X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=b459563074bfb7ed07840e55ec1e62939046b373;hb=4dcee58a4da3026fee25e8e73e9240a0b755a8c0;hp=602c09530a83195ebb3393dc2634c1cc9f2a3115;hpb=38f8bf4776bdd6355ea0c27fb0c3ab13b28d2501;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm index 602c09530a..b459563074 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -28,7 +28,6 @@ require Exporter; use C4::Context; use C4::Templates; # to get the template use C4::Branch; # GetBranches -use C4::Update::Database; use C4::VirtualShelves; use POSIX qw/strftime/; use List::MoreUtils qw/ any /; @@ -39,8 +38,8 @@ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $cas BEGIN { sub psgi_env { any { /^psgi\./ } keys %ENV } sub safe_exit { - if ( psgi_env ) { die 'psgi:exit' } - else { exit } + if ( psgi_env ) { die 'psgi:exit' } + else { exit } } $VERSION = 3.07.00.049; # set version for version checking @@ -54,8 +53,8 @@ BEGIN { $caslogout = C4::Context->preference('casLogout'); require C4::Auth_with_cas; # no import if ($ldap) { - require C4::Auth_with_ldap; - import C4::Auth_with_ldap qw(checkpw_ldap); + require C4::Auth_with_ldap; + import C4::Auth_with_ldap qw(checkpw_ldap); } if ($cas) { import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); @@ -135,9 +134,9 @@ sub get_template_and_user { my $in = shift; my $template = C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} ); - my ( $user, $cookie, $sessionID, $flags, $new_session ); + my ( $user, $cookie, $sessionID, $flags ); if ( $in->{'template_name'} !~m/maintenance/ ) { - ( $user, $cookie, $sessionID, $flags, $new_session ) = checkauth( + ( $user, $cookie, $sessionID, $flags ) = checkauth( $in->{'query'}, $in->{'authnotrequired'}, $in->{'flagsrequired'}, @@ -235,72 +234,74 @@ sub get_template_and_user { } } } - # Logged-in opac search history - # If the requested template is an opac one and opac search history is enabled - if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { - my $dbh = C4::Context->dbh; - my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; - my $sth = $dbh->prepare($query); - $sth->execute($borrowernumber); - - # If at least one search has already been performed - if ($sth->fetchrow_array > 0) { - # We show the link in opac - $template->param(ShowOpacRecentSearchLink => 1); - } - - # And if there's a cookie with searches performed when the user was not logged in, - # we add them to the logged-in search history - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - if (@recentSearches) { - my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); - $sth->execute( $borrowernumber, - $in->{'query'}->cookie("CGISESSID"), - $_->{'query_desc'}, - $_->{'query_cgi'}, - $_->{'total'}, - $_->{'time'}, + # Logged-in opac search history + # If the requested template is an opac one and opac search history is enabled + if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { + my $dbh = C4::Context->dbh; + my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; + my $sth = $dbh->prepare($query); + $sth->execute($borrowernumber); + + # If at least one search has already been performed + if ($sth->fetchrow_array > 0) { + # We show the link in opac + $template->param(ShowOpacRecentSearchLink => 1); + } + + # And if there's a cookie with searches performed when the user was not logged in, + # we add them to the logged-in search history + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + if (@recentSearches) { + my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, ) foreach @recentSearches; - # And then, delete the cookie's content - my $newsearchcookie = $in->{'query'}->cookie( - -name => 'KohaOpacRecentSearches', - -value => freeze([]), - -expires => '' - ); - $cookie = [$cookie, $newsearchcookie]; - } - } - } + # And then, delete the cookie's content + my $newsearchcookie = $in->{'query'}->cookie( + -name => 'KohaOpacRecentSearches', + -value => freeze([]), + -HttpOnly => 1, + -expires => '' + ); + $cookie = [$cookie, $newsearchcookie]; + } + } + } } - else { # if this is an anonymous session, setup to display public lists... + else { # if this is an anonymous session, setup to display public lists... $template->param( sessionID => $sessionID ); my ($total, $pubshelves) = C4::VirtualShelves::GetSomeShelfNames(undef, 'MASTHEAD'); - $template->param( - pubshelves => $total->{pubtotal}, - pubshelvesloop => $pubshelves, - ); + $template->param( + pubshelves => $total->{pubtotal}, + pubshelvesloop => $pubshelves, + ); } - # Anonymous opac search history - # If opac search history is enabled and at least one search has already been performed - if (C4::Context->preference('EnableOpacSearchHistory')) { - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - # We show the link in opac - if (@recentSearches) { - $template->param(ShowOpacRecentSearchLink => 1); - } - } - } + # Anonymous opac search history + # If opac search history is enabled and at least one search has already been performed + if (C4::Context->preference('EnableOpacSearchHistory')) { + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + # We show the link in opac + if (@recentSearches) { + $template->param(ShowOpacRecentSearchLink => 1); + } + } + } if(C4::Context->preference('dateformat')){ + $template->param( dateformat => C4::Context->preference('dateformat') ); if(C4::Context->preference('dateformat') eq "metric"){ $template->param(dateformat_metric => 1); } elsif(C4::Context->preference('dateformat') eq "us"){ @@ -322,6 +323,8 @@ sub get_template_and_user { LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"), LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"), LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu", + emailaddress => C4::Context->userenv?C4::Context->userenv->{"emailaddress"}:undef, + loggedinpersona => C4::Context->userenv?C4::Context->userenv->{"persona"}:undef, TagsEnabled => C4::Context->preference("TagsEnabled"), hide_marc => C4::Context->preference("hide_marc"), item_level_itypes => C4::Context->preference('item-level_itypes'), @@ -332,8 +335,8 @@ sub get_template_and_user { using_https => $in->{'query'}->https() ? 1 : 0, noItemTypeImages => C4::Context->preference("noItemTypeImages"), marcflavour => C4::Context->preference("marcflavour"), + persona => C4::Context->preference("persona"), ); - if ( $in->{'type'} eq "intranet" ) { $template->param( AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), @@ -359,7 +362,6 @@ sub get_template_and_user { suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"), - NoZebra => C4::Context->preference('NoZebra'), EasyAnalyticalRecords => C4::Context->preference('EasyAnalyticalRecords'), LocalCoverImages => C4::Context->preference('LocalCoverImages'), OPACLocalCoverImages => C4::Context->preference('OPACLocalCoverImages'), @@ -469,12 +471,6 @@ sub get_template_and_user { $template->param(OpacPublic => '1') if ($user || C4::Context->preference("OpacPublic")); } - - if ( $new_session ) { - # Check the version and redirect if DB is not up-to-date - version_check($in->{query}, $in->{'type'}, $cookie); - } - return ( $template, $borrowernumber, $cookie, $flags); } @@ -556,6 +552,50 @@ has authenticated. =cut +sub _version_check { + my $type = shift; + my $query = shift; + my $version; + # If Version syspref is unavailable, it means Koha is beeing installed, + # and so we must redirect to OPAC maintenance page or to the WebInstaller + # also, if OpacMaintenance is ON, OPAC should redirect to maintenance + if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { + warn "OPAC Install required, redirecting to maintenance"; + print $query->redirect("/cgi-bin/koha/maintenance.pl"); + safe_exit; + } + unless ( $version = C4::Context->preference('Version') ) { # assignment, not comparison + if ( $type ne 'opac' ) { + warn "Install required, redirecting to Installer"; + print $query->redirect("/cgi-bin/koha/installer/install.pl"); + } else { + warn "OPAC Install required, redirecting to maintenance"; + print $query->redirect("/cgi-bin/koha/maintenance.pl"); + } + safe_exit; + } + + # check that database and koha version are the same + # there is no DB version, it's a fresh install, + # go to web installer + # there is a DB version, compare it to the code version + my $kohaversion=C4::Context::KOHAVERSION; + # remove the 3 last . to have a Perl number + $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/; + $debug and print STDERR "kohaversion : $kohaversion\n"; + if ($version < $kohaversion){ + my $warning = "Database update needed, redirecting to %s. Database is $version and Koha is $kohaversion"; + if ($type ne 'opac'){ + warn sprintf($warning, 'Installer'); + print $query->redirect("/cgi-bin/koha/installer/install.pl?step=3"); + } else { + warn sprintf("OPAC: " . $warning, 'maintenance'); + print $query->redirect("/cgi-bin/koha/maintenance.pl"); + } + safe_exit; + } +} + sub _session_log { (@_) or return 0; open my $fh, '>>', "/tmp/sessionlog" or warn "ERROR: Cannot append to /tmp/sessionlog"; @@ -572,56 +612,20 @@ sub _timeout_syspref { return $timeout; } -sub version_check { - my ( $query, $type, $cookie ) = @_; - # check we have a Version. Otherwise => go to installer - unless ( C4::Context->preference('Version') ) { - if ( $type ne 'opac' ) { - $debug && warn "Install required, redirecting to Installer"; - print $query->redirect("/cgi-bin/koha/installer/install.pl"); - } else { - $debug && warn "OPAC Install required, redirecting to maintenance"; - print $query->redirect("/cgi-bin/koha/maintenance.pl"); - } - safe_exit; - } - - # check if you're uptodate, and if you're not, head to updater - my $koha39 = "3.1100001"; - - # Old updatedatabase method - if (C4::Context->preference('Version') < $koha39) { - print $query->redirect("/cgi-bin/koha/installer/install.pl?step=3"); - safe_exit; - } - - # New updatedatabase method - unless ( C4::Update::Database::is_uptodate() ) { - # not up-to-date, redirect to updatedatabase page - warn "redirect to updatedatabase"; - print $query->redirect(-location => "/cgi-bin/koha/admin/updatedatabase.pl", -cookie => $cookie); - safe_exit; - } -} - sub checkauth { my $query = shift; - $debug and warn "Checking Auth"; + $debug and warn "Checking Auth"; # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired = shift; my $flagsrequired = shift; my $type = shift; + my $persona = shift; $type = 'opac' unless $type; - my $new_session = 0; my $dbh = C4::Context->dbh; my $timeout = _timeout_syspref(); - # days - if ($timeout =~ /(\d+)[dD]/) { - $timeout = $1 * 86400; - }; - $timeout = 600 unless $timeout; + _version_check($type,$query); # state variables my $loggedin = 0; my %info; @@ -633,15 +637,20 @@ sub checkauth { my $casparam = $query->param('cas'); if ( $userid = $ENV{'REMOTE_USER'} ) { - # Using Basic Authentication, no cookies required + # Using Basic Authentication, no cookies required $cookie = $query->cookie( - -name => 'CGISESSID', - -value => '', - -expires => '' + -name => 'CGISESSID', + -value => '', + -expires => '', + -HttpOnly => 1, ); $loggedin = 1; } - elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison + elsif ( $persona ){ + # we dont want to set a session because we are being called by a persona callback + } + elsif ( $sessionID = $query->cookie("CGISESSID") ) + { # assignment, not comparison my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); my ($ip, $lasttime, $sessiontype); @@ -651,7 +660,8 @@ sub checkauth { $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); C4::Context::set_shelves_userenv('bar',$session->param('barshelves')); C4::Context::set_shelves_userenv('pub',$session->param('pubshelves')); @@ -670,9 +680,9 @@ sub checkauth { $session->flush; $session->delete(); C4::Context->_unset_userenv($sessionID); - $sessionID = undef; - $userid = undef; - } + $sessionID = undef; + $userid = undef; + } elsif ($logout) { # voluntary logout the user $session->flush; @@ -682,9 +692,9 @@ sub checkauth { $sessionID = undef; $userid = undef; - if ($cas and $caslogout) { - logout_cas($query); - } + if ($cas and $caslogout) { + logout_cas($query); + } } elsif ( $lasttime < time() - $timeout ) { # timed logout @@ -707,8 +717,12 @@ sub checkauth { $userid = undef; } else { - $cookie = $query->cookie( CGISESSID => $session->id ); - $session->param('lasttime',time()); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1 + ); + $session->param( 'lasttime', time() ); unless ( $sessiontype && $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in... $flags = haspermission($userid, $flagsrequired); if ($flags) { @@ -720,19 +734,24 @@ sub checkauth { } } unless ($userid || $sessionID) { + #we initiate a session prior to checking for a username to allow for anonymous sessions... my $session = get_session("") or die "Auth ERROR: Cannot get_session()"; my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); - $cookie = $query->cookie( CGISESSID => $sessionID ); - - $userid = $query->param('userid'); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1 + ); + $userid = $query->param('userid'); if ( ( $cas && $query->param('ticket') ) || $userid || ( my $pki_field = C4::Context->preference('AllowPKIAuth') ) ne - 'None' ) + 'None' || $persona ) { my $password = $query->param('password'); + my ( $return, $cardnumber ); if ( $cas && $query->param('ticket') ) { my $retuserid; @@ -740,9 +759,30 @@ sub checkauth { checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid; $info{'invalidCasLogin'} = 1 unless ($return); - $new_session = 1; } - elsif ( + + elsif ($persona) { + my $value = $persona; + + # If we're looking up the email, there's a chance that the person + # doesn't have a userid. So if there is none, we pass along the + # borrower number, and the bits of code that need to know the user + # ID will have to be smart enough to handle that. + require C4::Members; + my @users_info = C4::Members::GetBorrowersWithEmail($value); + if (@users_info) { + + # First the userid, then the borrowernum + $value = $users_info[0][1] || $users_info[0][0]; + } + else { + undef $value; + } + $return = $value ? 1 : 0; + $userid = $value; + } + + elsif ( ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} ) || ( $pki_field eq 'emailAddress' && $ENV{'SSL_CLIENT_S_DN_Email'} ) @@ -770,26 +810,26 @@ sub checkauth { } } - # 0 for no user, 1 for normal, 2 for demo user. + $return = $value ? 1 : 0; $userid = $value; - } + + } else { my $retuserid; ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid if ( $retuserid ne '' ); - $new_session = 1; - } - if ($return) { + } + if ($return) { #_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); - if ( $flags = haspermission( $userid, $flagsrequired ) ) { - $loggedin = 1; - } - else { - $info{'nopermission'} = 1; - C4::Context->_unset_userenv($sessionID); - } + if ( $flags = haspermission( $userid, $flagsrequired ) ) { + $loggedin = 1; + } + else { + $info{'nopermission'} = 1; + C4::Context->_unset_userenv($sessionID); + } my ($borrowernumber, $firstname, $surname, $userflags, $branchcode, $branchname, $branchprinter, $emailaddress); @@ -885,33 +925,37 @@ sub checkauth { $session->param('ip',$session->remote_addr()); $session->param('lasttime',time()); } + if ($persona){ + $session->param('persona',1); + } C4::Context::set_userenv( $session->param('number'), $session->param('id'), $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); } - else { - if ($userid) { - $info{'invalid_username_or_password'} = 1; - C4::Context->_unset_userenv($sessionID); - } - } - } # END if ( $userid = $query->param('userid') ) - elsif ($type eq "opac") { + else { + if ($userid) { + $info{'invalid_username_or_password'} = 1; + C4::Context->_unset_userenv($sessionID); + } + } + } # END if ( $userid = $query->param('userid') ) + elsif ($type eq "opac") { # if we are here this is an anonymous session; add public lists to it and a few other items... # anonymous sessions are created only for the OPAC - $debug and warn "Initiating an anonymous session..."; - - # setting a couple of other session vars... - $session->param('ip',$session->remote_addr()); - $session->param('lasttime',time()); - $session->param('sessiontype','anon'); - } - } # END unless ($userid) + $debug and warn "Initiating an anonymous session..."; + + # setting a couple of other session vars... + $session->param('ip',$session->remote_addr()); + $session->param('lasttime',time()); + $session->param('sessiontype','anon'); + } + } # END unless ($userid) my $insecure = C4::Context->boolean_preference('insecure'); # finished authentification, now respond @@ -919,9 +963,13 @@ sub checkauth { { # successful login unless ($cookie) { - $cookie = $query->cookie( CGISESSID => '' ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => '', + -HttpOnly => 1 + ); } - return ( $userid, $cookie, $sessionID, $flags, $new_session ); + return ( $userid, $cookie, $sessionID, $flags ); } # @@ -979,6 +1027,7 @@ sub checkauth { wrongip => $info{'wrongip'}, PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), + persona => C4::Context->preference("Persona"), ); $template->param( OpacPublic => C4::Context->preference("OpacPublic")); @@ -986,24 +1035,23 @@ sub checkauth { if ($cas) { - # Is authentication against multiple CAS servers enabled? + # Is authentication against multiple CAS servers enabled? if (C4::Auth_with_cas::multipleAuth && !$casparam) { - my $casservers = C4::Auth_with_cas::getMultipleAuth(); - my @tmplservers; - foreach my $key (keys %$casservers) { - push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; - } - #warn Data::Dumper::Dumper(\@tmplservers); - $template->param( - casServersLoop => \@tmplservers - ); - } else { + my $casservers = C4::Auth_with_cas::getMultipleAuth(); + my @tmplservers; + foreach my $key (keys %$casservers) { + push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; + } + $template->param( + casServersLoop => \@tmplservers + ); + } else { $template->param( casServerUrl => login_cas_url($query), - ); - } + ); + } - $template->param( + $template->param( invalidCasLogin => $info{'invalidCasLogin'} ); } @@ -1066,6 +1114,19 @@ sub check_api_auth { my $dbh = C4::Context->dbh; my $timeout = _timeout_syspref(); + unless (C4::Context->preference('Version')) { + # database has not been installed yet + return ("maintenance", undef, undef); + } + my $kohaversion=C4::Context::KOHAVERSION; + $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/; + if (C4::Context->preference('Version') < $kohaversion) { + # database in need of version update; assume that + # no API should be called while databsae is in + # this condition. + return ("maintenance", undef, undef); + } + # FIXME -- most of what follows is a copy-and-paste # of code from checkauth. There is an obvious need # for refactoring to separate the various parts of @@ -1111,7 +1172,11 @@ sub check_api_auth { $sessionID = undef; return ("expired", undef, undef); } else { - my $cookie = $query->cookie( CGISESSID => $session->id ); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $session->param('lasttime',time()); my $flags = haspermission($userid, $flagsrequired); if ($flags) { @@ -1131,23 +1196,23 @@ sub check_api_auth { # new login my $userid = $query->param('userid'); my $password = $query->param('password'); - my ($return, $cardnumber); - - # Proxy CAS auth - if ($cas && $query->param('PT')) { - my $retuserid; - $debug and print STDERR "## check_api_auth - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $PT = $query->param('PT'); - ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH - } else { - # User / password auth - unless ($userid and $password) { - # caller did something wrong, fail the authenticateion - return ("failed", undef, undef); - } - ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); - } + my ($return, $cardnumber); + + # Proxy CAS auth + if ($cas && $query->param('PT')) { + my $retuserid; + $debug and print STDERR "## check_api_auth - checking CAS\n"; + # In case of a CAS authentication, we use the ticket instead of the password + my $PT = $query->param('PT'); + ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH + } else { + # User / password auth + unless ($userid and $password) { + # caller did something wrong, fail the authenticateion + return ("failed", undef, undef); + } + ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); + } if ($return and haspermission( $userid, $flagsrequired)) { my $session = get_session(""); @@ -1155,7 +1220,11 @@ sub check_api_auth { my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); - my $cookie = $query->cookie(CGISESSID => $sessionID); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 1 ) { my ( $borrowernumber, $firstname, $surname, @@ -1285,6 +1354,19 @@ sub check_cookie_auth { my $dbh = C4::Context->dbh; my $timeout = _timeout_syspref(); + unless (C4::Context->preference('Version')) { + # database has not been installed yet + return ("maintenance", undef); + } + my $kohaversion=C4::Context::KOHAVERSION; + $kohaversion =~ s/(.*\..*)\.(.*)\.(.*)/$1$2$3/; + if (C4::Context->preference('Version') < $kohaversion) { + # database in need of version update; assume that + # no API should be called while databsae is in + # this condition. + return ("maintenance", undef); + } + # FIXME -- most of what follows is a copy-and-paste # of code from checkauth. There is an obvious need # for refactoring to separate the various parts of @@ -1373,7 +1455,7 @@ sub get_session { $session = new CGI::Session("driver:PostgreSQL;serializer:yaml;id:md5", $sessionID, {Handle=>$dbh}); } elsif ($storage_method eq 'memcached' && C4::Context->ismemcached){ - $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); + $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); } else { # catch all defaults to tmp should work on all systems @@ -1393,11 +1475,11 @@ sub checkpw { if ($cas && $query && $query->param('ticket')) { $debug and print STDERR "## checkpw - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $ticket = $query->param('ticket'); + # In case of a CAS authentication, we use the ticket instead of the password + my $ticket = $query->param('ticket'); my ($retval,$retcard,$retuserid) = checkpw_cas($dbh, $ticket, $query); # EXTERNAL AUTH ($retval) and return ($retval,$retcard,$retuserid); - return 0; + return 0; } # INTERNAL AUTH