X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=3c0b804a2cf8fac5b1273407dcd7eeb209b4ef01;hb=ced4ca4e2d39856b4f00411eaee406b569199c1f;hp=92f1d4c41d53ef1c4808790a6273646fd0cc4e2c;hpb=243cfbe7cebb8f90225a4b72f7ffb63c3f9b8ca0;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm index 92f1d4c41d..3c0b804a2c 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -38,8 +38,8 @@ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $cas BEGIN { sub psgi_env { any { /^psgi\./ } keys %ENV } sub safe_exit { - if ( psgi_env ) { die 'psgi:exit' } - else { exit } + if ( psgi_env ) { die 'psgi:exit' } + else { exit } } $VERSION = 3.07.00.049; # set version for version checking @@ -53,8 +53,8 @@ BEGIN { $caslogout = C4::Context->preference('casLogout'); require C4::Auth_with_cas; # no import if ($ldap) { - require C4::Auth_with_ldap; - import C4::Auth_with_ldap qw(checkpw_ldap); + require C4::Auth_with_ldap; + import C4::Auth_with_ldap qw(checkpw_ldap); } if ($cas) { import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); @@ -133,7 +133,7 @@ EOQ sub get_template_and_user { my $in = shift; my $template = - C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} ); + C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'}, $in->{'is_plugin'} ); my ( $user, $cookie, $sessionID, $flags ); if ( $in->{'template_name'} !~m/maintenance/ ) { ( $user, $cookie, $sessionID, $flags ) = checkauth( @@ -145,8 +145,7 @@ sub get_template_and_user { } my $borrowernumber; - my $insecure = C4::Context->preference('insecure'); - if ($user or $insecure) { + if ($user) { require C4::Members; # It's possible for $user to be the borrowernumber if they don't have a # userid defined (and are logging in through some other method, such @@ -186,7 +185,7 @@ sub get_template_and_user { # We are going to use the $flags returned by checkauth # to create the template's parameters that will indicate # which menus the user can access. - if (( $flags && $flags->{superlibrarian}==1) or $insecure==1) { + if ( $flags && $flags->{superlibrarian}==1 ) { $template->param( CAN_user_circulate => 1 ); $template->param( CAN_user_catalogue => 1 ); $template->param( CAN_user_parameters => 1 ); @@ -195,7 +194,7 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharges => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); $template->param( CAN_user_tools => 1 ); @@ -203,6 +202,8 @@ sub get_template_and_user { $template->param( CAN_user_serials => 1 ); $template->param( CAN_user_reports => 1 ); $template->param( CAN_user_staffaccess => 1 ); + $template->param( CAN_user_plugins => 1 ); + $template->param( CAN_user_coursereserves => 1 ); foreach my $module (keys %$all_perms) { foreach my $subperm (keys %{ $all_perms->{$module} }) { $template->param( "CAN_user_${module}_${subperm}" => 1 ); @@ -234,82 +235,74 @@ sub get_template_and_user { } } } - # Logged-in opac search history - # If the requested template is an opac one and opac search history is enabled - if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { - my $dbh = C4::Context->dbh; - my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; - my $sth = $dbh->prepare($query); - $sth->execute($borrowernumber); - - # If at least one search has already been performed - if ($sth->fetchrow_array > 0) { - # We show the link in opac - $template->param(ShowOpacRecentSearchLink => 1); - } - - # And if there's a cookie with searches performed when the user was not logged in, - # we add them to the logged-in search history - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - if (@recentSearches) { - my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); - $sth->execute( $borrowernumber, - $in->{'query'}->cookie("CGISESSID"), - $_->{'query_desc'}, - $_->{'query_cgi'}, - $_->{'total'}, - $_->{'time'}, + # Logged-in opac search history + # If the requested template is an opac one and opac search history is enabled + if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { + my $dbh = C4::Context->dbh; + my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; + my $sth = $dbh->prepare($query); + $sth->execute($borrowernumber); + + # If at least one search has already been performed + if ($sth->fetchrow_array > 0) { + # We show the link in opac + $template->param(ShowOpacRecentSearchLink => 1); + } + + # And if there's a cookie with searches performed when the user was not logged in, + # we add them to the logged-in search history + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + if (@recentSearches) { + my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, ) foreach @recentSearches; - # And then, delete the cookie's content - my $newsearchcookie = $in->{'query'}->cookie( - -name => 'KohaOpacRecentSearches', - -value => freeze([]), - -expires => '' - ); - $cookie = [$cookie, $newsearchcookie]; - } - } - } + # And then, delete the cookie's content + my $newsearchcookie = $in->{'query'}->cookie( + -name => 'KohaOpacRecentSearches', + -value => freeze([]), + -HttpOnly => 1, + -expires => '' + ); + $cookie = [$cookie, $newsearchcookie]; + } + } + } } - else { # if this is an anonymous session, setup to display public lists... + else { # if this is an anonymous session, setup to display public lists... $template->param( sessionID => $sessionID ); my ($total, $pubshelves) = C4::VirtualShelves::GetSomeShelfNames(undef, 'MASTHEAD'); - $template->param( - pubshelves => $total->{pubtotal}, - pubshelvesloop => $pubshelves, - ); + $template->param( + pubshelves => $total->{pubtotal}, + pubshelvesloop => $pubshelves, + ); } - # Anonymous opac search history - # If opac search history is enabled and at least one search has already been performed - if (C4::Context->preference('EnableOpacSearchHistory')) { - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - # We show the link in opac - if (@recentSearches) { - $template->param(ShowOpacRecentSearchLink => 1); - } - } - } + # Anonymous opac search history + # If opac search history is enabled and at least one search has already been performed + if (C4::Context->preference('EnableOpacSearchHistory')) { + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + # We show the link in opac + if (@recentSearches) { + $template->param(ShowOpacRecentSearchLink => 1); + } + } + } if(C4::Context->preference('dateformat')){ - $template->param( dateformat => C4::Context->preference('dateformat') ); - if(C4::Context->preference('dateformat') eq "metric"){ - $template->param(dateformat_metric => 1); - } elsif(C4::Context->preference('dateformat') eq "us"){ - $template->param(dateformat_us => 1); - } else { - $template->param(dateformat_iso => 1); - } - } else { - $template->param(dateformat_iso => 1); + $template->param(dateformat => C4::Context->preference('dateformat')) } # these template parameters are set the same regardless of $in->{'type'} @@ -319,9 +312,11 @@ sub get_template_and_user { GoogleJackets => C4::Context->preference("GoogleJackets"), OpenLibraryCovers => C4::Context->preference("OpenLibraryCovers"), KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"), - LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"), + LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:undef), LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"), LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu", + emailaddress => C4::Context->userenv?C4::Context->userenv->{"emailaddress"}:undef, + loggedinpersona => C4::Context->userenv?C4::Context->userenv->{"persona"}:undef, TagsEnabled => C4::Context->preference("TagsEnabled"), hide_marc => C4::Context->preference("hide_marc"), item_level_itypes => C4::Context->preference('item-level_itypes'), @@ -332,8 +327,9 @@ sub get_template_and_user { using_https => $in->{'query'}->https() ? 1 : 0, noItemTypeImages => C4::Context->preference("noItemTypeImages"), marcflavour => C4::Context->preference("marcflavour"), + persona => C4::Context->preference("persona"), + UseCourseReserves => C4::Context->preference("UseCourseReserves"), ); - if ( $in->{'type'} eq "intranet" ) { $template->param( AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), @@ -342,11 +338,11 @@ sub get_template_and_user { CalendarFirstDayOfWeek => (C4::Context->preference("CalendarFirstDayOfWeek") eq "Sunday")?0:1, CircAutocompl => C4::Context->preference("CircAutocompl"), FRBRizeEditions => C4::Context->preference("FRBRizeEditions"), - IndependantBranches => C4::Context->preference("IndependantBranches"), + IndependentBranches => C4::Context->preference("IndependentBranches"), IntranetNav => C4::Context->preference("IntranetNav"), IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"), LibraryName => C4::Context->preference("LibraryName"), - LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"), + LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:undef), advancedMARCEditor => C4::Context->preference("advancedMARCEditor"), canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'), intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"), @@ -359,12 +355,12 @@ sub get_template_and_user { suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"), - NoZebra => C4::Context->preference('NoZebra'), EasyAnalyticalRecords => C4::Context->preference('EasyAnalyticalRecords'), LocalCoverImages => C4::Context->preference('LocalCoverImages'), OPACLocalCoverImages => C4::Context->preference('OPACLocalCoverImages'), AllowMultipleCovers => C4::Context->preference('AllowMultipleCovers'), EnableBorrowerFiles => C4::Context->preference('EnableBorrowerFiles'), + UseKohaPlugins => C4::Context->preference('UseKohaPlugins'), ); } else { @@ -384,6 +380,8 @@ sub get_template_and_user { my $opac_name = ''; if (($opac_search_limit && $opac_search_limit =~ /branch:(\w+)/ && $opac_limit_override) || ($in->{'query'}->param('limit') && $in->{'query'}->param('limit') =~ /branch:(\w+)/)){ $opac_name = $1; # opac_search_limit is a branch, so we use it. + } elsif ( $in->{'query'}->param('multibranchlimit') ) { + $opac_name = $in->{'query'}->param('multibranchlimit'); } elsif (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv && C4::Context->userenv->{'branch'}) { $opac_name = C4::Context->userenv->{'branch'}; } @@ -392,13 +390,14 @@ sub get_template_and_user { AnonSuggestions => "" . C4::Context->preference("AnonSuggestions"), AuthorisedValueImages => C4::Context->preference("AuthorisedValueImages"), BranchesLoop => GetBranchesLoop($opac_name), - CalendarFirstDayOfWeek => (C4::Context->preference("CalendarFirstDayOfWeek") eq "Sunday")?0:1, + BranchCategoriesLoop => GetBranchCategories( undef, undef, 1, $opac_name ), + CalendarFirstDayOfWeek => (C4::Context->preference("CalendarFirstDayOfWeek") eq "Sunday")?0:1, LibraryName => "" . C4::Context->preference("LibraryName"), LibraryNameTitle => "" . $LibraryNameTitle, LoginBranchname => C4::Context->userenv?C4::Context->userenv->{"branchname"}:"", OPACAmazonCoverImages => C4::Context->preference("OPACAmazonCoverImages"), OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"), - OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"), + OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"), OPACItemHolds => C4::Context->preference("OPACItemHolds"), OPACShelfBrowser => "". C4::Context->preference("OPACShelfBrowser"), OpacShowRecentComments => C4::Context->preference("OpacShowRecentComments"), @@ -409,7 +408,7 @@ sub get_template_and_user { OpacAuthorities => C4::Context->preference("OpacAuthorities"), OPACBaseURL => ($in->{'query'}->https() ? "https://" : "http://") . $ENV{'SERVER_NAME'} . ($ENV{'SERVER_PORT'} eq ($in->{'query'}->https() ? "443" : "80") ? '' : ":$ENV{'SERVER_PORT'}"), - opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, + opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, opac_search_limit => $opac_search_limit, opac_limit_override => $opac_limit_override, OpacBrowser => C4::Context->preference("OpacBrowser"), @@ -423,7 +422,7 @@ sub get_template_and_user { OpacNavRight => "" . C4::Context->preference("OpacNavRight"), OpacNavBottom => "" . C4::Context->preference("OpacNavBottom"), OpacPasswordChange => C4::Context->preference("OpacPasswordChange"), - OPACPatronDetails => C4::Context->preference("OPACPatronDetails"), + OPACPatronDetails => C4::Context->preference("OPACPatronDetails"), OPACPrivacy => C4::Context->preference("OPACPrivacy"), OPACFinesTab => C4::Context->preference("OPACFinesTab"), OpacTopissue => C4::Context->preference("OpacTopissue"), @@ -556,8 +555,8 @@ sub _version_check { my $version; # If Version syspref is unavailable, it means Koha is beeing installed, # and so we must redirect to OPAC maintenance page or to the WebInstaller - # also, if OpacMaintenance is ON, OPAC should redirect to maintenance - if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { + # also, if OpacMaintenance is ON, OPAC should redirect to maintenance + if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { warn "OPAC Install required, redirecting to maintenance"; print $query->redirect("/cgi-bin/koha/maintenance.pl"); safe_exit; @@ -612,11 +611,12 @@ sub _timeout_syspref { sub checkauth { my $query = shift; - $debug and warn "Checking Auth"; + $debug and warn "Checking Auth"; # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired = shift; my $flagsrequired = shift; my $type = shift; + my $persona = shift; $type = 'opac' unless $type; my $dbh = C4::Context->dbh; @@ -634,7 +634,7 @@ sub checkauth { my $casparam = $query->param('cas'); if ( $userid = $ENV{'REMOTE_USER'} ) { - # Using Basic Authentication, no cookies required + # Using Basic Authentication, no cookies required $cookie = $query->cookie( -name => 'CGISESSID', -value => '', @@ -643,6 +643,9 @@ sub checkauth { ); $loggedin = 1; } + elsif ( $persona ){ + # we dont want to set a session because we are being called by a persona callback + } elsif ( $sessionID = $query->cookie("CGISESSID") ) { # assignment, not comparison my $session = get_session($sessionID); @@ -654,7 +657,8 @@ sub checkauth { $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); C4::Context::set_shelves_userenv('bar',$session->param('barshelves')); C4::Context::set_shelves_userenv('pub',$session->param('pubshelves')); @@ -673,9 +677,9 @@ sub checkauth { $session->flush; $session->delete(); C4::Context->_unset_userenv($sessionID); - $sessionID = undef; - $userid = undef; - } + $sessionID = undef; + $userid = undef; + } elsif ($logout) { # voluntary logout the user $session->flush; @@ -685,9 +689,9 @@ sub checkauth { $sessionID = undef; $userid = undef; - if ($cas and $caslogout) { - logout_cas($query); - } + if ($cas and $caslogout) { + logout_cas($query); + } } elsif ( $lasttime < time() - $timeout ) { # timed logout @@ -727,6 +731,7 @@ sub checkauth { } } unless ($userid || $sessionID) { + #we initiate a session prior to checking for a username to allow for anonymous sessions... my $session = get_session("") or die "Auth ERROR: Cannot get_session()"; my $sessionID = $session->id; @@ -740,9 +745,10 @@ sub checkauth { if ( ( $cas && $query->param('ticket') ) || $userid || ( my $pki_field = C4::Context->preference('AllowPKIAuth') ) ne - 'None' ) + 'None' || $persona ) { my $password = $query->param('password'); + my ( $return, $cardnumber ); if ( $cas && $query->param('ticket') ) { my $retuserid; @@ -751,7 +757,29 @@ sub checkauth { $userid = $retuserid; $info{'invalidCasLogin'} = 1 unless ($return); } - elsif ( + + elsif ($persona) { + my $value = $persona; + + # If we're looking up the email, there's a chance that the person + # doesn't have a userid. So if there is none, we pass along the + # borrower number, and the bits of code that need to know the user + # ID will have to be smart enough to handle that. + require C4::Members; + my @users_info = C4::Members::GetBorrowersWithEmail($value); + if (@users_info) { + + # First the userid, then the borrowernum + $value = $users_info[0][1] || $users_info[0][0]; + } + else { + undef $value; + } + $return = $value ? 1 : 0; + $userid = $value; + } + + elsif ( ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} ) || ( $pki_field eq 'emailAddress' && $ENV{'SSL_CLIENT_S_DN_Email'} ) @@ -779,25 +807,26 @@ sub checkauth { } } - # 0 for no user, 1 for normal, 2 for demo user. + $return = $value ? 1 : 0; $userid = $value; - } + + } else { my $retuserid; ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid if ( $retuserid ne '' ); - } - if ($return) { + } + if ($return) { #_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); - if ( $flags = haspermission( $userid, $flagsrequired ) ) { - $loggedin = 1; - } - else { - $info{'nopermission'} = 1; - C4::Context->_unset_userenv($sessionID); - } + if ( $flags = haspermission( $userid, $flagsrequired ) ) { + $loggedin = 1; + } + else { + $info{'nopermission'} = 1; + C4::Context->_unset_userenv($sessionID); + } my ($borrowernumber, $firstname, $surname, $userflags, $branchcode, $branchname, $branchprinter, $emailaddress); @@ -844,7 +873,7 @@ sub checkauth { $branchname = GetBranchName($branchcode); } my $branches = GetBranches(); - if (C4::Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('Autolocation')){ + if (C4::Context->boolean_preference('IndependentBranches') && C4::Context->boolean_preference('Autolocation')){ # we have to check they are coming from the right ip range my $domain = $branches->{$branchcode}->{'branchip'}; if ($ip !~ /^$domain/){ @@ -893,37 +922,40 @@ sub checkauth { $session->param('ip',$session->remote_addr()); $session->param('lasttime',time()); } + if ($persona){ + $session->param('persona',1); + } C4::Context::set_userenv( $session->param('number'), $session->param('id'), $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); } - else { - if ($userid) { - $info{'invalid_username_or_password'} = 1; - C4::Context->_unset_userenv($sessionID); - } - } - } # END if ( $userid = $query->param('userid') ) - elsif ($type eq "opac") { + else { + if ($userid) { + $info{'invalid_username_or_password'} = 1; + C4::Context->_unset_userenv($sessionID); + } + } + } # END if ( $userid = $query->param('userid') ) + elsif ($type eq "opac") { # if we are here this is an anonymous session; add public lists to it and a few other items... # anonymous sessions are created only for the OPAC - $debug and warn "Initiating an anonymous session..."; + $debug and warn "Initiating an anonymous session..."; - # setting a couple of other session vars... - $session->param('ip',$session->remote_addr()); - $session->param('lasttime',time()); - $session->param('sessiontype','anon'); - } - } # END unless ($userid) - my $insecure = C4::Context->boolean_preference('insecure'); + # setting a couple of other session vars... + $session->param('ip',$session->remote_addr()); + $session->param('lasttime',time()); + $session->param('sessiontype','anon'); + } + } # END unless ($userid) # finished authentification, now respond - if ( $loggedin || $authnotrequired || ( defined($insecure) && $insecure ) ) + if ( $loggedin || $authnotrequired ) { # successful login unless ($cookie) { @@ -986,11 +1018,13 @@ sub checkauth { IntranetNav => C4::Context->preference("IntranetNav"), IntranetFavicon => C4::Context->preference("IntranetFavicon"), intranetuserjs => C4::Context->preference("intranetuserjs"), - IndependantBranches=> C4::Context->preference("IndependantBranches"), + IndependentBranches=> C4::Context->preference("IndependentBranches"), AutoLocation => C4::Context->preference("AutoLocation"), wrongip => $info{'wrongip'}, PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), + persona => C4::Context->preference("Persona"), + opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, ); $template->param( OpacPublic => C4::Context->preference("OpacPublic")); @@ -998,24 +1032,23 @@ sub checkauth { if ($cas) { - # Is authentication against multiple CAS servers enabled? + # Is authentication against multiple CAS servers enabled? if (C4::Auth_with_cas::multipleAuth && !$casparam) { - my $casservers = C4::Auth_with_cas::getMultipleAuth(); - my @tmplservers; - foreach my $key (keys %$casservers) { - push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; - } - #warn Data::Dumper::Dumper(\@tmplservers); - $template->param( - casServersLoop => \@tmplservers - ); - } else { + my $casservers = C4::Auth_with_cas::getMultipleAuth(); + my @tmplservers; + foreach my $key (keys %$casservers) { + push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; + } + $template->param( + casServersLoop => \@tmplservers + ); + } else { $template->param( casServerUrl => login_cas_url($query), - ); - } + ); + } - $template->param( + $template->param( invalidCasLogin => $info{'invalidCasLogin'} ); } @@ -1136,7 +1169,11 @@ sub check_api_auth { $sessionID = undef; return ("expired", undef, undef); } else { - my $cookie = $query->cookie( CGISESSID => $session->id ); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $session->param('lasttime',time()); my $flags = haspermission($userid, $flagsrequired); if ($flags) { @@ -1156,23 +1193,23 @@ sub check_api_auth { # new login my $userid = $query->param('userid'); my $password = $query->param('password'); - my ($return, $cardnumber); - - # Proxy CAS auth - if ($cas && $query->param('PT')) { - my $retuserid; - $debug and print STDERR "## check_api_auth - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $PT = $query->param('PT'); - ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH - } else { - # User / password auth - unless ($userid and $password) { - # caller did something wrong, fail the authenticateion - return ("failed", undef, undef); - } - ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); - } + my ($return, $cardnumber); + + # Proxy CAS auth + if ($cas && $query->param('PT')) { + my $retuserid; + $debug and print STDERR "## check_api_auth - checking CAS\n"; + # In case of a CAS authentication, we use the ticket instead of the password + my $PT = $query->param('PT'); + ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH + } else { + # User / password auth + unless ($userid and $password) { + # caller did something wrong, fail the authenticateion + return ("failed", undef, undef); + } + ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); + } if ($return and haspermission( $userid, $flagsrequired)) { my $session = get_session(""); @@ -1180,7 +1217,11 @@ sub check_api_auth { my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); - my $cookie = $query->cookie(CGISESSID => $sessionID); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 1 ) { my ( $borrowernumber, $firstname, $surname, @@ -1411,7 +1452,7 @@ sub get_session { $session = new CGI::Session("driver:PostgreSQL;serializer:yaml;id:md5", $sessionID, {Handle=>$dbh}); } elsif ($storage_method eq 'memcached' && C4::Context->ismemcached){ - $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); + $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); } else { # catch all defaults to tmp should work on all systems @@ -1431,11 +1472,11 @@ sub checkpw { if ($cas && $query && $query->param('ticket')) { $debug and print STDERR "## checkpw - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $ticket = $query->param('ticket'); + # In case of a CAS authentication, we use the ticket instead of the password + my $ticket = $query->param('ticket'); my ($retval,$retcard,$retuserid) = checkpw_cas($dbh, $ticket, $query); # EXTERNAL AUTH ($retval) and return ($retval,$retcard,$retuserid); - return 0; + return 0; } # INTERNAL AUTH