Bug 18144: Restore pieces of C4/Auth to make Google OpenID Connect work

By restoring some pieces of logic, with the name changed from $persona
to $emailaddress, the openid will work again for OPAC logins.

See https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10988#c68
for an excellent test plan.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Did not test it, but trust in author and signoffer

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 8652aad..a139bce 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -748,6 +748,7 @@ sub checkauth {
     my $authnotrequired = shift;
     my $flagsrequired   = shift;
     my $type            = shift;
+    my $emailaddress    = shift;
     $type = 'opac' unless $type;
 
     my $dbh     = C4::Context->dbh;
@@ -788,6 +789,9 @@ sub checkauth {
         );
         $loggedin = 1;
     }
+    elsif ( $emailaddress) {
+        # the Google OpenID Connect passes an email address
+    }
     elsif ( $sessionID = $query->cookie("CGISESSID") )
     {    # assignment, not comparison
         my $session = get_session($sessionID);
@@ -924,7 +928,8 @@ sub checkauth {
         if ( ( $cas && $query->param('ticket') )
             || $q_userid
             || ( $shib && $shib_login )
-            || $pki_field ne 'None' )
+            || $pki_field ne 'None'
+            || $emailaddress )
         {
             my $password    = $query->param('password');
             my $shibSuccess = 0;
@@ -952,6 +957,26 @@ sub checkauth {
                     $info{'invalidCasLogin'} = 1 unless ($return);
                 }
 
+                elsif ( $emailaddress ) {
+                    my $value = $emailaddress;
+
+                    # If we're looking up the email, there's a chance that the person
+                    # doesn't have a userid. So if there is none, we pass along the
+                    # borrower number, and the bits of code that need to know the user
+                    # ID will have to be smart enough to handle that.
+                    require C4::Members;
+                    my @users_info = C4::Members::GetBorrowersWithEmail($value);
+                    if (@users_info) {
+
+                        # First the userid, then the borrowernum
+                        $value = $users_info[0][1] || $users_info[0][0];
+                    } else {
+                        undef $value;
+                    }
+                    $return = $value ? 1 : 0;
+                    $userid = $value;
+                }
+
                 elsif (
                     ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} )
                     || ( $pki_field eq 'emailAddress'