new C4::Auth::get_session for single place to get CGI::Session object

Refactoring to provide single place to get CGI::Session ojbject;
fixes bug for DB storage method other than 'mysql'.

This refactoring is also part of the patch series for
handling large input files for staging and processing
MARC records.

Signed-off-by: Joshua Ferraro <jmf@liblime.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index cd775c4..f35dbb8 100755 (executable)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -89,6 +89,7 @@ C4::Auth - Authenticates Koha users
 );
 @EXPORT_OK = qw(
   &check_api_auth
+  &get_session
 );
 
 =item get_template_and_user
@@ -412,18 +413,7 @@ sub checkauth {
         $loggedin = 1;
     }
     elsif ( $sessionID = $query->cookie("CGISESSID")) {
-               my $storage_method = C4::Context->preference('SessionStorage');
-               my $session;
-               if ($storage_method eq 'mysql'){
-                   $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
-               }
-               elsif ($storage_method eq 'Pg') {
-                       $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
-               }
-               else {
-                       # catch all defaults to tmp should work on all systems
-                       $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});
-               }
+        my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
         if ($session){
             C4::Context::set_userenv(
@@ -504,18 +494,7 @@ sub checkauth {
         }
     }
     unless ($userid) {
-               my $storage_method = C4::Context->preference('SessionStorage');
-               my $session;
-               if ($storage_method eq 'mysql'){
-                   $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
-               }
-               elsif ($storage_method eq 'Pg') {
-                       $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
-               }
-               else {
-                       # catch all defaults to tmp should work on all systems
-                       $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});                    
-               }
+               my $session = get_session("");
 
         my $sessionID;
                if ($session) {
@@ -828,18 +807,7 @@ sub check_api_auth {
         $sessionID = $query->cookie("CGISESSID");
     }
     if ($sessionID) {
-        my $storage_method = C4::Context->preference('SessionStorage');
-        my $session;
-        if ($storage_method eq 'mysql'){
-            $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
-        }
-        elsif ($storage_method eq 'Pg') {
-            $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
-        }
-        else {
-            # catch all defaults to tmp should work on all systems
-            $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});
-        }
+        my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
         if ($session) {
             C4::Context::set_userenv(
@@ -894,16 +862,7 @@ sub check_api_auth {
         }
         my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password );
         if ($return and haspermission( $dbh, $userid, $flagsrequired)) {
-            my $storage_method = C4::Context->preference('SessionStorage');
-            my $session;
-            if ($storage_method eq 'mysql'){
-                $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
-            } elsif ($storage_method eq 'Pg') {
-                $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
-            } else {
-                # catch all defaults to tmp should work on all systems
-                $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});
-            }
+            my $session = get_session("");
             return ("failed", undef, undef) unless $session;
 
             my $sessionID = $session->id;
@@ -1004,6 +963,39 @@ sub check_api_auth {
     } 
 }
 
+=item get_session
+
+  use CGI::Session;
+  my $session = get_session($sessionID);
+
+Given a session ID, retrieve the CGI::Session object used to store
+the session's state.  The session object can be used to store 
+data that needs to be accessed by different scripts during a
+user's session.
+
+If the C<$sessionID> parameter is an empty string, a new session
+will be created.
+
+=cut
+
+sub get_session {
+    my $sessionID = shift;
+    my $storage_method = C4::Context->preference('SessionStorage');
+    my $dbh = C4::Context->dbh;
+    my $session;
+    if ($storage_method eq 'mysql'){
+        $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+    }
+    elsif ($storage_method eq 'Pg') {
+        $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh});
+    }
+    else {
+        # catch all defaults to tmp should work on all systems
+        $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});
+    }
+    return $session;
+}
+
 sub checkpw {
 
     my ( $dbh, $userid, $password ) = @_;

diff --git a/circ/circulation.pl b/circ/circulation.pl
index db987ae..fd66189 100755 (executable)
--- a/circ/circulation.pl
+++ b/circ/circulation.pl
@@ -26,7 +26,7 @@ use strict;
 use CGI;
 use C4::Output;
 use C4::Print;
-use C4::Auth;
+use C4::Auth qw/:DEFAULT get_session/;
 use C4::Date;
 use C4::Branch; # GetBranches
 use C4::Koha;   # GetPrinter
@@ -59,7 +59,7 @@ if ($branch){
     # update our session so the userenv is updated
     my $dbh=C4::Context->dbh;
     my $sessionID = $query->cookie("CGISESSID") ;
-    my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+    my $session = get_session($sessionID);
     $session->param('branch',$branch);
     my $branchname = GetBranchName($branch);
     $session->param('branchname',$branchname);
@@ -70,7 +70,7 @@ if ($printer){
     # update our session so the userenv is updated
        my $dbh=C4::Context->dbh;
        my $sessionID = $query->cookie("CGISESSID") ;
-       my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+       my $session = get_session($sessionID);
        $session->param('branchprinter',$printer);
 
 }

diff --git a/opac/opac-logout.pl b/opac/opac-logout.pl
index 5e7d8b5..a64af0b 100755 (executable)
--- a/opac/opac-logout.pl
+++ b/opac/opac-logout.pl
@@ -17,6 +17,7 @@
 
 use CGI;
 use C4::Context;
+use C4::Auth qw/:DEFAULT get_session/;
 use C4::Output;
 use HTML::Template;
 use CGI::Session;
@@ -60,17 +61,8 @@ foreach (keys %$sessions) {
 }
 
 my $dbh = C4::Context->dbh;
-
 # Check that this is the ip that created the session before deleting it
-
-    if ($storage_method eq 'mysql'){
-        $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
-    }
-    else {
-      # catch all defaults to tmp should work on all systems
-      $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'});      
-    }
-
+my $session = get_session($sessionID);
 $session->flush;
 $session->delete;
 my $sth=$dbh->prepare("delete from sessions where sessionID=?");

diff --git a/tools/upload-file-progress.pl b/tools/upload-file-progress.pl
index dd2479b..74ddc2b 100755 (executable)
--- a/tools/upload-file-progress.pl
+++ b/tools/upload-file-progress.pl
@@ -24,6 +24,7 @@ use IO::File;
 use CGI;
 use CGI::Session;
 use C4::Context;
+use C4::Auth qw/get_session/;
 use CGI::Cookie; # need to check cookies before
                  # having CGI parse the POST request
 use Digest::MD5;
@@ -31,9 +32,7 @@ use Digest::MD5;
 my %cookies = fetch CGI::Cookie;
 my $sessionID = $cookies{'CGISESSID'}->value;
 
-my $dbh = C4::Context->dbh;
-# FIXME get correct session -- not just mysql
-my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+my $session = get_session($sessionID);
 
 # FIXME - add authentication based on cookie
 

diff --git a/tools/upload-file.pl b/tools/upload-file.pl
index 21340d1..4b58114 100755 (executable)
--- a/tools/upload-file.pl
+++ b/tools/upload-file.pl
@@ -24,6 +24,7 @@ use IO::File;
 use CGI;
 use CGI::Session;
 use C4::Context;
+use C4::Auth qw/get_session/;
 use CGI::Cookie; # need to check cookies before
                  # having CGI parse the POST request
 use Digest::MD5;
@@ -31,9 +32,7 @@ use Digest::MD5;
 my %cookies = fetch CGI::Cookie;
 my $sessionID = $cookies{'CGISESSID'}->value;
 
-my $dbh = C4::Context->dbh;
-# FIXME get correct session -- not just mysql
-my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh});
+my $session = get_session($sessionID);
 
 # upload-file.pl must authenticate the user
 # before processing the POST request,