X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=C4%2FAuth.pm;h=721176959af4d82e0f6f1a846113f17b08381057;hb=5e94de956610072d3d37bbbde1c8d48920414118;hp=16e908a3996978127cd6d9e24d4b35d37fbedaeb;hpb=75a4efa7042a8d15ba7832d67b8670282da3abbc;p=koha_fer diff --git a/C4/Auth.pm b/C4/Auth.pm index 16e908a399..721176959a 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -26,40 +26,33 @@ use CGI::Session; require Exporter; use C4::Context; -use C4::Output; # to get the template +use C4::Templates; # to get the template use C4::Members; use C4::Koha; use C4::Branch; # GetBranches use C4::VirtualShelves; use POSIX qw/strftime/; -use List::MoreUtils qw/ any /; # use utf8; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $servers $memcached); BEGIN { - sub psgi_env { any { /^psgi\./ } keys %ENV } - sub safe_exit { - if ( psgi_env ) { die 'psgi:exit' } - else { exit } - } - - $VERSION = 3.02; # set version for version checking - $debug = $ENV{DEBUG}; - @ISA = qw(Exporter); - @EXPORT = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions); - @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions); - %EXPORT_TAGS = ( EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)] ); - $ldap = C4::Context->config('useldapserver') || 0; - $cas = C4::Context->preference('casAuthentication'); - $caslogout = C4::Context->preference('casLogout'); - require C4::Auth_with_cas; # no import + $VERSION = 3.02; # set version for version checking + $debug = $ENV{DEBUG}; + @ISA = qw(Exporter); + @EXPORT = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions); + @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions); + %EXPORT_TAGS = (EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)]); + $ldap = C4::Context->config('useldapserver') || 0; + $cas = C4::Context->preference('casAuthentication'); + $caslogout = C4::Context->preference('casLogout'); if ($ldap) { - require C4::Auth_with_ldap; - # no import import C4::Auth_with_ldap qw(checkpw_ldap); + require C4::Auth_with_ldap; # no import + import C4::Auth_with_ldap qw(checkpw_ldap); } if ($cas) { - import C4::Auth_with_cas qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); + require C4::Auth_with_cas; # no import + import C4::Auth_with_cas qw(checkpw_cas login_cas logout_cas login_cas_url); } $servers = C4::Context->config('memcached_servers'); if ($servers) { @@ -137,13 +130,13 @@ Output.pm module. =cut my $SEARCH_HISTORY_INSERT_SQL =<{'template_name'}, $in->{'type'}, $in->{'query'} ); + C4::Templates::gettemplate( $in->{'template_name'}, $in->{'type'}, $in->{'query'} ); my ( $user, $cookie, $sessionID, $flags ); if ( $in->{'template_name'} !~m/maintenance/ ) { ( $user, $cookie, $sessionID, $flags ) = checkauth( @@ -271,9 +264,13 @@ sub get_template_and_user { my @recentSearches = @{thaw($searchcookie) || []}; if (@recentSearches) { my $sth = $dbh->prepare($SEARCH_HISTORY_INSERT_SQL); - - $sth->execute( $borrowernumber, $in->{'query'}->cookie("CGISESSID"), $_->{'query_desc'}, $_->{'query_cgi'}, $_->{'limit_desc'}, $_->{'limit_cgi'}, $_->{'total'}, $_->{'time'}, ) - foreach @recentSearches; + $sth->execute( $borrowernumber, + $in->{'query'}->cookie("CGISESSID"), + $_->{'query_desc'}, + $_->{'query_cgi'}, + $_->{'total'}, + $_->{'time'}, + ) foreach @recentSearches; # And then, delete the cookie's content my $newsearchcookie = $in->{'query'}->cookie( @@ -575,18 +572,19 @@ sub _version_check ($$) { # and so we must redirect to OPAC maintenance page or to the WebInstaller # also, if OpacMaintenance is ON, OPAC should redirect to maintenance if (C4::Context->preference('OpacMaintenance') && $type eq 'opac') { + warn "OPAC Install required, redirecting to maintenance"; + print $query->redirect("/cgi-bin/koha/maintenance.pl"); + } + unless ($version = C4::Context->preference('Version')) { # assignment, not comparison + if ($type ne 'opac') { + warn "Install required, redirecting to Installer"; + print $query->redirect("/cgi-bin/koha/installer/install.pl"); + } + else { warn "OPAC Install required, redirecting to maintenance"; print $query->redirect("/cgi-bin/koha/maintenance.pl"); - } - unless ( $version = C4::Context->preference('Version') ) { # assignment, not comparison - if ( $type ne 'opac' ) { - warn "Install required, redirecting to Installer"; - print $query->redirect("/cgi-bin/koha/installer/install.pl"); - } else { - warn "OPAC Install required, redirecting to maintenance"; - print $query->redirect("/cgi-bin/koha/maintenance.pl"); - } - safe_exit; + } + exit; } # check that database and koha version are the same @@ -606,7 +604,7 @@ sub _version_check ($$) { warn sprintf("OPAC: " . $warning, 'maintenance'); print $query->redirect("/cgi-bin/koha/maintenance.pl"); } - safe_exit; + exit; } } @@ -641,10 +639,6 @@ sub checkauth { my ( $userid, $cookie, $sessionID, $flags, $barshelves, $pubshelves ); my $logout = $query->param('logout.x'); - # This parameter is the name of the CAS server we want to authenticate against, - # when using authentication against multiple CAS servers, as configured in Auth_cas_servers.yaml - my $casparam = $query->param('cas'); - if ( $userid = $ENV{'REMOTE_USER'} ) { # Using Basic Authentication, no cookies required $cookie = $query->cookie( @@ -942,7 +936,7 @@ sub checkauth { } my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tmpl' : 'auth.tmpl'; - my $template = gettemplate( $template_name, $type, $query ); + my $template = C4::Templates::gettemplate( $template_name, $type, $query ); $template->param(branchloop => \@branch_loop,); my $checkstyle = C4::Context->preference("opaccolorstylesheet"); if ($checkstyle =~ /\//) @@ -992,28 +986,11 @@ sub checkauth { $template->param( OpacPublic => C4::Context->preference("OpacPublic")); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; - if ($cas) { - - # Is authentication against multiple CAS servers enabled? - if (C4::Auth_with_cas::multipleAuth && !$casparam) { - my $casservers = C4::Auth_with_cas::getMultipleAuth(); - my @tmplservers; - foreach my $key (keys %$casservers) { - push @tmplservers, {name => $key, value => login_cas_url($query, $key) . "?cas=$key" }; - } - #warn Data::Dumper::Dumper(\@tmplservers); - $template->param( - casServersLoop => \@tmplservers - ); - } else { - $template->param( - casServerUrl => login_cas_url($query), - ); - } - + if ($cas) { $template->param( - invalidCasLogin => $info{'invalidCasLogin'} - ); + casServerUrl => login_cas_url(), + invalidCasLogin => $info{'invalidCasLogin'} + ); } my $self_url = $query->url( -absolute => 1 ); @@ -1030,7 +1007,7 @@ sub checkauth { -cookie => $cookie ), $template->output; - safe_exit; + exit; } =head2 check_api_auth @@ -1103,7 +1080,7 @@ sub check_api_auth { unless ($query->param('userid')) { $sessionID = $query->cookie("CGISESSID"); } - if ($sessionID && not $cas) { + if ($sessionID) { my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); if ($session) { @@ -1153,24 +1130,18 @@ sub check_api_auth { # new login my $userid = $query->param('userid'); my $password = $query->param('password'); - my ($return, $cardnumber); - - # Proxy CAS auth - if ($cas && $query->param('PT')) { + unless ($userid and $password) { + # caller did something wrong, fail the authenticateion + return ("failed", undef, undef); + } + my ($return, $cardnumber); + if ($cas && $query->param('ticket')) { my $retuserid; - $debug and print STDERR "## check_api_auth - checking CAS\n"; - # In case of a CAS authentication, we use the ticket instead of the password - my $PT = $query->param('PT'); - ($return,$cardnumber,$userid) = check_api_auth_cas($dbh, $PT, $query); # EXTERNAL AUTH + ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); + $userid = $retuserid; } else { - # User / password auth - unless ($userid and $password) { - # caller did something wrong, fail the authenticateion - return ("failed", undef, undef); - } ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); } - if ($return and haspermission( $userid, $flagsrequired)) { my $session = get_session(""); return ("failed", undef, undef) unless $session; @@ -1427,7 +1398,7 @@ sub checkpw { ($retval) and return ($retval,$retcard); } - if ($cas && $query && $query->param('ticket')) { + if ($cas && $query->param('ticket')) { $debug and print STDERR "## checkpw - checking CAS\n"; # In case of a CAS authentication, we use the ticket instead of the password my $ticket = $query->param('ticket');