Commit graph

28 commits

Author SHA1 Message Date
Chris Cormack
13ca496206 Bug 18046: CAS logout infinite redirect
To test (You need a CAS server and CAS configured in Koha)

1/ Login using CAS in Koha
2/ Logout in Koha
3/ Notice you get redirected again and again
4/ Apply patch
5/ Login with CAS, then logout
6/ Notice logout works, but no longer infinitely redirected

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Patch has been in production use for several months
on several instances. Fixes a critical bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Looks like a typical workaround, but evidently works.
Not tested with CAS.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:20:06 -03:00
Matthias Meusburger
7e0f372b6c Bug 17481: Fix incorrect merge of bug 11048 (logout redirection for CAS authentication)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-11-07 16:34:57 +00:00
Mark Tompsett
6b3a04da6a Bug 16622: some tests triggered by prove t fail for unset KOHA_CONF
TEST PLAN
---------
1) unset KOHA_CONF
2) prove t
   -- 00-load.t dies miserably
3) prove t/Creators.t
   -- fails
4) apply patch
5) prove t
   -- noisy, but all tests successful
6) prove -v t/Creators.t
   -- 2 skipped tests
7) run koha qa test tools

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-05 06:09:58 +00:00
Jesse Weaver
d475dae773 Bug 16818: External auth redirect broken under Plack
Test plan:

0) Have either CAS or Shibboleth authentication enabled under Plack.
1) Hover over the authentication link on the staff client or OPAC, and
   notice that it has either '.../opac/...' or '.../intranet/...' instead
   of '.../cgi-bin/koha/...'. (This will be a complete dealbreaker for CAS
   authentication.)
2) Apply patch.
3) Check links again; they should now have the correct paths.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Did not test CAS or Shibboleth, but no regression found.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:42:44 +00:00
017699c345 Bug 16011: $VERSION - Remove the $VERSION init
Mainly a
  perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:28 +00:00
3830d78d46 Bug 16011: $VERSION - remove use vars $VERSION
perl -p -i -e 's/^(use vars .*)\$VERSION\s?(.*)/$1$2/' **/*.pm

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-03-24 17:20:26 +00:00
Mark Tompsett
588f13e699 Bug 14121: Silence warnings t/db_dependent/Auth_with_cas.t
TEST PLAN
---------
1) $ prove t/db_dependent/Auth_with_cas.t
   -- CGI security warning
2) apply patch
3) $ prove t/db_dependent/Auth_with_cas.t
   -- no noise.
4) koha qa test tools

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Not able to reproduce the error on my setup, but the code
is a clear improvement over the previous version.
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-20 10:32:21 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Matthias Meusburger
bb63ef6a2e Bug 13507: Add intranet support for CAS authentication
This patch allows to use CAS authentication for intranet login.

 It works exactly the same as the OPAC login, except that the
 staffClientBaseURL syspref must be set for intranet login
 (like OPACBaseURL must be set for OPAC login).

Signed-off-by: Koha Team AMU <koha.aixmarseille@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-08 12:04:26 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Julian Maurice
8c5671087d Bug 12398: Fix CAS authentication validation
CGI::url_param() also returns deleted parameters so we have to check
with CGI::param() too.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Took a while to get it working, but I can confirm CAS login is not
working without this patch, but does with it.

Some notes:
In order for this to work you have to add http:// in front of your
OpacBaseURL.
You will also need a CAS test server and install the certificate
on your system.

Tested with CAS test server provided by Biblibre.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-01 10:13:49 -03:00
Matthias Meusburger
c251f75240 Bug 11048: Fix logout redirection for CAS authentication
The logout redirection function after a CAS authentication was misused.
 This patch fixes it, and allows the CAS server to redirect the user back
 to the opac after logout.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

From the Authen::Cas::Client documentation

logout_url [%args]
         "logout_url()" returns the CAS server's logout URL which can
	 be used to redirect users to end
         authenticated sessions.  %args may contain the following
	 optional parameter:

         *   url => $url

	 If present, the CAS server will present the user
	 with a link to the given URL once the user has logged out.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Change only affects CAS authentication and is correct
according to the module documentation.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 05:20:26 +00:00
b57d98517c Bug 11219: (follow-up) fetch only URL parameters
This followup corrects the fact that when using $query->url(), both
GET and POST params are get.
Using $query->url_param() will only get params directly in URL.

Test plan :
- Enable CAS
- Go to login page : cgi-bin/koha/opac-user.pl
- Try to connect with local login using random login and password
  (they will be transmitted by POST)
- You stay to login page
- Look at CAS login URL
=> Without this patch it will contain the random login and password
   as parameters of opac-user.pl
=> With this patch it does not contain any parameter

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 05:16:34 +00:00
Fridolyn SOMERS
c8a18f5eef Bug 11219: make CAS authentication work with URL parameters
Bug 10029 tries to fix the use of URL parameters in CAS authentication.
But is does not work.
The full URL must be used in all methods of C4::Auth_with_cas.
Also, in checkpw_cas(), the 'ticket' parameter must be removed to find
the original URL.

This patch removes the 'ticket' parameter from query before calling
checkpw_cas() since the ticket is passed as method arguemnt.
In C4::Auth_with_cas, many methods use the same code to get the CAS
handler and the service URI. This patch adds a private method
_get_cas_and_service() to do the job.

Test plan:
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing
   authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber
   param
- Check CAS loggout
- Check Proxy CAS auth

Signed-off-by: Koha team AMU <koha.aixmarseille@gmail.com>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests in t, xt, and t/db_dependent/Auth.t.
Also passes QA script.

As I have no working CAS server, I focused on regression testing:
Activated Persona and casAuthentication.
- Verified normal login against database still works.
- Verified Persona login works.
  Note: With Persona you are always forwarded to the patron
  account - so you have to search for the record again before
  you can place a hold.
- Verified that the CAS URL contains the biblionumber when
  logging in while placing a hold.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Retested 2014-04-12

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-05-05 05:15:11 +00:00
Jonathan Druart
9db77158d0 Bug 10927: remove disused C4::Utils module
Bug 10925 removes the last call to C4::Utils.
The module becomes useless and can be deleted.

Verify that t/db_dependent/Context.t still successfully passes.
git grep hashdump
git grep maxwidth

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passes koha-qa.pl, no subs from the module are used anywhere

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-03 14:53:02 +00:00
Fridolyn SOMERS
974ab561ef Bug 10029 - CAS authentication fails in OPAC reserve
If OPAC reserve page is accessed without being logged-in, login form is displayed as well as a CAS authentication link (if enabled). A click on this link will lead to CAS server but one comming back to Koha, page shows an error : "ERROR: No biblionumber received".
This is because CAS link only contains the query path "/cgi-bin/koha/opac-reserve.pl", not the query parameters.

This patch adds query parameters to URI sent to CAS.

Test plan :
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber param

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I have followed the test plan as far as I could and the links
contain the biblionumber now, which they didn't before.
I couldn't check the CAS login, but my normal login worked
as expected.
All tests and the QA script pass.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-07-02 07:13:05 -07:00
Matthias Meusburger
07e30a78d3 Bug 8279: CAS Debugging improvements
Adds more precise debug informations for easier CAS troubleshootings resolution.

  Before this patch, whenever ticket validation failed, the debug message was "Invalid ticket".
  But ticket validation may fail for other reasons: CAS server not reachable, casServerUrl syspref is wrong...

  This patch adds the reason for ticket validation failing.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-27 18:05:02 +02:00
Chris Cormack
509d673f10 Bug 7941 : Fix version numbers in modules
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-06-11 17:29:38 +02:00
Julian Maurice
28bb1a3ed0 Bug 7745: Wrong service name for CAS authentification
When behind a proxy, Koha give a wrong service name to CAS server
(SCRIPT_URI environment variable). It now uses OPACBaseURL syspref.

Note: despite the OPACBaseURL description, you have to enter the
*full* URL (ie: with http:// or https://) in the syspref. (see Bug
7770)
Signed-off-by: Pierre Angot <tredok.pierre@gmail.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-03-22 06:21:23 +01:00
Chris Cormack
046c996c2f Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-10-13 10:49:49 +13:00
Chris Cormack
e8f654fcd2 Revert "Bug 5630 CAS improvements"
This reverts commit 9a3950f673.
2011-09-02 13:22:20 +12:00
Chris Cormack
9a3950f673 Bug 5630 CAS improvements
Squashed commit of the following:

commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:39 2011 +0100

    Bug 5630 : fixing C4/Auth.pm

commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:38 2011 +0100

    Bug 5630 : Adds CAS documentation

commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:37 2011 +0100

    Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on

    Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>

commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:36 2011 +0100

    Bug 5630 : Adds the ability to authenticate against multiple CAS servers

commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date:   Wed Jan 19 21:24:34 2011 +0100

    Auth_with_cas : removing a warning

    $sth was defined twice in a function
    Removing the second definition

commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date:   Wed Jan 19 21:24:33 2011 +0100

    Bug 6012 : MT 2270: CAS proxy

    CAS Proxy
    Examples included are now really usable

    Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2011-08-10 13:16:35 +12:00
Matthias Meusburger
ee06b581ce MT3186: Remove warnings from Auth_with_cas
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-04-23 06:55:13 -04:00
Lars Wirzenius
7279f55b60 Fix FSF address in directory C4/
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
2010-03-16 20:17:56 -04:00
Matthias Meusburger
c92bc8d73b Added debug mode for CAS warn messages 2009-11-23 16:34:31 +01:00
Henri-Damien LAURENT
36a01ea347 Second CAS version : CAS and non-CAS login can coexist
Conflicts solved :

	C4/Auth.pm
	opac/opac-main.pl
2009-11-23 16:26:35 +01:00
Matthias Meusburger
acdd090246 Moved CAS configuration from config file to sysprefs 2009-11-23 16:23:20 +01:00
Henri-Damien LAURENT
7126496210 First CAS version : when CAS is enabled, login through CAS is mandatory
Conflicts solved C4/Auth.pm
2009-11-23 16:21:37 +01:00