'username'}; - my $user = $U->cstorereq( - "open-ils.cstore.direct.actor.user.search.atomic", - { usrname => $args->{'username'} } - ); - if (!$user->[0]) { - $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting"); - return OpenILS::Event->new( 'LOGIN_FAILED' ); - } - $args->{'password'} = md5_hex( $seed . $user->[0]->passwd ); - } else { - $args->{'password'} = md5_hex( $seed . md5_hex($real_password) ); - } + $args->{'password'} = md5_hex( $seed . md5_hex($real_password) ); my $response = OpenSRF::AppSession->create("open-ils.auth")->request( 'open-ils.auth.authenticate.complete', $args -- 2.43.2