Koha/opac/svc/overdrive
Nick Clemens 96adab7af8 Bug 22030: Use preference to determine username sent to overdrive
Overdrive configuration generally defaults to cardnumber, however, they
have confirmed that some libraries use usernames. We need to allow for
both scenarios.

To test:
1 - Have an OverDrive account setup with SIP authentication
    Note: You can apply for a testing account at developer.overdrive.com
    and setup an environment
2 - Fill in all your OverDrive system preferences
3 - Test with a patron whose username is their cardnumber
4 - Confirm their overdrive account tab on opac loads
5 - Change the username to be another value like "borked_wont_work"
6 - Note the overdrive account tab won't load
7 - Apply patch, update database, not new system preference
OverDriveUsername (default to 'cardnumber)
8 - Note the OD account loads successfully
9 - Change the system preference to 'user name' - the account load fails

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-08 13:59:46 +00:00

164 lines
5.9 KiB
Perl
Executable file

#!/usr/bin/perl
# script to action OverDrive API calls
# Copyright 2015 Catalyst IT
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use CGI qw ( -utf8 );
use JSON qw(encode_json);
use C4::Auth qw(checkauth);
use C4::Output;
use Koha::Logger;
use Koha::Patrons;
use Koha::Library::OverDriveInfos;
use Koha::ExternalContent::OverDrive;
my $logger = Koha::Logger->get({ interface => 'opac' });
our $cgi = new CGI;
my $page_url = $cgi->referer();
my ( $user, $cookie, $sessionID, $flags ) = checkauth( $cgi, 1, {}, 'opac' );
$user && $sessionID or response_bad_request("User not logged in");
my $action = $cgi->param('action') or response_bad_request("No 'action' specified");
my $od = Koha::ExternalContent::OverDrive->new({ koha_session_id => $sessionID });
my %data = (
is_logged_in => JSON::false,
);
local $@;
eval {
{
$action eq 'login' && do {
my $password = $cgi->param("password") // q{} ;
my $patron = Koha::Patrons->find({ userid => $user });
my $branch_info = $patron ? Koha::Library::OverDriveInfos->find( $patron->branchcode ) : undef;
my $od_username;
if ( C4::Context->preference('OverDriveUsername') eq 'cardnumber' ){
$od_username = $patron ? $patron->cardnumber : undef;
} else {
$od_username = $user;
}
my $branch_authname = $branch_info ? $branch_info->authname : undef;
my $authname = $branch_authname || C4::Context->preference('OverDriveAuthname');
$od->auth_by_userid($od_username, $password,C4::Context->preference('OverDriveWebsiteID'),$authname);
$data{login_success} = 1;
last;
};
if ($od->is_logged_in) {
$data{is_logged_in} = JSON::true;
$action eq 'logout' && do {
$od->forget();
$data{login_url} = $od->auth_url($page_url);
$data{is_logged_in} = JSON::false;
last;
};
$action eq 'account' && do {
$data{account} = $od->patron;
$data{checkouts} = $od->checkouts;
$data{holds} = $od->holds;
last;
};
$action eq 'checkout' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
my $format = $cgi->param('format');
$data{action} = $od->checkout($id, $format);
$data{checkouts} = $od->checkouts;
$data{holds} = $od->holds;
last;
};
$action eq 'checkout-format' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
my $format = $cgi->param('format')
or response_bad_request("No 'format' specified");
$data{action} = $od->lock_format($id, $format);
$data{checkouts} = $od->checkouts;
last;
};
$action eq 'download-url' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
my $format = $cgi->param('format')
or response_bad_request("No 'format' specified");
$data{action} = $od->checkout_download_url($id, $format, $page_url, $page_url);
last;
};
$action eq 'return' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
local $@;
$data{action} = eval { $od->return($id) };
$data{action} = $@ if $@;
$data{checkouts} = $od->checkouts;
last;
};
$action eq 'place-hold' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
$data{action} = $od->place_hold($id);
$data{holds} = $od->holds;
last;
};
$action eq 'remove-hold' && do {
my $id = $cgi->param('id')
or response_bad_request("No 'id' specified");
local $@;
$data{action} = eval { $od->remove_hold($id) };
$data{action} = $@ if $@;
$data{holds} = $od->holds;
last;
};
response_bad_request("Invalid 'action': $action");
}
}
};
if ($@) {
if ($od->is_not_authenticated_error("$@")) {
$logger->debug("OverDrive session timeout");
$data{is_logged_in} = JSON::false;
} else {
$logger->error($@);
$data{error} = $od->error_message("$@");
}
}
response(\%data);
sub response_bad_request {
my ($error) = @_;
response({error => $error}, "400 $error");
}
sub response {
my ($data, $status_line) = @_;
$status_line ||= "200 OK";
output_with_http_headers $cgi, undef, encode_json($data), 'json', $status_line;
exit;
}