X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth.pm;h=fcf7c486735209d9c505e32c36aa87f1b45e74e6;hb=3cf4d92a5f2b7cd4a15913e96108f79323978000;hp=332b8c67c1e84c9c6a1657918e7a9628711a422d;hpb=8627ec5f6a274e46940bb82c52341e012fc6406d;p=koha.git diff --git a/C4/Auth.pm b/C4/Auth.pm index 332b8c67c1..fcf7c48673 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -29,18 +29,18 @@ require Exporter; use C4::Context; use C4::Templates; # to get the template use C4::Languages; -use C4::Branch; # GetBranches use C4::Search::History; use Koha; -use Koha::AuthUtils qw(hash_password); -use Koha::LibraryCategories; +use Koha::Caches; +use Koha::AuthUtils qw(get_script_name hash_password); use Koha::Libraries; +use Koha::LibraryCategories; use POSIX qw/strftime/; use List::MoreUtils qw/ any /; use Encode qw( encode is_utf8); # use utf8; -use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $shib $shib_login); +use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $shib $shib_login); BEGIN { sub psgi_env { any { /^psgi\./ } keys %ENV } @@ -49,7 +49,6 @@ BEGIN { if (psgi_env) { die 'psgi:exit' } else { exit } } - $VERSION = 3.07.00.049; # set version for version checking $debug = $ENV{DEBUG}; @ISA = qw(Exporter); @@ -193,11 +192,16 @@ sub get_template_and_user { -HttpOnly => 1, ); - $template->param( loginprompt => 1 ); + $template->param( + loginprompt => 1, + script_name => get_script_name(), + ); print $in->{query}->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie, + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; @@ -508,8 +512,6 @@ sub get_template_and_user { $template->param( OpacAdditionalStylesheet => C4::Context->preference("OpacAdditionalStylesheet"), AnonSuggestions => "" . C4::Context->preference("AnonSuggestions"), - AuthorisedValueImages => C4::Context->preference("AuthorisedValueImages"), - BranchesLoop => GetBranchesLoop($opac_name), BranchCategoriesLoop => $library_categories, opac_name => $opac_name, LibraryName => "" . C4::Context->preference("LibraryName"), @@ -1073,9 +1075,10 @@ sub checkauth { # if they specify at login, use that if ( $query->param('branch') ) { $branchcode = $query->param('branch'); - $branchname = GetBranchName($branchcode); + my $library = Koha::Libraries->find($branchcode); + $branchname = $library? $library->branchname: ''; } - my $branches = GetBranches(); + my $branches = { map { $_->branchcode => $_->unblessed } Koha::Libraries->search }; if ( C4::Context->boolean_preference('IndependentBranches') && C4::Context->boolean_preference('Autolocation') ) { # we have to check they are coming from the right ip range @@ -1086,7 +1089,6 @@ sub checkauth { } } - my @branchesloop; foreach my $br ( keys %$branches ) { # now we work with the treatment of ip @@ -1203,11 +1205,11 @@ sub checkauth { my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tt' : 'auth.tt'; my $template = C4::Templates::gettemplate( $template_name, $type, $query ); $template->param( - branchloop => GetBranchesLoop(), OpacAdditionalStylesheet => C4::Context->preference("OpacAdditionalStylesheet"), opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"), login => 1, INPUTS => \@inputs, + script_name => get_script_name(), casAuthentication => C4::Context->preference("casAuthentication"), shibbolethAuthentication => $shib, SessionRestrictionByIP => C4::Context->preference("SessionRestrictionByIP"), @@ -1248,6 +1250,7 @@ sub checkauth { opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, ); + $template->param( SCO_login => 1 ) if ( $query->param('sco_user_login') ); $template->param( OpacPublic => C4::Context->preference("OpacPublic") ); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; @@ -1293,6 +1296,13 @@ sub checkauth { ); } + if (C4::Context->preference('GoogleOpenIDConnect')) { + if ($query->param("OpenIDConnectFailed")) { + my $reason = $query->param('OpenIDConnectFailed'); + $template->param(invalidGoogleOpenIDConnectLogin => $reason); + } + } + $template->param( LibraryName => C4::Context->preference("LibraryName"), ); @@ -1301,9 +1311,11 @@ sub checkauth { # $cookie = $query->cookie(CGISESSID => $session->id # ); print $query->header( - -type => 'text/html', - -charset => 'utf-8', - -cookie => $cookie + { type => 'text/html', + charset => 'utf-8', + cookie => $cookie, + 'X-Frame-Options' => 'SAMEORIGIN' + } ), $template->output; safe_exit; @@ -1514,10 +1526,10 @@ sub check_api_auth { # if they specify at login, use that if ( $query->param('branch') ) { $branchcode = $query->param('branch'); - $branchname = GetBranchName($branchcode); + my $library = Koha::Libraries->find($branchcode); + $branchname = $library? $library->branchname: ''; } - my $branches = GetBranches(); - my @branchesloop; + my $branches = { map { $_->branchcode => $_->unblessed } Koha::Libraries->search }; foreach my $br ( keys %$branches ) { # now we work with the treatment of ip @@ -1600,7 +1612,9 @@ Possible return values in C<$status> are: sub check_cookie_auth { my $cookie = shift; my $flagsrequired = shift; + my $params = shift; + my $remote_addr = $params->{remote_addr} || $ENV{REMOTE_ADDR}; my $dbh = C4::Context->dbh; my $timeout = _timeout_syspref(); @@ -1657,7 +1671,7 @@ sub check_cookie_auth { $userid = undef; $sessionID = undef; return ("expired", undef); - } elsif ( C4::Context->preference('SessionRestrictionByIP') && $ip ne $ENV{'REMOTE_ADDR'} ) { + } elsif ( C4::Context->preference('SessionRestrictionByIP') && $ip ne $remote_addr ) { # IP address changed $session->delete(); @@ -1711,8 +1725,9 @@ sub get_session { elsif ( $storage_method eq 'Pg' ) { $session = new CGI::Session( "driver:PostgreSQL;serializer:yaml;id:md5", $sessionID, { Handle => $dbh } ); } - elsif ( $storage_method eq 'memcached' && C4::Context->ismemcached ) { - $session = new CGI::Session( "driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => C4::Context->memcached } ); + elsif ( $storage_method eq 'memcached' && Koha::Caches->get_instance->memcached_cache ) { + my $memcached = Koha::Caches->get_instance()->memcached_cache; + $session = new CGI::Session( "driver:memcached;serializer:yaml;id:md5", $sessionID, { Memcached => $memcached } ); } else { # catch all defaults to tmp should work on all systems @@ -1723,8 +1738,13 @@ sub get_session { return $session; } + +# FIXME no_set_userenv may be replaced with force_branchcode_for_userenv +# (or something similar) +# Currently it's only passed from C4::SIP::ILS::Patron::check_password, but +# not having a userenv defined could cause a crash. sub checkpw { - my ( $dbh, $userid, $password, $query, $type ) = @_; + my ( $dbh, $userid, $password, $query, $type, $no_set_userenv ) = @_; $type = 'opac' unless $type; if ($ldap) { $debug and print STDERR "## checkpw - checking LDAP\n"; @@ -1764,11 +1784,11 @@ sub checkpw { } # INTERNAL AUTH - return checkpw_internal(@_) + return checkpw_internal( $dbh, $userid, $password, $no_set_userenv); } sub checkpw_internal { - my ( $dbh, $userid, $password ) = @_; + my ( $dbh, $userid, $password, $no_set_userenv ) = @_; $password = Encode::encode( 'UTF-8', $password ) if Encode::is_utf8($password); @@ -1798,7 +1818,7 @@ sub checkpw_internal { if ( checkpw_hash( $password, $stored_hash ) ) { C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber, - $firstname, $surname, $branchcode, $branchname, $flags ); + $firstname, $surname, $branchcode, $branchname, $flags ) unless $no_set_userenv; return 1, $cardnumber, $userid; } } @@ -1815,7 +1835,7 @@ sub checkpw_internal { if ( checkpw_hash( $password, $stored_hash ) ) { C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber, - $firstname, $surname, $branchcode, $branchname, $flags ); + $firstname, $surname, $branchcode, $branchname, $flags ) unless $no_set_userenv; return 1, $cardnumber, $userid; } }