X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=ee180305fdae97ac7e186f4499e9b2dcfb4419b7;hb=be869ab2790f1a5d43c7d5f3aab4d8b77d2acc9f;hp=9edf932f0b86e6f9feaa120e23fbec490127e463;hpb=4f44847c11add59ab7d0c55aeffac1fa2835cc1f;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm index 9edf932f0b..ee180305fd 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -38,8 +38,8 @@ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $cas BEGIN { sub psgi_env { any { /^psgi\./ } keys %ENV } sub safe_exit { - if ( psgi_env ) { die 'psgi:exit' } - else { exit } + if ( psgi_env ) { die 'psgi:exit' } + else { exit } } $VERSION = 3.07.00.049; # set version for version checking @@ -53,8 +53,8 @@ BEGIN { $caslogout = C4::Context->preference('casLogout'); require C4::Auth_with_cas; # no import if ($ldap) { - require C4::Auth_with_ldap; - import C4::Auth_with_ldap qw(checkpw_ldap); + require C4::Auth_with_ldap; + import C4::Auth_with_ldap qw(checkpw_ldap); } if ($cas) { import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); @@ -133,7 +133,7 @@ EOQ sub get_template_and_user { my $in = shift; my $template = - C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} ); + C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'}, $in->{'is_plugin'} ); my ( $user, $cookie, $sessionID, $flags ); if ( $in->{'template_name'} !~m/maintenance/ ) { ( $user, $cookie, $sessionID, $flags ) = checkauth( @@ -145,8 +145,7 @@ sub get_template_and_user { } my $borrowernumber; - my $insecure = C4::Context->preference('insecure'); - if ($user or $insecure) { + if ($user) { require C4::Members; # It's possible for $user to be the borrowernumber if they don't have a # userid defined (and are logging in through some other method, such @@ -186,7 +185,7 @@ sub get_template_and_user { # We are going to use the $flags returned by checkauth # to create the template's parameters that will indicate # which menus the user can access. - if (( $flags && $flags->{superlibrarian}==1) or $insecure==1) { + if ( $flags && $flags->{superlibrarian}==1 ) { $template->param( CAN_user_circulate => 1 ); $template->param( CAN_user_catalogue => 1 ); $template->param( CAN_user_parameters => 1 ); @@ -195,7 +194,7 @@ sub get_template_and_user { $template->param( CAN_user_reserveforothers => 1 ); $template->param( CAN_user_borrow => 1 ); $template->param( CAN_user_editcatalogue => 1 ); - $template->param( CAN_user_updatecharges => 1 ); + $template->param( CAN_user_updatecharges => 1 ); $template->param( CAN_user_acquisition => 1 ); $template->param( CAN_user_management => 1 ); $template->param( CAN_user_tools => 1 ); @@ -203,6 +202,8 @@ sub get_template_and_user { $template->param( CAN_user_serials => 1 ); $template->param( CAN_user_reports => 1 ); $template->param( CAN_user_staffaccess => 1 ); + $template->param( CAN_user_plugins => 1 ); + $template->param( CAN_user_coursereserves => 1 ); foreach my $module (keys %$all_perms) { foreach my $subperm (keys %{ $all_perms->{$module} }) { $template->param( "CAN_user_${module}_${subperm}" => 1 ); @@ -234,81 +235,74 @@ sub get_template_and_user { } } } - # Logged-in opac search history - # If the requested template is an opac one and opac search history is enabled - if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { - my $dbh = C4::Context->dbh; - my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; - my $sth = $dbh->prepare($query); - $sth->execute($borrowernumber); - - # If at least one search has already been performed - if ($sth->fetchrow_array > 0) { - # We show the link in opac - $template->param(ShowOpacRecentSearchLink => 1); - } - - # And if there's a cookie with searches performed when the user was not logged in, - # we add them to the logged-in search history - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - if (@recentSearches) { - my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); - $sth->execute( $borrowernumber, - $in->{'query'}->cookie("CGISESSID"), - $_->{'query_desc'}, - $_->{'query_cgi'}, - $_->{'total'}, - $_->{'time'}, + # Logged-in opac search history + # If the requested template is an opac one and opac search history is enabled + if ($in->{type} eq 'opac' && C4::Context->preference('EnableOpacSearchHistory')) { + my $dbh = C4::Context->dbh; + my $query = "SELECT COUNT(*) FROM search_history WHERE userid=?"; + my $sth = $dbh->prepare($query); + $sth->execute($borrowernumber); + + # If at least one search has already been performed + if ($sth->fetchrow_array > 0) { + # We show the link in opac + $template->param(ShowOpacRecentSearchLink => 1); + } + + # And if there's a cookie with searches performed when the user was not logged in, + # we add them to the logged-in search history + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + if (@recentSearches) { + my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, ) foreach @recentSearches; - # And then, delete the cookie's content - my $newsearchcookie = $in->{'query'}->cookie( - -name => 'KohaOpacRecentSearches', - -value => freeze([]), - -expires => '' - ); - $cookie = [$cookie, $newsearchcookie]; - } - } - } + # And then, delete the cookie's content + my $newsearchcookie = $in->{'query'}->cookie( + -name => 'KohaOpacRecentSearches', + -value => freeze([]), + -HttpOnly => 1, + -expires => '' + ); + $cookie = [$cookie, $newsearchcookie]; + } + } + } } - else { # if this is an anonymous session, setup to display public lists... + else { # if this is an anonymous session, setup to display public lists... $template->param( sessionID => $sessionID ); my ($total, $pubshelves) = C4::VirtualShelves::GetSomeShelfNames(undef, 'MASTHEAD'); - $template->param( - pubshelves => $total->{pubtotal}, - pubshelvesloop => $pubshelves, - ); + $template->param( + pubshelves => $total->{pubtotal}, + pubshelvesloop => $pubshelves, + ); } - # Anonymous opac search history - # If opac search history is enabled and at least one search has already been performed - if (C4::Context->preference('EnableOpacSearchHistory')) { - my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); - if ($searchcookie){ - $searchcookie = uri_unescape($searchcookie); - my @recentSearches = @{thaw($searchcookie) || []}; - # We show the link in opac - if (@recentSearches) { - $template->param(ShowOpacRecentSearchLink => 1); - } - } - } + # Anonymous opac search history + # If opac search history is enabled and at least one search has already been performed + if (C4::Context->preference('EnableOpacSearchHistory')) { + my $searchcookie = $in->{'query'}->cookie('KohaOpacRecentSearches'); + if ($searchcookie){ + $searchcookie = uri_unescape($searchcookie); + my @recentSearches = @{thaw($searchcookie) || []}; + # We show the link in opac + if (@recentSearches) { + $template->param(ShowOpacRecentSearchLink => 1); + } + } + } if(C4::Context->preference('dateformat')){ - if(C4::Context->preference('dateformat') eq "metric"){ - $template->param(dateformat_metric => 1); - } elsif(C4::Context->preference('dateformat') eq "us"){ - $template->param(dateformat_us => 1); - } else { - $template->param(dateformat_iso => 1); - } - } else { - $template->param(dateformat_iso => 1); + $template->param(dateformat => C4::Context->preference('dateformat')) } # these template parameters are set the same regardless of $in->{'type'} @@ -318,9 +312,11 @@ sub get_template_and_user { GoogleJackets => C4::Context->preference("GoogleJackets"), OpenLibraryCovers => C4::Context->preference("OpenLibraryCovers"), KohaAdminEmailAddress => "" . C4::Context->preference("KohaAdminEmailAddress"), - LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:"insecure"), + LoginBranchcode => (C4::Context->userenv?C4::Context->userenv->{"branch"}:undef), LoginFirstname => (C4::Context->userenv?C4::Context->userenv->{"firstname"}:"Bel"), LoginSurname => C4::Context->userenv?C4::Context->userenv->{"surname"}:"Inconnu", + emailaddress => C4::Context->userenv?C4::Context->userenv->{"emailaddress"}:undef, + loggedinpersona => C4::Context->userenv?C4::Context->userenv->{"persona"}:undef, TagsEnabled => C4::Context->preference("TagsEnabled"), hide_marc => C4::Context->preference("hide_marc"), item_level_itypes => C4::Context->preference('item-level_itypes'), @@ -331,8 +327,9 @@ sub get_template_and_user { using_https => $in->{'query'}->https() ? 1 : 0, noItemTypeImages => C4::Context->preference("noItemTypeImages"), marcflavour => C4::Context->preference("marcflavour"), + persona => C4::Context->preference("persona"), + UseCourseReserves => C4::Context->preference("UseCourseReserves"), ); - if ( $in->{'type'} eq "intranet" ) { $template->param( AmazonCoverImages => C4::Context->preference("AmazonCoverImages"), @@ -345,7 +342,7 @@ sub get_template_and_user { IntranetNav => C4::Context->preference("IntranetNav"), IntranetmainUserblock => C4::Context->preference("IntranetmainUserblock"), LibraryName => C4::Context->preference("LibraryName"), - LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:"insecure"), + LoginBranchname => (C4::Context->userenv?C4::Context->userenv->{"branchname"}:undef), advancedMARCEditor => C4::Context->preference("advancedMARCEditor"), canreservefromotherbranches => C4::Context->preference('canreservefromotherbranches'), intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"), @@ -358,12 +355,12 @@ sub get_template_and_user { suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), StaffSerialIssueDisplayCount => C4::Context->preference("StaffSerialIssueDisplayCount"), - NoZebra => C4::Context->preference('NoZebra'), EasyAnalyticalRecords => C4::Context->preference('EasyAnalyticalRecords'), LocalCoverImages => C4::Context->preference('LocalCoverImages'), OPACLocalCoverImages => C4::Context->preference('OPACLocalCoverImages'), AllowMultipleCovers => C4::Context->preference('AllowMultipleCovers'), EnableBorrowerFiles => C4::Context->preference('EnableBorrowerFiles'), + UseKohaPlugins => C4::Context->preference('UseKohaPlugins'), ); } else { @@ -381,8 +378,10 @@ sub get_template_and_user { my $opac_search_limit = $ENV{'OPAC_SEARCH_LIMIT'}; my $opac_limit_override = $ENV{'OPAC_LIMIT_OVERRIDE'}; my $opac_name = ''; - if (($opac_search_limit =~ /branch:(\w+)/ && $opac_limit_override) || $in->{'query'}->param('limit') =~ /branch:(\w+)/){ + if (($opac_search_limit && $opac_search_limit =~ /branch:(\w+)/ && $opac_limit_override) || ($in->{'query'}->param('limit') && $in->{'query'}->param('limit') =~ /branch:(\w+)/)){ $opac_name = $1; # opac_search_limit is a branch, so we use it. + } elsif ( $in->{'query'}->param('multibranchlimit') ) { + $opac_name = $in->{'query'}->param('multibranchlimit'); } elsif (C4::Context->preference("SearchMyLibraryFirst") && C4::Context->userenv && C4::Context->userenv->{'branch'}) { $opac_name = C4::Context->userenv->{'branch'}; } @@ -391,13 +390,14 @@ sub get_template_and_user { AnonSuggestions => "" . C4::Context->preference("AnonSuggestions"), AuthorisedValueImages => C4::Context->preference("AuthorisedValueImages"), BranchesLoop => GetBranchesLoop($opac_name), - CalendarFirstDayOfWeek => (C4::Context->preference("CalendarFirstDayOfWeek") eq "Sunday")?0:1, + BranchCategoriesLoop => GetBranchCategories( undef, undef, 1, $opac_name ), + CalendarFirstDayOfWeek => (C4::Context->preference("CalendarFirstDayOfWeek") eq "Sunday")?0:1, LibraryName => "" . C4::Context->preference("LibraryName"), LibraryNameTitle => "" . $LibraryNameTitle, LoginBranchname => C4::Context->userenv?C4::Context->userenv->{"branchname"}:"", OPACAmazonCoverImages => C4::Context->preference("OPACAmazonCoverImages"), OPACFRBRizeEditions => C4::Context->preference("OPACFRBRizeEditions"), - OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"), + OpacHighlightedWords => C4::Context->preference("OpacHighlightedWords"), OPACItemHolds => C4::Context->preference("OPACItemHolds"), OPACShelfBrowser => "". C4::Context->preference("OPACShelfBrowser"), OpacShowRecentComments => C4::Context->preference("OpacShowRecentComments"), @@ -408,7 +408,7 @@ sub get_template_and_user { OpacAuthorities => C4::Context->preference("OpacAuthorities"), OPACBaseURL => ($in->{'query'}->https() ? "https://" : "http://") . $ENV{'SERVER_NAME'} . ($ENV{'SERVER_PORT'} eq ($in->{'query'}->https() ? "443" : "80") ? '' : ":$ENV{'SERVER_PORT'}"), - opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, + opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, opac_search_limit => $opac_search_limit, opac_limit_override => $opac_limit_override, OpacBrowser => C4::Context->preference("OpacBrowser"), @@ -422,7 +422,7 @@ sub get_template_and_user { OpacNavRight => "" . C4::Context->preference("OpacNavRight"), OpacNavBottom => "" . C4::Context->preference("OpacNavBottom"), OpacPasswordChange => C4::Context->preference("OpacPasswordChange"), - OPACPatronDetails => C4::Context->preference("OPACPatronDetails"), + OPACPatronDetails => C4::Context->preference("OPACPatronDetails"), OPACPrivacy => C4::Context->preference("OPACPrivacy"), OPACFinesTab => C4::Context->preference("OPACFinesTab"), OpacTopissue => C4::Context->preference("OpacTopissue"), @@ -462,6 +462,8 @@ sub get_template_and_user { SyndeticsSeries => C4::Context->preference("SyndeticsSeries"), SyndeticsCoverImageSize => C4::Context->preference("SyndeticsCoverImageSize"), OPACLocalCoverImages => C4::Context->preference("OPACLocalCoverImages"), + PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), + PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), ); $template->param(OpacPublic => '1') if ($user || C4::Context->preference("OpacPublic")); @@ -553,10 +555,11 @@ sub _version_check { my $version; # If Version syspref is unavailable, it means Koha is beeing installed, # and so we must redirect to OPAC maintenance page or to the WebInstaller - # also, if OpacMaintenance is ON, OPAC should redirect to maintenance - if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { + # also, if OpacMaintenance is ON, OPAC should redirect to maintenance + if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { warn "OPAC Install required, redirecting to maintenance"; print $query->redirect("/cgi-bin/koha/maintenance.pl"); + safe_exit; } unless ( $version = C4::Context->preference('Version') ) { # assignment, not comparison if ( $type ne 'opac' ) { @@ -597,22 +600,27 @@ sub _session_log { close $fh; } +sub _timeout_syspref { + my $timeout = C4::Context->preference('timeout') || 600; + # value in days, convert in seconds + if ($timeout =~ /(\d+)[dD]/) { + $timeout = $1 * 86400; + }; + return $timeout; +} + sub checkauth { my $query = shift; - $debug and warn "Checking Auth"; + $debug and warn "Checking Auth"; # $authnotrequired will be set for scripts which will run without authentication my $authnotrequired = shift; my $flagsrequired = shift; my $type = shift; + my $persona = shift; $type = 'opac' unless $type; my $dbh = C4::Context->dbh; - my $timeout = C4::Context->preference('timeout'); - # days - if ($timeout =~ /(\d+)[dD]/) { - $timeout = $1 * 86400; - }; - $timeout = 600 unless $timeout; + my $timeout = _timeout_syspref(); _version_check($type,$query); # state variables @@ -626,15 +634,20 @@ sub checkauth { my $casparam = $query->param('cas'); if ( $userid = $ENV{'REMOTE_USER'} ) { - # Using Basic Authentication, no cookies required + # Using Basic Authentication, no cookies required $cookie = $query->cookie( - -name => 'CGISESSID', - -value => '', - -expires => '' + -name => 'CGISESSID', + -value => '', + -expires => '', + -HttpOnly => 1, ); $loggedin = 1; } - elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison + elsif ( $persona ){ + # we dont want to set a session because we are being called by a persona callback + } + elsif ( $sessionID = $query->cookie("CGISESSID") ) + { # assignment, not comparison my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); my ($ip, $lasttime, $sessiontype); @@ -644,7 +657,8 @@ sub checkauth { $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); C4::Context::set_shelves_userenv('bar',$session->param('barshelves')); C4::Context::set_shelves_userenv('pub',$session->param('pubshelves')); @@ -653,7 +667,7 @@ sub checkauth { $ip = $session->param('ip'); $lasttime = $session->param('lasttime'); $userid = $session->param('id'); - $sessiontype = $session->param('sessiontype'); + $sessiontype = $session->param('sessiontype') || ''; } if ( ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) || ( $cas && $query->param('ticket') ) ) { @@ -663,9 +677,9 @@ sub checkauth { $session->flush; $session->delete(); C4::Context->_unset_userenv($sessionID); - $sessionID = undef; - $userid = undef; - } + $sessionID = undef; + $userid = undef; + } elsif ($logout) { # voluntary logout the user $session->flush; @@ -675,9 +689,9 @@ sub checkauth { $sessionID = undef; $userid = undef; - if ($cas and $caslogout) { - logout_cas($query); - } + if ($cas and $caslogout) { + logout_cas($query); + } } elsif ( $lasttime < time() - $timeout ) { # timed logout @@ -700,9 +714,13 @@ sub checkauth { $userid = undef; } else { - $cookie = $query->cookie( CGISESSID => $session->id ); - $session->param('lasttime',time()); - unless ( $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in... + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1 + ); + $session->param( 'lasttime', time() ); + unless ( $sessiontype && $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in... $flags = haspermission($userid, $flagsrequired); if ($flags) { $loggedin = 1; @@ -713,18 +731,24 @@ sub checkauth { } } unless ($userid || $sessionID) { + #we initiate a session prior to checking for a username to allow for anonymous sessions... my $session = get_session("") or die "Auth ERROR: Cannot get_session()"; my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); - $cookie = $query->cookie( CGISESSID => $sessionID ); - $userid = $query->param('userid'); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1 + ); + $userid = $query->param('userid'); if ( ( $cas && $query->param('ticket') ) || $userid || ( my $pki_field = C4::Context->preference('AllowPKIAuth') ) ne - 'None' ) + 'None' || $persona ) { my $password = $query->param('password'); + my ( $return, $cardnumber ); if ( $cas && $query->param('ticket') ) { my $retuserid; @@ -733,7 +757,29 @@ sub checkauth { $userid = $retuserid; $info{'invalidCasLogin'} = 1 unless ($return); } - elsif ( + + elsif ($persona) { + my $value = $persona; + + # If we're looking up the email, there's a chance that the person + # doesn't have a userid. So if there is none, we pass along the + # borrower number, and the bits of code that need to know the user + # ID will have to be smart enough to handle that. + require C4::Members; + my @users_info = C4::Members::GetBorrowersWithEmail($value); + if (@users_info) { + + # First the userid, then the borrowernum + $value = $users_info[0][1] || $users_info[0][0]; + } + else { + undef $value; + } + $return = $value ? 1 : 0; + $userid = $value; + } + + elsif ( ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} ) || ( $pki_field eq 'emailAddress' && $ENV{'SSL_CLIENT_S_DN_Email'} ) @@ -761,25 +807,26 @@ sub checkauth { } } - # 0 for no user, 1 for normal, 2 for demo user. + $return = $value ? 1 : 0; $userid = $value; - } + + } else { my $retuserid; ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid if ( $retuserid ne '' ); - } - if ($return) { + } + if ($return) { #_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); - if ( $flags = haspermission( $userid, $flagsrequired ) ) { - $loggedin = 1; - } - else { - $info{'nopermission'} = 1; - C4::Context->_unset_userenv($sessionID); - } + if ( $flags = haspermission( $userid, $flagsrequired ) ) { + $loggedin = 1; + } + else { + $info{'nopermission'} = 1; + C4::Context->_unset_userenv($sessionID); + } my ($borrowernumber, $firstname, $surname, $userflags, $branchcode, $branchname, $branchprinter, $emailaddress); @@ -875,41 +922,48 @@ sub checkauth { $session->param('ip',$session->remote_addr()); $session->param('lasttime',time()); } + if ($persona){ + $session->param('persona',1); + } C4::Context::set_userenv( $session->param('number'), $session->param('id'), $session->param('cardnumber'), $session->param('firstname'), $session->param('surname'), $session->param('branch'), $session->param('branchname'), $session->param('flags'), - $session->param('emailaddress'), $session->param('branchprinter') + $session->param('emailaddress'), $session->param('branchprinter'), + $session->param('persona') ); } - else { - if ($userid) { - $info{'invalid_username_or_password'} = 1; - C4::Context->_unset_userenv($sessionID); - } - } - } # END if ( $userid = $query->param('userid') ) - elsif ($type eq "opac") { + else { + if ($userid) { + $info{'invalid_username_or_password'} = 1; + C4::Context->_unset_userenv($sessionID); + } + } + } # END if ( $userid = $query->param('userid') ) + elsif ($type eq "opac") { # if we are here this is an anonymous session; add public lists to it and a few other items... # anonymous sessions are created only for the OPAC - $debug and warn "Initiating an anonymous session..."; + $debug and warn "Initiating an anonymous session..."; - # setting a couple of other session vars... - $session->param('ip',$session->remote_addr()); - $session->param('lasttime',time()); - $session->param('sessiontype','anon'); - } - } # END unless ($userid) - my $insecure = C4::Context->boolean_preference('insecure'); + # setting a couple of other session vars... + $session->param('ip',$session->remote_addr()); + $session->param('lasttime',time()); + $session->param('sessiontype','anon'); + } + } # END unless ($userid) # finished authentification, now respond - if ( $loggedin || $authnotrequired || ( defined($insecure) && $insecure ) ) + if ( $loggedin || $authnotrequired ) { # successful login unless ($cookie) { - $cookie = $query->cookie( CGISESSID => '' ); + $cookie = $query->cookie( + -name => 'CGISESSID', + -value => '', + -HttpOnly => 1 + ); } return ( $userid, $cookie, $sessionID, $flags ); } @@ -927,17 +981,11 @@ sub checkauth { my $value = $query->param($name); push @inputs, { name => $name, value => $value }; } - # get the branchloop, which we need for authentication - my $branches = GetBranches(); - my @branch_loop; - for my $branch_hash (sort keys %$branches) { - push @branch_loop, {branchcode => "$branch_hash", branchname => $branches->{$branch_hash}->{'branchname'}, }; - } my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tmpl' : 'auth.tmpl'; my $template = C4::Templates::gettemplate($template_name, $type, $query ); $template->param( - branchloop => \@branch_loop, + branchloop => GetBranchesLoop(), opaccolorstylesheet => C4::Context->preference("opaccolorstylesheet"), opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"), login => 1, @@ -962,10 +1010,9 @@ sub checkauth { OpacAuthorities => C4::Context->preference("OpacAuthorities"), OpacBrowser => C4::Context->preference("OpacBrowser"), opacheader => C4::Context->preference("opacheader"), - TagsEnabled => C4::Context->preference("TagsEnabled"), + TagsEnabled => C4::Context->preference("TagsEnabled"), OPACUserCSS => C4::Context->preference("OPACUserCSS"), - intranetcolorstylesheet => - C4::Context->preference("intranetcolorstylesheet"), + intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"), intranetstylesheet => C4::Context->preference("intranetstylesheet"), intranetbookbag => C4::Context->preference("intranetbookbag"), IntranetNav => C4::Context->preference("IntranetNav"), @@ -973,7 +1020,10 @@ sub checkauth { intranetuserjs => C4::Context->preference("intranetuserjs"), IndependantBranches=> C4::Context->preference("IndependantBranches"), AutoLocation => C4::Context->preference("AutoLocation"), - wrongip => $info{'wrongip'}, + wrongip => $info{'wrongip'}, + PatronSelfRegistration => C4::Context->preference("PatronSelfRegistration"), + PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), + persona => C4::Context->preference("Persona"), ); $template->param( OpacPublic => C4::Context->preference("OpacPublic")); @@ -981,24 +1031,23 @@ sub checkauth { if ($cas) { - # Is authentication against multiple CAS servers enabled? + # Is authentication against multiple CAS servers enabled? if (C4::Auth_with_cas::multipleAuth && !$casparam) { - my $casservers = C4::Auth_with_cas::getMultipleAuth(); - my @tmplservers; - foreach my $key (keys %$casservers) { - push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; - } - #warn Data::Dumper::Dumper(\@tmplservers); - $template->param( - casServersLoop => \@tmplservers - ); - } else { + my $casservers = C4::Auth_with_cas::getMultipleAuth(); + my @tmplservers; + foreach my $key (keys %$casservers) { + push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; + } + $template->param( + casServersLoop => \@tmplservers + ); + } else { $template->param( casServerUrl => login_cas_url($query), - ); - } + ); + } - $template->param( + $template->param( invalidCasLogin => $info{'invalidCasLogin'} ); } @@ -1059,8 +1108,7 @@ sub check_api_auth { my $flagsrequired = shift; my $dbh = C4::Context->dbh; - my $timeout = C4::Context->preference('timeout'); - $timeout = 600 unless $timeout; + my $timeout = _timeout_syspref(); unless (C4::Context->preference('Version')) { # database has not been installed yet @@ -1120,7 +1168,11 @@ sub check_api_auth { $sessionID = undef; return ("expired", undef, undef); } else { - my $cookie = $query->cookie( CGISESSID => $session->id ); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $session->id, + -HttpOnly => 1, + ); $session->param('lasttime',time()); my $flags = haspermission($userid, $flagsrequired); if ($flags) { @@ -1140,23 +1192,23 @@ sub check_api_auth { # new login my $userid = $query->param('userid'); my $password = $query->param('password'); - my ($return, $cardnumber); - - # Proxy CAS auth - if ($cas && $query->param('PT')) { - my $retuserid; - $debug and print STDERR "## check_api_auth - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $PT = $query->param('PT'); - ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH - } else { - # User / password auth - unless ($userid and $password) { - # caller did something wrong, fail the authenticateion - return ("failed", undef, undef); - } - ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); - } + my ($return, $cardnumber); + + # Proxy CAS auth + if ($cas && $query->param('PT')) { + my $retuserid; + $debug and print STDERR "## check_api_auth - checking CAS\n"; + # In case of a CAS authentication, we use the ticket instead of the password + my $PT = $query->param('PT'); + ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH + } else { + # User / password auth + unless ($userid and $password) { + # caller did something wrong, fail the authenticateion + return ("failed", undef, undef); + } + ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); + } if ($return and haspermission( $userid, $flagsrequired)) { my $session = get_session(""); @@ -1164,7 +1216,11 @@ sub check_api_auth { my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); - my $cookie = $query->cookie(CGISESSID => $sessionID); + my $cookie = $query->cookie( + -name => 'CGISESSID', + -value => $sessionID, + -HttpOnly => 1, + ); if ( $return == 1 ) { my ( $borrowernumber, $firstname, $surname, @@ -1292,8 +1348,7 @@ sub check_cookie_auth { my $flagsrequired = shift; my $dbh = C4::Context->dbh; - my $timeout = C4::Context->preference('timeout'); - $timeout = 600 unless $timeout; + my $timeout = _timeout_syspref(); unless (C4::Context->preference('Version')) { # database has not been installed yet @@ -1396,7 +1451,7 @@ sub get_session { $session = new CGI::Session("driver:PostgreSQL;serializer:yaml;id:md5", $sessionID, {Handle=>$dbh}); } elsif ($storage_method eq 'memcached' && C4::Context->ismemcached){ - $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); + $session = new CGI::Session("driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); } else { # catch all defaults to tmp should work on all systems @@ -1416,11 +1471,11 @@ sub checkpw { if ($cas && $query && $query->param('ticket')) { $debug and print STDERR "## checkpw - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $ticket = $query->param('ticket'); + # In case of a CAS authentication, we use the ticket instead of the password + my $ticket = $query->param('ticket'); my ($retval,$retcard,$retuserid) = checkpw_cas($dbh, $ticket, $query); # EXTERNAL AUTH ($retval) and return ($retval,$retcard,$retuserid); - return 0; + return 0; } # INTERNAL AUTH @@ -1493,7 +1548,13 @@ sub getuserflags { my $userid = shift; my $dbh = @_ ? shift : C4::Context->dbh; my $userflags; - $flags = 0 unless $flags; + { + # I don't want to do this, but if someone logs in as the database + # user, it would be preferable not to spam them to death with + # numeric warnings. So, we make $flags numeric. + no warnings 'numeric'; + $flags += 0; + } my $sth = $dbh->prepare("SELECT bit, flag, defaulton FROM userflags"); $sth->execute;