Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
Nicholas van Oudtshoorn 722a098eac Bug 10988 - Fixes for comments 57 and 58 
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00

209 lines
12 KiB
Text
Raw Blame History

[% USE Koha %]
[% INCLUDE 'doc-head-open.inc' %]
<title>[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog &rsaquo;
[% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
Log in to your account
[% ELSE %]
Catalog login disabled
[% END %]</title>
[% INCLUDE 'doc-head-close.inc' %]
[% BLOCK cssinclude %][% END %]
</head>
[% INCLUDE 'bodytag.inc' bodyid='opac-login-page' bodyclass='scrollto' %]
[% INCLUDE 'masthead.inc' %]
<div class="main">
<ul class="breadcrumb">
<li><a href="/cgi-bin/koha/opac-main.pl">Home</a> <span class="divider">&rsaquo;</span></li>
<li><a href="#">Log in</a></li>
</ul>
<div class="container-fluid">
<div class="row-fluid">
<div class="span7 offset2">
<div id="opac-auth" class="maincontent">
<!--CONTENT-->
[% IF Koha.Preference( 'opacuserlogin' ) == 1 %]
[% IF ( nopermission ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert">
<h3>Access denied</h3>
<p>Sorry, the system doesn't think you have permission to access this page. </p>
</div>
[% END %]
[% IF ( loginprompt ) %]
<!-- login prompt time-->
<h3>Log in to your account</h3>
[% IF ( timed_out ) %]
<!-- This is what is displayed if login has timed out -->
<div class="alert alert-info">
<p>Sorry, your session has timed out. Please log in again.</p>
</div>
[% END %]
[% IF ( different_ip ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert alert-info">
<p>You are logging from a different IP address. Please log in again.</p>
</div>
[% END %]
[% IF ( invalid_username_or_password ) %]
<!-- This is what is displayed if user doesnt have permission -->
<div class="alert alert-info">
<p>You entered an incorrect username or password. Please try again! And remember, passwords are case sensitive.</p>
</div>
[% END %]
[% IF ( shibbolethAuthentication ) %]
[% IF ( invalidShibLogin ) %]
<!-- This is what is displayed if shibboleth login has failed to match a koha user -->
<div class="alert alert-info">
<p>
Sorry, your Shibboleth identity does not match a valid library identity.
[% IF ( casAuthentication ) %]
[% IF ( invalidCasLogin ) %]
<!-- This is what is displayed if cas login has failed -->
<p>Sorry, the CAS login also failed, if you have a local login you may use that below.</p>
[% ELSE %]
If you have a CAS account, you may use that below.
[% END %]
[% ELSE %]
If you have a local account, you may use that below.
[% END %]
</p>
</div>
[% ELSE %]
<h4>Shibboleth Login</h4>
<p>If you have a Shibboleth account,
please <a href="[% shibbolethLoginUrl %]">click here to login</a>.</p>
[% END %]
[% IF ( casAuthentication ) %]
<h4>CAS login</h4>
<p>If you do not have a Shibboleth account, but you do have a CAS account,
[% ELSE %]
<h4>Local login</h4>
<p>If you do not have a Shibboleth account, but you do have a local login, then you may login below:</p>
[% END %]
[% END %]
[% IF ( casAuthentication ) %]
[% IF ( shibbolethAuthentication ) %]
[% IF ( casServerUrl ) %]
please <a href="[% casServerUrl %]">click here to login</a>.<p>
[% END %]
[% IF ( casServersLoop ) %]
please choose against which one you would like to authenticate: </p>
<ul>
[% FOREACH casServer IN casServersLoop %]
<li><a href="[% casServer.value %]">[% casServer.name %]</a></li>
[% END %]
</ul>
[% END %]
[% ELSE %]
<h4>CAS login</h4>
[% IF ( invalidCasLogin ) %]
<!-- This is what is displayed if cas login has failed -->
<p>Sorry, the CAS login failed.</p>
[% END %]
<p>If you have a CAS account,
[% IF ( casServerUrl ) %]
please <a href="[% casServerUrl %]">click here to login</a>.<p>
[% END %]
[% IF ( casServersLoop ) %]
please choose against which one you would like to authenticate: </p>
<ul>
[% FOREACH casServer IN casServersLoop %]
<li><a href="[% casServer.value %]">[% casServer.name %]</a></li>
[% END %]
</ul>
[% END %]
[% END %]
[% IF ( shibbolethAuthentication ) %]
<p>Nothing</p>
[% ELSE %]
<h4>Local login</h4>
<p>If you do not have a CAS account, but do have a local account, you can still log in: </p>
[% END %]
[% END # / IF casAuthentication %]
[% IF ( Koha.Preference('GoogleOpenIDConnect') == 1 ) %]
[% IF ( invalidGoogleOpenIDConnectLogin ) %]
<h4>Google login</h4>
<p>Sorry, your Google login failed. <span class="error">[% invalidGoogleOpenIDConnectLogin %]</span></p>
<p>Please note that the Google login will only work if you are using the e-mail address registered with this library.</p>
<p>If you want to, you can try to <a href="/cgi-bin/koha/svc/auth/googleopenidconnect?reauthenticate=select_account">log in using a different account</a>
[% END %]
<a href="/cgi-bin/koha/svc/auth/googleopenidconnect" class="btn btn-primary" id="openid_connect">Log in with Google</a>
<p>If you don not have a Google account, but do have a local account, you can still l
og in: </p>
[% END %]
<form action="/cgi-bin/koha/opac-user.pl" name="auth" id="auth" method="post">
<input type="hidden" name="koha_login_context" value="opac" />
<fieldset class="brief">
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
[% END %]
<label for="userid">Login</label>
<input type="text" size="25" id="userid" name="userid" />
<label for="password">Password</label><input type="password" size="25" id="password" name="password" />
</fieldset>
<input type="submit" value="Log in" class="btn" />
[% IF Koha.Preference('OpacPasswordChange') && Koha.Preference('OpacResetPassword') %]
<div id="forgotpassword">
<a href="/cgi-bin/koha/opac-password-recovery.pl">Forgot your password?</a>
</div>
[% END %]
<div id="nologininstructions">
[% IF Koha.Preference('NoLoginInstructions') %]
[% Koha.Preference('NoLoginInstructions') %]
[% ELSE %]
<h5>Don't have a password yet?</h5><p> If you don't have a password yet, stop by the circulation desk the next time you're in the library. We'll happily set one up for you.</p>
<h5>Don't have a library card?</h5><p> If you don't have a library card, stop by your local library to sign up.</p>
[% END # / IF Koha.Preference('NoLoginInstructions') %]
[% IF PatronSelfRegistration && PatronSelfRegistrationDefaultCategory %]<span id="registrationinstructions">You may <a href="/cgi-bin/koha/opac-memberentry.pl">register here</a>.</span>[% END %]
</div>
</form>
[% END # / IF loginprompt %]
[% ELSE %]
<h4>Logging on to the catalog has not been enabled by the library.</h4>
<ul>
<li>To report this error, you can <a href="mailto:[% admin %]">email the Koha Administrator</a>.</li>
<li>Use top menu bar to navigate to another part of Koha.</li>
</ul>
[% END # / IF opacuserlogin %]
[% IF persona %]
<p><a href="#" class="persona-button" id="browserid" ><span>Sign in with your Email</span></a></p>
[% END %]
</div> <!-- /.opac-auth -->
</div> <!-- /.span12 -->
</div> <!-- /.row-fluid -->
</div> <!-- /.container-fluid -->
</div> <!-- /.main -->
[% INCLUDE 'opac-bottom.inc' %]
[% BLOCK jsinclude %]
<script type="text/javascript">
//<![CDATA[
// Hide circular 'Log in to Your Account' link in opac-auth.pl
$(document).ready(function() {
if ( $("#auth" ) ) { $("#members ul li a").hide(); }
});
//]]>
</script>
[% END %]
View git blame Copy permalink