use Koha::Library::Groups;
use Koha::Libraries;
use Koha::Patrons;
+use Koha::Patron::Consents;
use POSIX qw/strftime/;
use List::MoreUtils qw/ any /;
use Encode qw( encode is_utf8);
+use C4::Auth_with_shibboleth;
# use utf8;
-use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $shib $shib_login);
+use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout);
BEGIN {
sub psgi_env { any { /^psgi\./ } keys %ENV }
%EXPORT_TAGS = ( EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)] );
$ldap = C4::Context->config('useldapserver') || 0;
$cas = C4::Context->preference('casAuthentication');
- $shib = C4::Context->config('useshibboleth') || 0;
$caslogout = C4::Context->preference('casLogout');
require C4::Auth_with_cas; # no import
require C4::Auth_with_ldap;
import C4::Auth_with_ldap qw(checkpw_ldap);
}
- if ($shib) {
- require C4::Auth_with_shibboleth;
- import C4::Auth_with_shibboleth
- qw(shib_ok checkpw_shib logout_shib login_shib_url get_login_shib);
-
- # Check for good config
- if ( shib_ok() ) {
-
- # Get shibboleth login attribute
- $shib_login = get_login_shib();
- }
-
- # Bad config, disable shibboleth
- else {
- $shib = 0;
- }
- }
if ($cas) {
import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url logout_if_required);
}
The C<template_name> is then used to find the correct template for
the page. The authenticated users details are loaded onto the
-template in the HTML::Template LOOP variable C<USER_INFO>. Also the
+template in the logged_in_user variable (which is a Koha::Patron object). Also the
C<sessionID> is passed to the template. This can be used in templates
if cookies are disabled. It needs to be put as and input to every
authenticated page.
my $in = shift;
my ( $user, $cookie, $sessionID, $flags );
+ # Get shibboleth login attribute
+ my $shib = C4::Context->config('useshibboleth') && shib_ok();
+ my $shib_login = $shib ? get_login_shib() : undef;
+
C4::Context->interface( $in->{type} );
$in->{'authnotrequired'} ||= 0;
);
}
+ # If we enforce GDPR and the user did not consent, redirect
+ if( $in->{type} eq 'opac' && $user &&
+ $in->{'template_name'} !~ /opac-patron-consent/ &&
+ C4::Context->preference('GDPR_Policy') eq 'Enforced' )
+ {
+ my $consent = Koha::Patron::Consents->search({
+ borrowernumber => getborrowernumber($user),
+ type => 'GDPR_PROCESSING',
+ given_on => { '!=', undef },
+ })->next;
+ if( !$consent ) {
+ print $in->{query}->redirect(-uri => '/cgi-bin/koha/opac-patron-consent.pl', -cookie => $cookie);
+ safe_exit;
+ }
+ }
+
if ( $in->{type} eq 'opac' && $user ) {
my $kick_out;
}
# user info
- $template->param( loggedinusername => $user ); # FIXME Should be replaced with something like patron-title.inc
+ $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead
$template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber
$template->param( logged_in_user => $patron );
$template->param( sessionID => $sessionID );
);
}
- $template->param( "USER_INFO" => $patron->unblessed ) if $borrowernumber != 0;
-
my $all_perms = get_all_subpermissions();
my @flagroots = qw(circulate catalogue parameters borrowers permissions reserveforothers borrow
$template->param( CAN_user_coursereserves => 1 );
$template->param( CAN_user_clubs => 1 );
$template->param( CAN_user_ill => 1 );
+ $template->param( CAN_user_stockrotation => 1 );
foreach my $module ( keys %$all_perms ) {
foreach my $subperm ( keys %{ $all_perms->{$module} } ) {
my $opac_limit_override = $ENV{'OPAC_LIMIT_OVERRIDE'};
my $opac_name = '';
if (
- ( $opac_limit_override && $opac_search_limit && $opac_search_limit =~ /branch:(\w+)/ ) ||
- ( $in->{'query'}->param('limit') && $in->{'query'}->param('limit') =~ /branch:(\w+)/ ) ||
+ ( $opac_limit_override && $opac_search_limit && $opac_search_limit =~ /branch:([\w-]+)/ ) ||
+ ( $in->{'query'}->param('limit') && $in->{'query'}->param('limit') =~ /branch:([\w-]+)/ ) ||
( $in->{'query'}->param('multibranchlimit') && $in->{'query'}->param('multibranchlimit') =~ /multibranchlimit-(\w+)/ )
) {
$opac_name = $1; # opac_search_limit is a branch, so we use it.
sub checkauth {
my $query = shift;
$debug and warn "Checking Auth";
+
+ # Get shibboleth login attribute
+ my $shib = C4::Context->config('useshibboleth') && shib_ok();
+ my $shib_login = $shib ? get_login_shib() : undef;
+
# $authnotrequired will be set for scripts which will run without authentication
my $authnotrequired = shift;
my $flagsrequired = shift;
}
# If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint)
- if ( $shib and $shib_login and $shibSuccess and $type eq 'opac' ) {
-
- # (Note: $type eq 'opac' condition should be removed when shibboleth authentication for intranet will be implemented)
+ if ( $shib and $shib_login and $shibSuccess) {
logout_shib($query);
}
}
$session->param( 'search_history', $anon_search_history );
}
- my $sessionID = $session->id;
+ $sessionID = $session->id;
C4::Context->_new_userenv($sessionID);
$cookie = $query->cookie(
-name => 'CGISESSID',
my ( $return, $cardnumber );
# If shib is enabled and we have a shib login, does the login match a valid koha user
- if ( $shib && $shib_login && $type eq 'opac' ) {
+ if ( $shib && $shib_login ) {
my $retuserid;
# Do not pass password here, else shib will not be checked in checkpw.
my @inputs = ();
foreach my $name ( param $query) {
(next) if ( $name eq 'userid' || $name eq 'password' || $name eq 'ticket' );
- my $value = $query->param($name);
- push @inputs, { name => $name, value => $value };
+ my @value = $query->multi_param($name);
+ push @inputs, { name => $name, value => $_ } for @value;
}
my $patron = Koha::Patrons->find({ userid => $q_userid }); # Not necessary logged in!
my ( $dbh, $userid, $password, $query, $type, $no_set_userenv ) = @_;
$type = 'opac' unless $type;
+ # Get shibboleth login attribute
+ my $shib = C4::Context->config('useshibboleth') && shib_ok();
+ my $shib_login = $shib ? get_login_shib() : undef;
+
my @return;
my $patron = Koha::Patrons->find({ userid => $userid });
my $check_internal_as_fallback = 0;